BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Listen to the whispers: web timing attacks that actu
 ally work\n   When: Friday\, Aug 9\, 11:30 - 12:15 PDT\n   Where: LVCC Wes
 t/Floor 1/Hall 1/Track 3 - [1]Map\n\n   Description:\n\n   Websites are ri
 ddled with timing oracles eager to divulge their\n   innermost secrets. It
 's time we started listening to them.\n\n   In this session\, I'll unleash
  novel attack concepts to coax out server\n   secrets including masked mis
 configurations\, blind data-structure\n   injection\, hidden routes to for
 bidden areas\, and a vast expanse of\n   invisible attack-surface.\n\n   T
 his is not a theoretical threat\; every technique will be illustrated\n   
 with multiple real-world case studies on diverse targets.\n   Unprecedente
 d advances have made these attacks both accurate and\n   efficient\; in th
 e space of ten seconds you can now reliably detect a\n   sub-millisecond d
 ifferential with no prior configuration or 'lab\n   conditions' required. 
 In other words\, I'm going to share timing\n   attacks you can actually us
 e.\n\n   To help\, I'll equip you with a suite of battle-tested open-sourc
 e\n   tools enabling both hands-free automated exploitation\, and custom\n
    attack scripting. I'll also share a little CTF to help you hone your\n 
   new skillset.\n\n   Want to take things further? I'll help you transform
  your own attack\n   ideas from theory to reality\, by sharing a methodolo
 gy refined through\n   testing countless concepts on thousands of websites
 . We've neglected\n   this omnipresent and incredibly powerful side-channe
 l for too long.\n\n     * [2]link\n\n     * [3]link\n\n   SpeakerBio:  Jam
 es "albinowax" Kettle\, Director of Research at\n   PortSwigger\n\n   Jame
 s 'albinowax' Kettle is the Director of Research at PortSwigger\,\n   the 
 makers of Burp Suite. He's best known for his HTTP Desync Attacks\n   rese
 arch\, which popularised HTTP Request Smuggling. James has\n   extensive e
 xperience cultivating novel attack techniques\, including\n   web cache po
 isoning\, browser-powered desync attacks\, server-side\n   template inject
 ion\, and password reset poisoning. James is also the\n   author of multip
 le popular open-source tools including Param Miner\,\n   Turbo Intruder\, 
 and HTTP Request Smuggler. He is a frequent speaker at\n   numerous presti
 gious venues including both Black Hat USA and EU\, OWASP\n   AppSec USA an
 d EU\, and DEF CON.\n\n   '\n\n   1. #LVCCW_Level1_Hall1\n   2. https://ww
 w.usenix.org/conference/usenixsecurity20/presentation/van-goethem\n   3. h
 ttps://portswigger.net/research/smashing-the-state-machine\n\n\n
DTEND:20240809T191500Z
DTSTART:20240809T183000Z
LOCATION:DC - LVCC West/Floor 1/Hall 1/Track 3
SUMMARY:Listen to the whispers: web timing attacks that actually work
END:VEVENT
END:VCALENDAR