User:Albinowax

I'm Head of Research at PortSwigger Web Security, where I designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities, and exploiting subtle CORS misconfigurations in bitcoin exchanges. I have extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. I have spoken at numerous prestigious venues including both BlackHat USA and EU, and OWASP AppSec USA and EU.