Research

Below is an index of the research I’ve published across a variety of sources

Conference Presentations

HITB Bangkok 2024 – Leveraging Request Smuggling For Authentication Bypass and Remote Code Execution (video) (slides)

Black Hat USA 2025 – Ghost Calls: Abusing Web Conferencing for Covert Command & Control (video) (slides) – COMING SOON!

DEF CON 33 – Ghost Calls: Abusing Web Conferencing for Covert Command & Control (video) (slides) – COMING SOON!

Black Hat USA 2025 – OAuthSeeker: Weaponizing OAuth Phishing for Red Team Simulations (video) (slides) – COMING SOON!

DEF CON 33 – OAuthSeeker: Weaponizing OAuth Phishing for Red Team Simulations (video) (slides) – COMING SOON!

Published Blog Posts

This section includes blog posts I’ve published through other sources such as through Praetorian.

NTLMv1 vs NTLMv2: Digging into an NTLM Downgrade Attack (blog post) (archive)