//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
Profile
Loading...
About me? | Website: https://mizu.re | Tool: https://github.com/kevin-mizu/domloggerpp | Teams: @rhackgondins, @FlatNetworkOrg, @ECSC_TeamFrance | From: https://twitter.com/kevin_mizu
Kévin Gervot (Mizu)
Loading...
🚀New plugin in the Caido Store! Introducing "DOMLogger++" by @mizu.re Track DOM-based flows to see how user input reaches sensitive browser APIs, with data captured by the browser extension. Check out more details: github.com/kevin-mizu/d...
The #FCSC2026 ended today, and my write-ups are now available here: mizu.re/post/fcsc-20... 🚩 I'm really happy with the challenges I managed to create this year! It would be too long to list everything, so here's a little teaser below 👇 1/2
All the other challenge write-ups (not just web) are available in the #writeup channel of the CTF Discord server: discord.gg/rwZY6hh8z8 Btw, all the challenges have also been (will be) added to hackropole.fr! 🚩 2/2
Small teaser for Caido users :) 2/2
I'm happy to release the first version of my DOMLogger++ plugin for @caido.io! 🔎 It improves the browser extension in several ways: • Persistent, per-project storage • Temporary session recording • AI support • Stack trace reconstitution • ... 👉 github.com/kevin-mizu/d...
A quick update has been made to DOMLogger++ to add / update a few things. It's not a big deal, but it should allow interesting stuff to be done :) It should be available on the stores in the coming hours.
My first post for the @ctbbpodcast.bsky.social Research Lab is live. Super excited to be part of this team, can't wait to see what crazy research is gonna come from this! lab.ctbb.show/research/Exp...
For the @ASIS_CTF, I created a challenge based on an interesting (novel?) DOM Clobbering technique! 🚩 In short, in non-strict mode, HTMLCollection items are not writable. This blocks property assignment, allowing unexpected values to be created 😄 👉 mizu.re/post/under-t...
DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 github.com/kevin-mizu/d... 1/2
We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...