BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Smashing the state machine: the true potential of we
 b race\n   conditions\n   When: Saturday\, Aug 12\, 09:00 - 09:45 PDT\n   
 Where: Caesars Forum - Forum - 109-119\, 138-139 - Track 2 - [1]Map\n\n   
 SpeakerBio:James "albinowax" Kettle \, Director of Research at\n   PortSwi
 gger\n   James 'albinowax' Kettle is the Director of Research at PortSwigg
 er\,\n   the makers of Burp Suite. He's best known for his HTTP Desync Att
 acks\n   research\, which popularised HTTP Request Smuggling. James has\n 
   extensive experience cultivating novel attack techniques\, including\n  
  web cache poisoning\, browser-powered desync attacks\, server-side\n   te
 mplate injection\, and password reset poisoning.\n\n   James is also the a
 uthor of multiple popular open-source tools\n   including Param Miner\, Tu
 rbo Intruder\, and HTTP Request Smuggler. He\n   is a frequent speaker at 
 numerous prestigious venues including both\n   Black Hat USA and EU\, OWAS
 P AppSec USA and EU\, and DEF CON.\n\n   Twitter: [2]@albinowax\n\n   Desc
 ription:\n   For too long\, web race-condition attacks have focused on a t
 iny\n   handful of scenarios. Their true potential has been masked thanks 
 to\n   tricky workflows\, missing tooling\, and simple network jitter hidi
 ng\n   all but the most trivial\, obvious examples. In this session\, I'll
 \n   introduce multiple new classes of race condition that go far beyond\n
    the limit-overrun exploits you're probably already familiar with.\n\n  
  Inside every website lurks a state machine: a delicately balanced\n   sys
 tem of states and transitions that each user\, session\, and object\n   ca
 n flow through. I'll show how to fire salvos of conflicting inputs\n   at 
 high-profile websites to make state machines collapse\, enabling you\n   t
 o forge trusted data\, misroute tokens\, and mask backdoors.\n\n   To hand
 le this explosion of attack surface\, I'll share a polished\n   methodolog
 y designed to help you eke out subtle tell-tale clues and\n   scent blood 
 long before sacrificing anything to the RNG gods. I've\n   also taken lore
  amassed over years of research into HTTP Desync\n   Attacks and developed
  a strategy that can squeeze 30 requests sent\n   from Melbourne to Dublin
  into a sub-1ms execution window. Alongside\n   the open source tool\, we'
 ll also release free online labs so you can\n   try out your new skillset 
 immediately.\n\n   '\n\n   1. #CaesarsForumBR\n   2. https://twitter.com/a
 lbinowax\n\n\n
DTEND:20230812T164500Z
DTSTART:20230812T160000Z
LOCATION:DC - Caesars Forum - Forum - 109-119\, 138-139 - Track 2
SUMMARY:Smashing the state machine: the true potential of web race conditio
 ns
END:VEVENT
END:VCALENDAR