James Kettle (@Albinowax)

Title	Vulnerabilities	Programs	Authors
Listen to the whispers: web timing attacks that actually work	Timing Attack SSRF WAF Bypass Reverse Proxy Misconfiguration	Undisclosed	James Kettle (@Albinowax)
How to build custom scanners for web security research automation	Race Condition	Undisclosed	James Kettle (@Albinowax)
Smashing the state machine: the true potential of web race conditions	Race Condition	Devise GitLab	James Kettle (@Albinowax)
HTTP/3 connection contamination: an upcoming threat?	HTTP Connection Contamination	Undisclosed	James Kettle (@Albinowax)
Making HTTP header injection critical via response queue poisoning	HTTP Header Injection HTTP Request Smuggling	Undisclosed	James Kettle (@Albinowax)
How to turn security research into profit: a CL.0 case study	HTTP Request Smuggling Desync Attack	Undisclosed	James Kettle (@Albinowax)
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling	HTTP Request Smuggling Desync Attack	AWS Amazon Akamai Cisco Verisign Pulse Secure Varnish	James Kettle (@Albinowax)
Cracking reCAPTCHA, Turbo Intruder style	Captcha Bypass Race Condition	Google	James Kettle (@Albinowax)
Responsible denial of service with web cache poisoning	DoS Web Cache Poisoning CPDoS	Tesla HackerOne Deliveroo Bitbucket Paypal Meta / Facebook Twitter	James Kettle (@Albinowax)
Bypassing Web Cache Poisoning Countermeasures	Web Cache Poisoning	Cloudflare	James Kettle (@Albinowax)
Practical Web Cache Poisoning	Web Cache Poisoning	Mozilla HubSpot Cloudflare Binary.com Amazon (CloudFront)	James Kettle (@Albinowax)
Cracking the lens: targeting HTTP's hidden attack-surface	Reflected XSS SSRF	Yahoo! / Verizon Media BT New Relic	James Kettle (@Albinowax)
Backslash Powered Scanning: hunting unknown vulnerability classes	-	Undisclosed	James Kettle (@Albinowax)
Exploiting CORS misconfigurations for Bitcoins and bounties	CORS Misconfiguration	Undisclosed	James Kettle (@Albinowax)

Page 1 of 1