James 'albinowax' Kettle

Past presentations

• DEF CON 30 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smugling
• Black hat USA 2022 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smugling
• NULLCON Berlin 2022 KEYNOTE - Hunting evasive vulnerabilities: finding flaws that others miss
• BlackHat EU 2021 - HTTP/2: The Sequel is Always Worse (in-person)
• DEF CON 29 - HTTP/2: The Sequel is Always Worse
• BlackHat USA 2021 - HTTP/2: The Sequel is Always Worse
• BlackHat USA 2020 - Web Cache Entanglement: Novel Pathways to Poisoning
• BlackHat EU 2019 - HTTP Desync Attacks: Request Smuggling Reborn
• OWASP Global AppSec - HTTP Desync Attacks: Request Smuggling Reborn
• DEF CON 27 - HTTP Desync Attacks: Smashing into the Cell Next Door
• BlackHat USA 2019 - HTTP Desync Attacks: Smashing into the Cell Next Door
• ekoparty 2018 - Practical Web Cache Poisoning: Redefining 'Unexploitable' (updated)
• BlackHat USA 2018 - Practical Web Cache Poisoning: Redefining 'Unexploitable'
• BlackHat USA 2017 - Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
• PHDays 7 - Backslash Powered Scanner: Automating Human Intuition
• NorthSec 2017 - Backslash Powered Scanner: Automating Human Intuition
• AppSec EU 2017 - Exploiting CORS Misconfigurations for Bitcoins and Bounties
• AppSec USA 2016 - Exploiting CORS Misconfigurations for Bitcoins and Bounties
• BlackHat EU 2016 - Backslash Powered Scanner: Hunting Unknown Vulnerabilities
• 44Con 2015 - Hunting Asynchronous Vulnerabilities
• BlackHat USA 2015 - Server-Side Template Injection: RCE for the Modern Web App
• OWASP AppSec EU 2014 - ActiveScan++: Augmenting manual testing with attack proxy plugins
• ...and BSides Manchester every year since it started in 2014