HTTP Desync Attacks: Request Smuggling Reborn
HTTP requests are traditionally viewed as isolated, standalone entities. In this session, I'll introduce techniques for remote, unauthenticated attackers to smash through this isolation and splice their requests into others, through which I was able to play puppeteer with the web infrastructure of numerous commercial and military systems, rain exploits on their visitors, and harvest over $70k in bug bounties. By James Kettle Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...
▶︎
DEF CON 31 - Smashing the State Machine the True Potential of Web Race Conditions - James Kettle
▶︎
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
▶︎
Attacking AI - Jason Haddix - NDC Security 2026
▶︎
HTTP Request Smuggling Attack Explained // Untangling the HTTP Desync Attack
▶︎
albinowax - HTTP Desync Attacks: Smashing into the Cell Next Door - DEF CON 27 Conference
▶︎
HTTP Request Smuggling - False Positives
▶︎
HTTP/2: The Sequel is Always Worse
▶︎
k20 - Attacking Secondary Contexts in Web Applications - Sam Curry
▶︎
How The FBI Finds Your REAL IP Address
▶︎
HTTP Desync Attacks: Smashing Into The Cell Next Door - James Kettle
▶︎
Request smuggling - do more than running tools! HTTP Request smuggling bug bounty case study
▶︎
HTTP/2: The Sequel is Always Worse - James Kettle (albinowax)
▶︎
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
▶︎
Cracking the Lens: Targeting HTTP's Hidden Attack-Surface
▶︎
Turbo Intruder: Abusing HTTP Misfeatures to Accelerate Attacks by James Kettle
▶︎
Implementing the Lessons Learned From a Major Cyber Attack
▶︎
HTTP Request Smuggling All-in-One
▶︎
Vladan Nikolić: Car hacking for intermediate beginners
▶︎
Detecting Malicious Files with YARA Rules as They Traverse the Network
▶︎