Cary Hooper is an offensive security engineer working for a Fortune 500 institution. Cary is a combat veteran and graduate of the United States Military Academy at West Point. He lead technical and non-technical teams within the Army Engineer Corps and Cyber Command. Cary’s certifications include CISSP, OSCE, OSCP, and OSWE.
Whether you are a network defender, pentester, or total noob, this presentation will teach you something about how HTTP works and how it can be broken. First, we will discuss basic HTTP concepts and some lesser-known features of the protocol. Then, we will explain and demonstrate HTTP De-Sync attacks popularized by James Kettle in 2019. Attend this presentation and walk away with a deeper understanding of the HTTP protocol, how web requests are processed, and novel HTTP attack techniques.