OWASP Gotheburg: Unofficial Security Fest Pre-Party

Welcome to OWASP Gothenburg’s unofficial wamup session to Security Fest for an evening with food, drink and interesting keynotes with the Cybersecurity Community!

Where: Assured Security Consultants,Norra Allégatan 7, 413 30 Göteborg

Agenda:

• 17:30 - 18:00 - Doors open
• 18:00 - 18:45 - The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling, Thomas Stacey

HTTP Request Tunnelling is making a comeback thanks to HTTP/2 Desync Attacks, but it’s still living in the shadow of its louder sibling, HTTP Request Smuggling. In this talk, we’ll uncover tunnelling bugs hiding in plain sight across major platforms like IIS, Azure Front Door, and AWS ALB. You'll see a brand-new detection technique in action, blending the sleek “Single-Packet Attack” with classic desync tricks. Along the way, I’ll share the rollercoaster of diving into security research for the first time—and the surprising lessons that came with it. Whether you're a seasoned hacker or just curious, you’ll leave with practical ways to bend existing tools to your will, without the need for any significant coding experience.

Thomas is a penetration tester, security researcher and full-time Lego enthusiast with a passion for exploring and applying new (and far too complicated) attack technique.

• 18:45 - 19:00 - Short break
• 19:00 - 20:00 - Coming soon
• 20:00+ - Overtime + hangout @ Assured’s office

After the talks are done, Assured’s office will remain open for all event participants to hang out. There will be beer and good company served!