Researcher: Zakhar Fedotkin
Websites are increasingly adopting WebSockets for business critical functionality, but security tools have failed to keep up. As a result, WebSocket security testing is so painful that this ever-expanding attack surface is largely overlooked.
WebSocket Turbo Intruder is an open-source solution which makes attacks pain-free with automatic message correlation, timing and content analysis, and battle-tested matching and filtering capabilities. It also enables advanced, multi-step attack sequences thanks to an underlying Python API providing infinite customisability. It seamlessly integrates into Burp Suite, and also runs as a standalone CLI tool - ideal for launching attacks from a high-bandwidth VPS.
Under the hood, it is powered by a high-performance WebSocket engine developed from scratch for security testing, capable of sending tens of thousands of messages per second - perfect for large-scale bruteforce attacks, and triggering race conditions. The custom engine also allows the use of malformed messages, letting you exploit protocol-level implementation flaws, including a modern spin on the classic Ping-of-Death.
You can even scan WebSockets with your existing HTTP scanning tools, thanks to a convenient HTTP adapter. It is time to unlock the WebSocket goldmine.
Researcher: Gareth Heyes
Web app testing is supposed to be fun - until you're neck-deep in tabs, repeating the same payloads, rewriting the same report sections, and wondering what you missed by not trying just one more thing. In this session, I'll bring the fun back by sharing tools that quietly transform manual testing into something smarter - and showing you how to build your own.
I've spent the last year experimenting with AI tool development to amplify my hacking efforts, building four open-source extensions: Shadow Repeater, Document My Pentest, AI Hackvertor, and Repeat Strike. While you're hacking, these tools hack harder.
I'll share what worked, what didn't, what broke completely, and the tricks I wish I knew when I started. If you're thinking of gluing AI into your own hacking workflow - or just want to see what's possible now - this talk's for you.
Researcher: Zakhar Fedotkin
Cookies were never meant to be secure. Bolted awkwardly onto HTTP, they have long been a source of confusion, inconsistency, and catastrophic vulnerabilities. Despite countless RFC fixes, things still fall apart.
In this talk, I will uncover how fundamental flaws in cookie parsing continue to enable real-world bypasses of core security mechanisms. I will introduce previously unpublished techniques and new classes of cookie-based attacks that exploit discrepancies between client-side and server-side interpretations - allowing attackers to compromise session integrity at scale.
To wrap up, I will release an open-source toolkit to help security researchers detect and exploit these flaws in the wild.
If you think you know cookies, think again. This talk will uncover the most subtle RFC flaws.
Researcher: Gareth Heyes
Conferences: PortSwigger Discord, 07 Nov 2024
Researcher: Gareth Heyes
Conferences: DEF CON 32, 11 Aug 2024 | Black Hat USA 2024, 07 Aug 2024
Researcher: James Kettle
Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024
Researcher: Martin Doyhenard
Conferences: DEF CON 32, 09 Aug 2024 | Black Hat USA 2024, 07 Aug 2024
Researcher: James Kettle
Conferences: Nullcon Goa 2023, 23 Sept 2023 | DEF CON 31, 12 Aug 2023 | Black Hat USA 2023, 09 Aug 2023
Researcher: Gareth Heyes
Conferences: Nullcon Berlin 2023, 09 Mar 2023 | OWASP 2023 Global AppSec Dublin, 15 Feb 2023
Researcher: James Kettle
Conferences: DEF CON 30, 12 Aug 2022 | Black Hat USA 2022, 10 Aug 2022
Researcher: James Kettle
Conferences: Nullcon Berlin, 08 Apr 2022
Researcher: James Kettle
Conferences: Black Hat Europe, 10 Nov 2021 | DEF CON 29, 06 Aug 2021 | Black Hat USA, 05 Aug 2021
Researcher: James Kettle
Conferences: Black Hat Europe 2020, 10 Dec 2020
Researcher: Gareth Heyes
Conferences: Black Hat Europe 2020, 10 Dec 2020
Researcher: James Kettle
Conferences: Black Hat USA 2020, 05 Aug 2020
Researcher: Gareth Heyes
Conferences: Global AppSec Allstars, 26 Sept 2019
Researcher: James Kettle
Conferences: Black Hat USA 2019, 07 Aug 2019
Researcher: James Kettle
Conferences: LevelUp 0x03, 25 Jan 2019
Researcher: James Kettle
Conferences: Black Hat USA 2018, 09 Aug 2018
Researcher: Gareth Heyes
Conferences: AppSec Europe, 06 Jul 2018
Researcher: Gareth Heyes
Conferences: BSides Manchester, 17 Nov 2017
Researcher: James Kettle
Conferences: Black Hat USA 2017, 27 Jul 2017
Researcher: James Kettle
Conferences: OWASP AppSec EU 2017, 12 May 2017
Researcher: James Kettle
Conferences: Black Hat Europe 2016, 05 Dec 2016
Researcher: Gareth Heyes
Conferences: OWASP London , 24 Nov 2016
Researcher: James Kettle
Conferences: 44Con 2015, 15 Sept 2015
Researcher: James Kettle
Conferences: Black Hat USA 2015, 05 Aug 2015