Exactly what I need. Impressive stuff!

Thank you for sharing.One of great teaching class i ever had.

Cool PoC, Great session on HTTP smuggling attack.

The stuff is really great. Thanks a lot !!

Amazing stuff ! thanks a lot

This was fascinating!

I needed this.

Amazing stuff

This is GOLD!

mind blown! felt sorry for sysadmins for the consequences of his very last attack in this presentation. highly impactful attack indeed.

This was trooly amayzing

Thankyou!

Thank you

Thanks

The last one was mind blowing

wow amazing

01:10 interest low stack system/integration/protocol bugs 01:27 agenda 02:04 quick introduction, CL.TE /TE.CL "HTTP Desync Attacks: Smashing into the Cell Next Door " James Kettle, kzfaq.info/get/bejne/rZOVfbBjtcmUe30.html watchfire paper, 2005 shorturl.at/cfstN ====================================== CL.TE Desync Attack ====================================== 03:21 CL.TE which is the front-end.back-end 03:35 the front-end will interpret a web request using its content-type header and the back-end will interpret the same request using the transfer-encoded header 03:51 here we have an attacker, post request, T.E header is malformed 04:18 Back-end ignores the content-length ============================= TE.CL Desync Attack ============================= 05:58 [...] 08:14 testing for request smuggling 08:37 github.com/defparam/smuggler 09:58 Impact radius of request smuggling 10:14 Open Desync, the3 most dangerous of the three 10:28 IP Desync 10:51 Self Desync, VPN, VPS ============================= Practical Attack ============================= 11:20 Recon stories

Hello sir. I have a question I couldn't find how to do that. There are 15 numbers from 1-15. It can generate any number randomly. How can we identify which number is being generated?

Is their github page for the test server , I wanna test my self

14:40 the takeway i love it. i was in talk with a pretty big sec tech company . one of their guys tried to act like a wise guy: there is no risk with a robots.txt. ok sure kiddo.

Hi Nahamsec, Can you share the lab so I can practice?

seeing the view count gives me the warm n fuzzies cus i know im super early to the party you ladies and gents are super rad and i couldnt be more excited to start hunting

Does HTTP Request smuggling, just works on POST method, or also on GET ? I have heard it just works on POST method..

Why don't you ppl invite ippsec

18:48 recon story#2 is about api.zomato.com🕵️ got a bounty of. 15k USD

Tcm hair 😂

how attacker poisoing the HTTP, but Victim access on HTTPS ? can it's still work ? or not? if work, how?