• Home
  • About
  • Presentations + Trainings
  • Advisories
  • Github
Subscribe

Presentations + Trainings

  • OWASP Global AppSec 2024
    • GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities
  • Defcon Recon Village 2024
    • Bypassing WHOIS Rate Limiting & Tracking Fresh Domains
  • Las Vegas BSides 2024
    • Bypassing WHOIS Rate Limiting & Tracking Fresh Domains
  • Black Hat USA Trainings 2019 (Accepted):
    • "The Web Application Hacker Level-Up Lab"
      • Unfortunately we couldn't fill the class in Las Vegas. It was delivered in Buenos Aires instead with the help of Include Security. Thank you!
  • OWASP Maine:
    • Best Fit Mapping Attacks
  • Pluralsight Training 2017:
    • Video: "Writing Penetration Testing Reports"
  • Pluralsight Training 2016:
    • Video: "External Footprinting: Reconnaissance and Mapping"
  • Black Hat USA Arsenal 2016:
    • Overview: "SERPICO"
  • Black Hat USA 2015:
    • Video: "Exploiting XXE in File Upload Functionality"
  • Black Hat Webcast November, 2015:
    • Webinar: "Exploiting XXE in File Upload Functionality"
      • The webinar was updated to include more file types; PDF, JPG, and GIF
  • BeaCon 2015:
    • "Building (Simple) Fuzzing Scripts from Wireshark Dissectors"
  • Black Hat USA Arsenal 2015:
    • Overview: "SERPICO"
  • Black Hat Europe 2014:
    • Vidoe/Slides: "Blended Web and Database Attacks on Real-Time, In-Memory Platforms"
      • I couldn't make the talk unfortunately.
  • Troopers 2014:
    • Video: "Hiding the breadcrumbs: Anti-forensics on SAP systems"
      • Really fun presentation on hiding actions in SAP
  • Troopers 2014:
    • Video: "SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms"
      • Another round of BO research, quite a few advisories came from this.
  • BlackHat Arsenal 2014:
    • Overview: "SERPICO"
  • Rapid7 Whiteboard Wednesday
    • Post/Video: "There's a Hole in 1,951 Amazon S3 Buckets"
  • Defcon Skytalks 20 (2012):
    • "Interface Puncher"
      • This talk focused on fingerprinting web applications and bruteforcing credentials. Cool idea, but didn’t really take off.
  • Defcon 19 (2011):
    • Video: "Metasploit vSploit Modules"
      • Joint presentation with Marcus Carey and David Rude. Awesome idea and fun work. Presentation wasn’t great though.
  • Defcon Skytalks Las Vegas 2011:
    • "Distributed Denial of Service Attacks for Whitehats"
      • Focused on testing DoS mitigations in place from vendors. Unfortunately can’t find the slides or video.
  • BSides Las Vegas 2011:
    • "Distributed Denial of Service Attacks for Whitehats"
      • Focused on testing DoS mitigations provided by vendors. Unfortunately can’t find the slides or video.
  • OWASP AppSec USA 2010:
    • Video: "Hacking SAP Businessobjects"
  • SOURCE Barcelona 2010:
    • Video: "Hacking SAP Businessobjects"

RSS
© 2025. Powered by Ghost