[0x3C6E6F7363726970743E] - The Virtual Meet

[0x3C6E6F7363726970743E] - The Virtual Meet

As it's drawing to a close, together, we look back on a challenging, nonetheless successful year for all of us. Amid the upheaval, we survived through lockdowns, shifted abruptly to remote, and kept wondering when it might all return to normal. There are plenty of unknown questions, but one thing there's no doubt about is that the way we interact and create might never be the same. Thus, we keep striving to mitigate the distance and reimagine everything about how we connect.

Up to this point, the community has been strengthened by unique opportunities to learn with the very best in the field, and this time will be no different, except for one-minute detail. This will be one of those rare occasions that you will have the privilege of meeting an absolute Web Security World legend. Get ready to be starstruck because we are excited and proud to announce that we have the honor and pleasure to have Dr.-Ing. Mario Heiderich among us to dive into the crazy world of Mutation XSS.

In case you have been stranded on the far side of the galaxy, you should know that Mario is the founder of Cure53 (https://cure53.de/)* and one of the most influential security researchers on the web. On his research journeys, he managed to show: why IE was one of the greatest browsers that ever existed, subvert some JS frameworks logic to his advantage (AngularJS wink wink), demonstrate how difficult it is to sanitize user input safely** and why scripts are so overrated, i.e., stealing the pie without touching the sill. Bottom line, we can only thank him for making the web a safer place at the end of his compelling adventures.

It is self-explanatory why you should not miss the last meetup of the year. We are bidding farewell to 2021 in style, and you are more than welcome to join us at this great gathering.

In the meantime, you can join our Slack chat (https://join.slack.com/t/0xmadlabs/shared_invite/zt-w9zvp96c-orETMoj71yGdBMEpYT4PeQ) to discuss all kinds of hackish stuff and, of course, interact with other members.

Hope to see you soon!

• If their work doesn't ring a bell, you most probably need some guidance, but it's never too late to dig in and feast on their epic pwnages and research work.
  ** Have a look at the DOM Purify project.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

• "mXSS in 2021 - One long solved problem?" (EN) by Dr.-Ing. Mario Heiderich
  Note: And the usual challenge write-up.

[Challenge]

Last Christmas, I gave you my leaks
But the very next day, you gave it away
This year, to save me from tears
I'll give you a special challenge

URL: http://xmas2021.sefod.eu/

Ping (@)zezadas w/ the flag(s) and get help on the usual channel #ch4llenges