James Kettle / albinowax

James 'albinowax' Kettle is the Director of Research at PortSwigger - he's best known for his HTTP Desync Attacks research, which popularized HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, HTTP/2 desync attacks, Server-Side Template Injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.

• @albinowax
• Dynamic Presentation Playlist

Presentations:

• 2022-08-12 15:30 - DEF CON 30 (2022) - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling   as James Kettle
• 2022-08-10 10:20 - Black Hat USA 2022 - Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling   as James Kettle
• 2021-11-11 16:20 - Black Hat Europe 2021 - Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021   as James Kettle
• 2021-11-10 10:20 - Black Hat Europe 2021 - HTTP/2: The Sequel is Always Worse   as James Kettle
• 2021-08-06 10:00 - DEF CON 29 (2021) - HTTP/2: The Sequel is Always Worse   as James Kettle
• 2021-08-05 13:30 - Black Hat USA 2021 - HTTP/2: The Sequel is Always Worse   as James Kettle
• 2020-12-10 15:20 - Black Hat Europe 2020 Virtual - Locknote: Conclusions and Key Takeaways from Day 2   as James Kettle
• 2020-08-05 11:00 - Black Hat USA 2020 Virtual - Web Cache Entanglement: Novel Pathways to Poisoning   as James Kettle
• 2019-12-04 14:30 - Black Hat Europe 2019 - HTTP Desync Attacks: Request Smuggling Reborn   as James Kettle
• 2019-08-11 12:00 - DEF CON 27 (2019) - HTTP Desync Attacks: Smashing into the Cell Next Door   as albinowax
• 2019-08-07 13:30 - Black Hat USA 2019 - HTTP Desync Attacks: Smashing into the Cell Next Door   as James Kettle
• 2018-09-27 17:40 - ekoparty 14 (2018) - Practical Web Cache Poisoning: Redefining "Unexploitable"   as James Kettle
• 2018-08-09 15:50 - Black Hat USA 2018 - Practical Web Cache Poisoning: Redefining 'Unexploitable'   as James Kettle
• 2017-07-26 16:00 - Black Hat USA 2017 - Cracking the Lens: Targeting HTTP's Hidden Attack-Surface   as James Kettle
• 2016-11-04 09:30 - Black Hat Europe 2016 - Backslash Powered Scanning: Hunting Unknown Vulnerability Classes   as James Kettle
• 2016-10-14 10:45 - AppSec USA 2016 - Exploiting CORS Misconfigurations for Bitcoins and Bounties   as James Kettle
• 2015-08-05 10:20 - Black Hat USA 2015 - Server-Side Template Injection: RCE for the Modern Web App   as James Kettle
• ????-??-?? ??:?? - NorthSec 2017 - Backslash Powered Scanning: Implementing Human Intuition   as James Kettle

Copresenters:

• Daniel Cuthbert
  • 2021-11-11 16:20 - Black Hat Europe 2021 - Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021
  • 2020-12-10 15:20 - Black Hat Europe 2020 Virtual - Locknote: Conclusions and Key Takeaways from Day 2
• Marina Krotofil
  • 2021-11-11 16:20 - Black Hat Europe 2021 - Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021
  • 2020-12-10 15:20 - Black Hat Europe 2020 Virtual - Locknote: Conclusions and Key Takeaways from Day 2
• Thomas Brandstetter
  • 2021-11-11 16:20 - Black Hat Europe 2021 - Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021
• Meadow Ellis
  • 2021-11-11 16:20 - Black Hat Europe 2021 - Locknote: Conclusions and Key Takeaways from Black Hat Europe 2021
• Leigh-Anne Galloway
  • 2020-12-10 15:20 - Black Hat Europe 2020 Virtual - Locknote: Conclusions and Key Takeaways from Day 2