Inlay

ProfilePosts

My first post for the @ctbbpodcast.bsky.social Research Lab is live. Super excited to be part of this team, can't wait to see what crazy research is gonna come from this! lab.ctbb.show/research/Exp...

🚀New plugin in the Caido Store! Introducing "DOMLogger++" by @mizu.re Track DOM-based flows to see how user input reaches sensitive browser APIs, with data captured by the browser extension. Check out more details: github.com/kevin-mizu/d...

The #FCSC2026 ended today, and my write-ups are now available here: mizu.re/post/fcsc-20... 🚩 I'm really happy with the challenges I managed to create this year! It would be too long to list everything, so here's a little teaser below 👇 1/2

We've just published a novel technique to bypass the __Host and __Secure cookie flags, to achieve maximum impact for your cookie injection findings: portswigger.net/research/coo...

9mo

1mo

2mo

Video

9mo

A quick update has been made to DOMLogger++ to add / update a few things. It's not a big deal, but it should allow interesting stuff to be done :) It should be available on the stores in the coming hours.

For the @ASIS_CTF, I created a challenge based on an interesting (novel?) DOM Clobbering technique! 🚩 In short, in non-strict mode, HTMLCollection items are not writable. This blocks property assignment, allowing unexpected values to be created 😄 👉 mizu.re/post/under-t...

Small teaser for Caido users :) 2/2

Ways to turn XSS in a Web Worker into full XSS, covering known tricks and a new generic exploit using Blob URLs with the Drag and Drop API

lab.ctbb.show

Exploiting Web Worker XSS with Blobs

All the other challenge write-ups (not just web) are available in the #writeup channel of the CTF Discord server: discord.gg/rwZY6hh8z8 Btw, all the challenges have also been (will be) added to hackropole.fr! 🚩 2/2

DOMLogger++ v1.0.9 is now out and available! 🎉 This update fixes a lot of issues, including the historical DevTools bug on Chromium 🔥 It also brings full Caido session handling, which is going to be useful in the near future! 👀 👉 github.com/kevin-mizu/d... 1/2

I'm happy to release the first version of my DOMLogger++ plugin for @caido.io! 🔎 It improves the browser extension in several ways: • Persistent, per-project storage • Temporary session recording • AI support • Stack trace reconstitution • ... 👉 github.com/kevin-mizu/d...