About the Speaker

In this talk we'll introduce Project Dusseldorf, a versatile out-of-band appsec platform. It can catch and analyze network requests and uses a built-in rule engine to craft automated responses, constructed by a wide variety of predefined payloads.  Project "DuSSeldoRF" is an internal project that is used by several red teams and appsec teams within Microsoft to find vulnerabilities of different bug classes such as SSRF, XXE, SSTI, XSS but also even "generic" RCE's.  It is aimed to help automate detection and exploitation at cloud scale, and during this talk we will open source the code and explore together how you can use it to find vulnerabilities in your targets.

I work as a Principal Security Research Manager in MSRC in Microsoft where I run teams that perform security research on Hardware and OSS ecosystems.  I am one of the OWASP leads in Seattle and have been active in Appsec for over 20 years.