Paul Gerste
Paul is a vulnerability researcher at Sonar. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing and organizing CTFs with team FluxFingers.
Session
"Erm, actually CSS is not a programming language! ☝️🤓"
If that was your first reaction to this title, then you should definitely come and see what modern CSS has to offer for web attackers! If you stop pursuing XSS vulnerabilities when you see a sanitizer, then you're missing out on the power of CSS. Using Scriptless Attacks, you will learn how to turn unexploitable HTML Injections into impactful findings with just CSS and HTML.