A couple of weeks ago I put up a small challenge for a specific XSS problem, called Twins of Ten. The idea was to find a payload that was limited to ten characters, these characters would repeat once and you could expand it to how many pairs you wanted. The challenge was to both find the shortest payload but also find a way around the XSS Auditor inside Chrome / Safari.
Earlier this year I spent some days approaching Google as a target for some research. There was a long time since last time and I actually lost my 0x07 in their Security Hall of Fame. Some really great people took my spot, so it wasn’t that bad after all. Anyway, I wanted to share some funny techniques that I found to be really useful, you might already know about them – but with hindsight – not everyone seems to.