BLUE

James Kettle

@jameskettle.com

Director of Research at PortSwigger aka Burp Suite Sometimes known as albinowax Portfolio: jameskettle.com/

362 followers10 following33 posts

Overview Posts Replies

JKjameskettle.comJul 9, 2024 1:51pm

That triage journey is not pretty

Reposted by James Kettle

GHhandle.invalidMay 29, 2024 12:01pm

I'm delighted to announce that I'll be presenting: "Splitting the email atom: exploiting parsers to bypass access controls" at Blackhat USA Check out the abstract for more details: www.blackhat.com/us-24/briefi...

Black Hat USA 2024

JKjameskettle.comMay 23, 2024 12:24pm

I'm thrilled to announce "Listen to the whispers: web timing attacks that actually work" will premiere at Black Hat USA! After nine months of running bulk timing attacks on thousands of live sites, I've got a lot to share! Check out the abstract here: www.blackhat.com/us-24/briefi...

Black Hat USA 2024

JKjameskettle.comMar 19, 2024 3:19pm

We've just published "Making desync attacks easy with TRACE" by new PortSwigger Research member Martin Doyenhard! portswigger.net/research/tra...

JKjameskettle.comMar 12, 2024 2:29pm

Yeah, I didn't explore the DoS angle much but it's definitely there, especially with the ability to overrun rate-limits and weak locking systems

JKjameskettle.comMar 12, 2024 2:26pm

Just submitted my talk proposal to Black Hat USA! This year I went all-in on a risky topic, and landed a beautiful range of findings from 'practical' to 'aspirational' :)

Reposted by James Kettle

GHhandle.invalidFeb 15, 2024 2:45pm

Watch my talk on Blind CSS Exfiltration, an innovative blind attack technique designed to extract data from web pages through CSS. www.youtube.com/watch?v=3WjD...

Gareth Heyes – Blind CSS Exfiltration: Stealing user data from unknown web pages via CSS

This talk delves into a new hacking attack class of Blind CSS Exfiltration! A method to extract data using pure CSS from unknown web pages even when executin...

JKjameskettle.comJan 23, 2024 9:29am

Voting is now live for the Top ten web hacking techniques of 2023! Make a brew, browse the nominations, and cast your vote here: portswigger.net/polls/top-10...

JKjameskettle.comJan 16, 2024 3:41pm

We've just launched a new topic on Web LLM Attacks! If you've never exploited indirect prompt injection, you're missing out on some serious fun. Have a shot at the labs here: portswigger.net/web-security...

Web LLM attacks | Web Security Academy

Organizations are rushing to integrate Large Language Models (LLMs) in order to improve their online customer experience. This exposes them to web LLM ...

JKjameskettle.comJan 9, 2024 2:43pm

Nominations are now open for the top 10 new web hacking techniques of 2023! Check out the nominations so far, and make your own here: portswigger.net/research/top...

Top 10 web hacking techniques of 2023 - nominations open

Nominations are now open for the top 10 new web hacking techniques of 2023! Over the last year, numerous security researchers have shared their discoveries with the community through blog posts, prese

James Kettle

@jameskettle.com

Director of Research at PortSwigger aka Burp Suite Sometimes known as albinowax Portfolio: jameskettle.com/

362 followers10 following33 posts