Research Recording - To be released Despite HTTP Request Tunnelling’s resurgence in recent years with the advent of HTTP/2 Desync Attacks, its much bolder big brother HTTP Request Smuggling has s...

Research Exploiting CORS can be a tricky in modern web apps, but there are still critical cases out there if you know what to look for. If you want to learn more about CORS exploitation, the resea...

Recording This presentation was released at the first ever BSides Exeter! Are you a new or aspiring penetration tester attempting to navigate the seemingly endless stream of complex new informati...

Write-up In this blog post, my colleagues at Outpost24 and I walkthrough some of the wilder Cross-Site Scripting attacks we’ve managed to conceive recently, and highlight the importance of conside...

Web Cache Deception, first discovered (I think…) here, is a rare attack class that enables an attacker to trick users into storing sensitive information in a server-side cache for later retrieval. ...

Original Blog Post Webinar In this blog I discuss the advantages of Penetration Testing as a Service and how a hybrid approach to Application Security, utilizing automated vulnearbility scanning ...

Write-up In this blog (linked above) I walkthrough one of the most complex exploits I have created to-date resulting in application-wide session hijacking via HTTP Request Smuggling. The exploit a...

Write-up Webinar In this blog (linked above) I explain how I used param-miner to discover a critical privilege escalation vulnerability in Azure’s API Management Developer Portal. This was my fir...