Krzysztof Kotowicz

Krzysztof Kotowicz is a web security researcher specialising in discovery and exploitation of client-side vulnerabilities, and a software engineer in the Information Security Engineering team at Google. Speaker at various security conferences (ACM CCS 2017, Black Hat USA 2017, Owasp AppSec EU 2017, Nullcon 2016, Owasp AppSec Europe 2013, Black Hat USA 2012), member of the Google Vulnerability Reward Program panel, author of various web security attack techniques & security tools. Previously an avid fan of XSS, now he just wants to get rid of that security bug - once and for all.

• Dynamic Presentation Playlist

Presentations:

• 2019-04-17 13:45 - LocoMocoSec 2019 - Trusted types & the end of DOM XSS
• 2017-07-27 11:00 - Black Hat USA 2017 - Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
• ????-??-?? ??:?? - Black Hat USA 2012 - Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil

Copresenters:

• Sebastian Lekies
  • 2017-07-27 11:00 - Black Hat USA 2017 - Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
• Eduardo Vela
  • 2017-07-27 11:00 - Black Hat USA 2017 - Don't Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
• Kyle Osborn / Kos
  • ????-??-?? ??:?? - Black Hat USA 2012 - Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil   as Kyle Osborn