Talks

This section includes information about the talks I’ve given at cybersecurity conferences ranging from HITB Bangkok to DEF CON and Black Hat. Topics span web exploitation, red team tradecraft, abuse of common protocols, and creative approaches to initial access, persistence, and command & control.

Bypassing Authentication using HTTP Request Smuggling

HITB Bangkok 2024 – Leveraging Request Smuggling for Authentication Bypass and Remote Code Execution (Video) (Slides)

Black Hat USA 2025 – Ghost Calls: Abusing Web Conferencing for Covert Command & Control (video) (slides)

DEF CON 33 – Ghost Calls: Abusing Web Conferencing for Covert Command & Control (video) (slides)

Black Hat USA 2025 – OAuthSeeker: Weaponizing OAuth Phishing for Red Team Simulations (video) (slides)

DEF CON 33 – OAuthSeeker: Weaponizing OAuth Phishing for Red Team Simulations (video) (slides)