Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Talks

There are no upcoming talks at this time.

Previous

Splitting the email atom: exploiting parsers to bypass access controls

Researcher: Gareth Heyes

Conferences: DEF CON 32, 11 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Listen to the Whispers: Web Timing Attacks that Actually Work

Researcher: James Kettle

Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Gotta Cache Em All: Bending the Rules of Web Cache Exploitation

Researcher: Martin Doyhenard

Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024

Smashing the State Machine: The True Potential of Web Race Conditions

Researcher: James Kettle

Conferences: Nullcon Goa 2023, 23 Sep 2023 | DEF CON 31, 12 Aug 2023 | Black Hat USA 2023, 09 Aug 2023

Server Side Prototype Pollution: Blackbox detection without the DoS

Researcher: Gareth Heyes

Conferences: Nullcon Berlin 2023, 09 Mar 2023 | OWASP 2023 Global AppSec Dublin, 15 Feb 2023

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Researcher: James Kettle

Conferences: DEF CON 30, 12 Aug 2022 | Black Hat USA 2022, 10 Aug 2022

Hunting evasive vulnerabilities: finding flaws that others miss

Researcher: James Kettle

Conferences: Nullcon Berlin, 08 Apr 2022

HTTP/2: The Sequel is Always Worse

Researcher: James Kettle

Conferences: Black Hat Europe, 10 Nov 2021 | DEF CON 29, 06 Aug 2021 | Black Hat USA, 05 Aug 2021

Black Hat Europe Locknote: Conclusions and Key Takeaways

Researcher: James Kettle

Conferences: Black Hat Europe 2020, 10 Dec 2020

Portable Data exFiltration: XSS for PDFs

Researcher: Gareth Heyes

Conferences: Black Hat Europe 2020, 10 Dec 2020

Web Cache Entanglement: Novel Pathways to Poisoning

Researcher: James Kettle

Conferences: Black Hat USA 2020, 05 Aug 2020

XSS Magic Tricks

Researcher: Gareth Heyes

Conferences: Global AppSec Allstars, 26 Sep 2019

HTTP Desync Attacks: Smashing into the Cell Next Door

Researcher: James Kettle

Conferences: Black Hat USA 2019, 07 Aug 2019

Turbo Intruder: Embracing the billion-request attack

Researcher: James Kettle

Conferences: LevelUp 0x03, 25 Jan 2019

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Researcher: James Kettle

Conferences: Black Hat USA 2018, 09 Aug 2018

Exploiting Unknown Browsers and Objects

Researcher: Gareth Heyes

Conferences: AppSec Europe, 06 Jul 2018

DOM based AngularJS Sandbox Escapes

Researcher: Gareth Heyes

Conferences: BSides Manchester, 17 Nov 2017

Cracking the Lens: Targeting HTTP's Hidden Attack-Surface

Researcher: James Kettle

Conferences: Black Hat USA 2017, 27 Jul 2017

Exploiting CORS Misconfigurations for Bitcoins and Bounties

Researcher: James Kettle

Conferences: OWASP AppSec EU 2017, 12 May 2017

Backslash Powered Scanner: Automating Human Intuition

Researcher: James Kettle

Conferences: Black Hat Europe 2016, 05 Dec 2016

JSON Hijacking for the Modern Web

Researcher: Gareth Heyes

Conferences: OWASP London , 24 Nov 2016

Hunting Asynchronous Vulnerabilities

Researcher: James Kettle

Conferences: 44Con 2015, 15 Sep 2015

Server-Side Template Injection

Researcher: James Kettle

Conferences: Black Hat USA 2015, 05 Aug 2015