Skip to main content
Amit Klein's security corner

Main menu

  • Academia-related
  • Advanced web application attacks
  • DNS X-Ray
  • DNS cache poisoning
  • Home
  • Predictable Javascript Math.Random and HTTP multipart boundary string
  • Public appearances
  • Recent (non-Academic) Research
  • Standards, community, etc.
  • Usenix 2019 *extended* paper
  • Web application security - the early days
  • Web-based virtual machine detection
  • XML and SOAP attacks

You are here

Home

Blog

  • BlackHat and DefCon 2017
  • Black Hat USA 2016
  • Perfect exflitration slides
  • HTTP Response Splitting in Node.js
  • Web-based VM detection with HTML5
  • (NIH) WebRTC exposes internal IP addresses

Standards, community, etc.

Contributed to IETF RFC 6056 - Recommendations for Transport-Protocol Port Randomization.

Contributed to IETF RFC 7230 - Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing.

Served as a WASC officer.

 

 


 

Advisories

  • HTTP Response Splitting in Node.js
  • Web-based VM detection with HTML5 Performance Object
  • Safari PASV vulnerability
  • The "localhosed" attack - stealing IE local cookies
  • Filezilla FTP server advisory