research - arxenix's blog

research

A collection of 4 posts

Overlong Sec-Required-CSP header: CVE-2021-37989

Overlong Sec-Required-CSP header: CVE-2021-37989

abusing long http headers for cache probing

The Closed Shadow DOM

The Closed Shadow DOM

a bit of research on security of the shadow DOM

Detecting uBlock origin via a timing side-channel

chrome extensions are bad, use firefox

Showcasing the Importance of Secure Defaults with a PyYAML 0day

Bypassing PyYAML filtering and getting a CVE (2020-14343)