Thrilled to finally release my latest research "The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling". Desync vulnerabilities stemming from HP2 downgrading continue to plague even the largest vendors, have a read to find out more! https://t.co/Elsr3WEYXZ

🤔 Got questions about Black Hat? Join the "Ask Me Anything: Meet the Black Hat Review Board" session at #BHEU! Engage directly with the experts shaping the event and get your burning questions answered. Learn more here >> https://t.co/2aqB6xCjMp

At #BHEU, Zak Fedotkin unveils "The Fragile Lock" — groundbreaking bypasses that challenge the integrity of SAML authentication. Learn how attackers exploit weaknesses and what it means for security. 🔑 Don't miss it! Register now >> https://t.co/m0P5QWsuzN

Where is the time going? Not long to BSides London too! The elves have been busy chatting to partners, potential sponsors and very keen speakers. Plenty of time to get involved, give us a shout. #oooarrcyber

my new blogpost is out!! this one talks about a new web vulnerability class i discovered that allows for complex interactive cross-origin attacks and data exfiltration and i've already used it to get a google docs bounty ^^ have fun <3 https://t.co/PBct6aB24W

Delighted to present at NDC Manchester. If you attended the talk and want the materials you can grab them from here: https://t.co/kysqoXs1fZ

Great experience collaborating with Akamai — the team is incredibly friendly and professional.

Next week I'll be on a #BHEU panel alongside review board members Enno Rey, Marina Krotofil & Marion Marschalek! If you're an aspiring researcher, this is a chance to grill us on what it takes to land a conference slot & deliver an unforgettable presentation @BlackHatEvents

We pride ourselves on our incredible team of world-class security researchers. There's a good chance that you've seen some of our research, but not all of it. HTTP desync, URL validation bypasses, web cache tricks, cookie chaos, CSS exfil... all the good stuff! Have a quick

On Thursday I'm presenting "Splitting the email atom:exploiting parsers to bypass access controls" at NDC Manchester. Please join me if you want to find out how to turn an RFC compliant email address into RCE. https://t.co/ry7V3zfjqa

The content of a <script> inside <math> or <svg> is treated as text. If the browser hits an HTML tag they can't handle, like <img>, it closes them and places the tag outside. What looks like commented-out JS isn't. https://t.co/O0ZsVMUT00 #xss

We’re exploring what truly drives people into cybersecurity. celebrating the explorers, the questioners, and the quietly determined minds. We know that not everyone came to cyber through coding or gaming. #oooarrcyber

Hey everyone! I’ve been building rep+, a lightweight HTTP Repeater inside Chrome DevTools. No proxy setup or certificates. Just open DevTools and start poking requests. It also has built-in AI for explanations and attack ideas. I’ll share one rep+ feature every day. Try it 👇

💚 Events like BSides Exeter don’t happen without our incredible sponsors. Your support keeps tickets affordable, gives new voices a platform, and helps us celebrate this year’s theme — “Curiosity Made the Cyber Pro.” 👉 https://t.co/O0566Y8ZiM #oooarrrcyber

CURIOSITY BUILT THE CYBER PRO Every cyber security and digital forensics professional started the same way — curious, determined, and probably told to “get off that computer!” or “you’ve been online too long!” #oooarrcyber

This is both hilarious and an educational read!

We have a copy at the office now. Just get it, it's great!

HackFriday starts now JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday Boost your payload skills and sharpen your hacking game Grab it while it lasts 🔥 https://t.co/84e3xYGQu4

"Burp AI can bring up a new generation of hackers faster and more effectively.​​​​​​" In his new article, @hAPI_hacker explores how Burp AI: 🔬 Analyzes requests and adapts when attacks fail. 💬 Explains findings in clear language. 💪 Enhances human decision-making. 👉

🚀 Shadow Repeater just got a big upgrade! It now detects response timing differences. https://t.co/aFDXmazHYz

Want to experiment with Anomaly Rank on arbitrary requests anywhere inside Burp Suite? Nick Coblentz made an extension for that! Try it out here: