HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges

HTTP Request Smuggling (AKA HTTP Desyncing) is an attack technique invented in 2005 that exploits different interpretations of a stream non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests. By Amit Klein Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefi...

albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
▶︎

albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference

Portswigger Web Academy - HTTP Request Smuggling - Explanation & Lab Walkthrough
▶︎

Portswigger Web Academy - HTTP Request Smuggling - Explanation & Lab Walkthrough

Demigod: The Art of Emulating Kernel Rootkits
▶︎

Demigod: The Art of Emulating Kernel Rootkits

DEF CON 30 - James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
▶︎

DEF CON 30 - James Kettle - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026
▶︎

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

HTTP Request Smuggling Explained (with James Kettle)
▶︎

HTTP Request Smuggling Explained (with James Kettle)

HTTP 1 1 Must DIE   @albinowax James Kettle Defcon 33 talk
▶︎

HTTP 1 1 Must DIE @albinowax James Kettle Defcon 33 talk

JANITOR vs THE BIGGEST GUYS IN THE GYM. They Didn’t Expect THAT
▶︎

JANITOR vs THE BIGGEST GUYS IN THE GYM. They Didn’t Expect THAT

HTTP Request Smuggling Attack Explained // Untangling the HTTP Desync Attack
▶︎

HTTP Request Smuggling Attack Explained // Untangling the HTTP Desync Attack

The World's Most Important Machine
▶︎

The World's Most Important Machine

Lateral Movement & Privilege Escalation in GCP; Compromise Organizations without Dropping an Implant
▶︎

Lateral Movement & Privilege Escalation in GCP; Compromise Organizations without Dropping an Implant

System Design Course – APIs, Databases, Caching, CDNs, Load Balancing & Production Infra
▶︎

System Design Course – APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

Web App Pentesting - HTTP Headers & Methods
▶︎

Web App Pentesting - HTTP Headers & Methods

HTTP Security Headers In Action - Sven Morgenroth - PSW #652
▶︎

HTTP Security Headers In Action - Sven Morgenroth - PSW #652

Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020
▶︎

Practical Attacks Using HTTP Request Smuggling by @defparam #NahamCon2020

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Do VPNs Really Protect Privacy? Data & Cybersecurity Insights
▶︎

Do VPNs Really Protect Privacy? Data & Cybersecurity Insights

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)
▶︎

Cybersecurity Architecture: Five Principles to Follow (and One to Avoid)

HTTP Desync Attacks: Request Smuggling Reborn
▶︎

HTTP Desync Attacks: Request Smuggling Reborn

Lab: HTTP request smuggling, basic TE.CL vulnerability
▶︎

Lab: HTTP request smuggling, basic TE.CL vulnerability