Javascript

The 3rd Annual Binary Golf Grand Prix (BGGP3) is to find the smallest file which will crash a specific program.

Recently I stumbled across a thread on Reddit r/AskNetsec Now, without looking at the post: What do you think the answers looked like?

Last week a friend of mine asked me to debug/RE some phishing emails that had been sent to them. These phishing emails were visually very clever and looked identical to the real site! But as I looked at the javascript I frankly became embarassed for the developer. Sure, they’d run the code through an obfuscation engine and added some basic anti-debug tricks, but that’s nothing you can’t defeat with AST and proxying function calls.

In early 2017, @ericlaw wrote a blog post titled The Line of Death. The general premise is that there is some inherent user trust of any content that appears above the browser window and that considerations must be taken to ensure that browsers can not be manipulated to easily betray this trust.