James Kettle research overview

Upcoming Presentations

Attack Technique Research

Automation Research



I'm Head of Research at PortSwigger Web Security, where I design and refine vulnerability detection techniques for Burp Suite's scanner. Recent work has focused on techniques to automate detecting unknown classes of vulnerabilities, and exploiting subtle CORS misconfigurations in bitcoin exchanges. I have extensive experience vulnerability bounty hunting and cultivating novel attack techniques, including server and client side RCE, and abusing the HTTP Host header to poison password reset emails and server side caches.

You can contact me via @albinowax on Twitter, xawonibla@gmail.com, or elttek.semaj@portswigger.net

See also Personal blog, Company blog, HackerOne profile