That triage journey is not pretty
I'm delighted to announce that I'll be presenting: "Splitting the email atom: exploiting parsers to bypass access controls" at Blackhat USA Check out the abstract for more details: www.blackhat.com/us-24/briefi...
Black Hat USA 2024
I'm thrilled to announce "Listen to the whispers: web timing attacks that actually work" will premiere at Black Hat USA! After nine months of running bulk timing attacks on thousands of live sites, I've got a lot to share! Check out the abstract here: www.blackhat.com/us-24/briefi...
Black Hat USA 2024
We've just published "Making desync attacks easy with TRACE" by new PortSwigger Research member Martin Doyenhard! portswigger.net/research/tra...
Yeah, I didn't explore the DoS angle much but it's definitely there, especially with the ability to overrun rate-limits and weak locking systems
Just submitted my talk proposal to Black Hat USA! This year I went all-in on a risky topic, and landed a beautiful range of findings from 'practical' to 'aspirational' :)
Watch my talk on Blind CSS Exfiltration, an innovative blind attack technique designed to extract data from web pages through CSS. www.youtube.com/watch?v=3WjD...
This talk delves into a new hacking attack class of Blind CSS Exfiltration! A method to extract data using pure CSS from unknown web pages even when executin...
Voting is now live for the Top ten web hacking techniques of 2023! Make a brew, browse the nominations, and cast your vote here: portswigger.net/polls/top-10...
We've just launched a new topic on Web LLM Attacks! If you've never exploited indirect prompt injection, you're missing out on some serious fun. Have a shot at the labs here: portswigger.net/web-security...
Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM ...
Nominations are now open for the top 10 new web hacking techniques of 2023! Check out the nominations so far, and make your own here: portswigger.net/research/top...
Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese