OWASP Global AppSec 2024

• GraphQL Exploitation: Secondary Context Attacks and Business Logic Vulnerabilities

Defcon Recon Village 2024

• Bypassing WHOIS Rate Limiting & Tracking Fresh Domains

Las Vegas BSides 2024

• Bypassing WHOIS Rate Limiting & Tracking Fresh Domains

Black Hat USA Trainings 2019 (Accepted)

• “The Web Application Hacker Level-Up Lab”
  • Unfortunately we couldn’t fill the class in Las Vegas. It was delivered in Buenos Aires instead with the help of Include Security. Thank you!

OWASP Maine

• Best Fit Mapping Attacks

Pluralsight Training 2017

• Video: “Writing Penetration Testing Reports”

Pluralsight Training 2016

• Video: “External Footprinting: Reconnaissance and Mapping”

Black Hat USA Arsenal 2016

• Overview: “SERPICO”

Black Hat USA 2015

• Video: “Exploiting XXE in File Upload Functionality”

Black Hat Webcast November, 2015

• Webinar: “Exploiting XXE in File Upload Functionality”
  • The webinar was updated to include more file types; PDF, JPG, and GIF

BeaCon 2015

• “Building (Simple) Fuzzing Scripts from Wireshark Dissectors”

Black Hat USA Arsenal 2015

• Overview: “SERPICO”

Black Hat Europe 2014

• Video/Slides: “Blended Web and Database Attacks on Real-Time, In-Memory Platforms”
  • I couldn’t make the talk unfortunately.

Troopers 2014

• Video: “Hiding the breadcrumbs: Anti-forensics on SAP systems”
  • Really fun presentation on hiding actions in SAP

Troopers 2014

• Video: “SAP BusinessObjects Attacks: Espionage and Poisoning of Business Intelligence platforms”
  • Another round of BO research, quite a few advisories came from this.

BlackHat Arsenal 2014

• Overview: “SERPICO”

Rapid7 Whiteboard Wednesday

• Post/Video: “There’s a Hole in 1,951 Amazon S3 Buckets”

Defcon Skytalks 20 (2012)

• “Interface Puncher”
  • This talk focused on fingerprinting web applications and bruteforcing credentials. Cool idea, but didn’t really take off.

Defcon 19 (2011)

• Video: “Metasploit vSploit Modules”
  • Joint presentation with Marcus Carey and David Rude. Awesome idea and fun work. Presentation wasn’t great though.

Defcon Skytalks Las Vegas 2011

• “Distributed Denial of Service Attacks for Whitehats”
  • Focused on testing DoS mitigations in place from vendors. Unfortunately can’t find the slides or video.

BSides Las Vegas 2011

• “Distributed Denial of Service Attacks for Whitehats”
  • Focused on testing DoS mitigations provided by vendors. Unfortunately can’t find the slides or video.

OWASP AppSec USA 2010

• Video: “Hacking SAP Businessobjects”

SOURCE Barcelona 2010

• Video: “Hacking SAP Businessobjects”