James Kettle / albinowax research overview

Contact Blogs

Upcoming Presentations


Attack Technique Research

Automation Research




Misc

whoami

I'm the Head of Research at PortSwigger Web Security, where I design and refine vulnerability detection techniques for Burp Suite's scanner, and research novel attack techniques.

Show/Hide full bio Show/Hide full bio

James Kettle is Head of Research at PortSwigger Web Security, where he designs and refines vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to detect unknown classes of vulnerabilities, and exploiting subtle CORS misconfigurations in bitcoin exchanges. James has extensive experience cultivating novel attack techniques, including server-side RCE via Template Injection, client-side RCE via malicious formulas in CSV exports, and abusing the HTTP Host header to poison password reset emails and server-side caches. He has spoken at numerous prestigious venues including both BlackHat USA and EU, and OWASP AppSec USA and EU.

You can contact me via @albinowax on Twitter, xawonibla@gmail.com or elttek.semaj@portswigger.net