BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Browser-Powered Desync Attacks: A New Frontier in HT
 TP Request\n   Smuggling\n   When: Friday\, Aug 12\, 15:30 - 16:15 PDT\n  
  Where: Caesars Forum - Alliance 301-309\, 321 (Track 4) - [1]Map\n\n   Sp
 eakerBio:James Kettle \, Director of Research\, PortSwigger\n   James 'alb
 inowax' Kettle is the Director of Research at PortSwigger -\n   he's best 
 known for his HTTP Desync Attacks research\, which\n   popularized HTTP Re
 quest Smuggling. James has extensive experience\n   cultivating novel atta
 ck techniques\, including web cache poisoning\,\n   HTTP/2 desync attacks\
 , Server-Side Template Injection\, and password\n   reset poisoning. James
  is also the author of multiple popular\n   open-source tools including Pa
 ram Miner\, Turbo Intruder\, and HTTP\n   Request Smuggler. He is a freque
 nt speaker at numerous prestigious\n   venues including both Black Hat USA
  and EU\, OWASP AppSec USA and EU\,\n   and DEF CON.\n   Twitter: [2]@albi
 nowax\n\n   Description:\n   The recent rise of HTTP Request Smuggling has
  seen a flood of critical\n   findings enabling near-complete compromise o
 f numerous major websites.\n   However\, the threat has been confined to a
 ttacker-accessible systems\n   with a reverse proxy front-end... until now
 .\n\n   In this session\, I'll show you how to turn your victim's web brow
 ser\n   into a desync delivery platform\, shifting the request smuggling\n
    frontier by exposing single-server websites and internal networks.\n   
 You'll learn how to combine cross-domain requests with server flaws to\n  
  poison browser connection pools\, install backdoors\, and release desync\
 n   worms. With these techniques I'll compromise targets including Apache\
 ,\n   Akamai\, Varnish\, Amazon\, and multiple web VPNs.\n\n   While some 
 classic desync gadgets can be adapted\, other scenarios\n   force extreme 
 innovation. To help\, I'll share a battle-tested\n   methodology combining
  browser features and custom open-source tooling.\n   We'll also release f
 ree online labs to help hone your new skillset.\n\n   I'll also share the 
 research journey\, uncovering a strategy for\n   black-box analysis that s
 olved several long-standing desync obstacles\n   and unveiled an extremely
  effective novel desync trigger. The\n   resulting fallout will encompass 
 client-side\, server-side\, and even\n   MITM attacks\; to wrap up\, I'll 
 live-demo breaking HTTPS on Apache.\n\n   '\n\n   1. https://defcon.outel.
 org/consolidated_page.html#CaesarsAllianceBR\n   2. https://twitter.com/al
 binowax\n\n\n
DTEND:20220812T231500Z
DTSTART:20220812T223000Z
LOCATION:DC - Caesars Forum - Alliance 301-309\, 321 (Track 4)
SUMMARY:Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smug
 gling
END:VEVENT
END:VCALENDAR