Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced HTTP request smuggling techniques and desync attacks in this 37-minute DEF CON 33 conference talk that challenges the misconception that critical HTTP vulnerabilities are a thing of the past. Discover multiple new classes of desync attacks that have enabled mass compromise of user credentials across hundreds of high-profile targets including major tech companies, SaaS providers, and CDNs, with demonstrated success yielding over $100,000 in bug bounties within just two weeks. Learn about the comprehensive research methodology and open-source toolkit that replaces outdated vulnerability probes with focused analysis techniques designed to identify each target's unique weaknesses. Master strategies for creating an avalanche of desync research leads that range from discovering entirely new attack classes to uncovering exotic implementation flaws capable of dumping server memory in a manner similar to Heartbleed. Examine both meticulously crafted attacks built from theoretical foundations and accidental exploits with root causes so complex they left even the original developers confused. Gain practical knowledge and tools needed to participate in advanced desync research aimed at demonstrating why HTTP/1.1 represents a fundamental security risk that must be eliminated.
