Gareth Heyes
@garethheyes.co.uk
javascript:/*--></title></style></textarea></script></xmp><svg/onload='-/"/-/onmouseover=1/-/[*/[]/-alert(1)//'>
https://garethheyes.co.uk/#latestBook
https://garethheyes.co.uk/#latestBook
Pinned
Gareth Heyes
@garethheyes.co.uk
· Sep 26
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
On Thursday I'm presenting "Splitting the email atom:exploiting parsers to bypass access controls" at NDC Manchester. Please join me if you want to find out how to turn an RFC compliant email address into RCE.
portswigger.net/research/tal...
portswigger.net/research/tal...
Upcoming Conference Talks - PortSwigger Research
Find details of upcoming talks from the PortSwigger Research team. We also have research papers and recordings available from previous conferences and events.
portswigger.net
December 1, 2025 at 11:14 AM
On Thursday I'm presenting "Splitting the email atom:exploiting parsers to bypass access controls" at NDC Manchester. Please join me if you want to find out how to turn an RFC compliant email address into RCE.
portswigger.net/research/tal...
portswigger.net/research/tal...
This is the last weekend "JavaScript for hackers" will be available for $13.37. HackFriday! Grab yours now while you can...
www.amazon.com/JavaScript-h...
www.amazon.com/JavaScript-h...
JavaScript for hackers: Learn to think like a hacker
JavaScript for hackers: Learn to think like a hacker [Heyes, Gareth] on Amazon.com. *FREE* shipping on qualifying offers. JavaScript for hackers: Learn to think like a hacker
www.amazon.com
November 28, 2025 at 1:22 PM
This is the last weekend "JavaScript for hackers" will be available for $13.37. HackFriday! Grab yours now while you can...
www.amazon.com/JavaScript-h...
www.amazon.com/JavaScript-h...
Hackvertor 2.2.33 released!
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
November 28, 2025 at 12:17 PM
Hackvertor 2.2.33 released!
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
- New MultiEncoder window (CTRL+ALT+M) for applying multiple transformations across layers and sending to Repeater tab
- WebSockets support including a WebSocket handler and a new WebSocket setting
- Improved auto decoding
HackFriday starts now
JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday
Boost your payload skills and sharpen your hacking game
Grab it while it lasts 🔥
www.amazon.com/JavaScript-h...
JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday
Boost your payload skills and sharpen your hacking game
Grab it while it lasts 🔥
www.amazon.com/JavaScript-h...
JavaScript for hackers: Learn to think like a hacker
JavaScript for hackers: Learn to think like a hacker [Heyes, Gareth] on Amazon.com. *FREE* shipping on qualifying offers. JavaScript for hackers: Learn to think like a hacker
www.amazon.com
November 20, 2025 at 12:45 PM
HackFriday starts now
JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday
Boost your payload skills and sharpen your hacking game
Grab it while it lasts 🔥
www.amazon.com/JavaScript-h...
JavaScript for Hackers is on sale for $13.37 and the deal runs past Hack Friday
Boost your payload skills and sharpen your hacking game
Grab it while it lasts 🔥
www.amazon.com/JavaScript-h...
If you are planning to buy the paperback version of "JavaScript for hackers" I'd wait till Friday as I'm going to run a promotion for Black Friday. Also it makes a good Christmas present 🎁
November 19, 2025 at 1:08 PM
If you are planning to buy the paperback version of "JavaScript for hackers" I'd wait till Friday as I'm going to run a promotion for Black Friday. Also it makes a good Christmas present 🎁
Just released a major update to Hackvertor:
History logging: your conversions are now replayable and stored in the project file.
Tag-Finder window (props to @CoreyD97): filter and insert tags from within the UI. CTRL+ALT+F
Lastly: Tab persistence
thespanner.co.uk/hackvertor-h...
History logging: your conversions are now replayable and stored in the project file.
Tag-Finder window (props to @CoreyD97): filter and insert tags from within the UI. CTRL+ALT+F
Lastly: Tab persistence
thespanner.co.uk/hackvertor-h...
Hackvertor history and tag finder - The Spanner
I've been pretty busy with side projects lately and I've found using Claude code I can work on multiple features and projects easily at the same time. I did lots of refactoring with Claude to get the ...
thespanner.co.uk
November 19, 2025 at 12:25 PM
Just released a major update to Hackvertor:
History logging: your conversions are now replayable and stored in the project file.
Tag-Finder window (props to @CoreyD97): filter and insert tags from within the UI. CTRL+ALT+F
Lastly: Tab persistence
thespanner.co.uk/hackvertor-h...
History logging: your conversions are now replayable and stored in the project file.
Tag-Finder window (props to @CoreyD97): filter and insert tags from within the UI. CTRL+ALT+F
Lastly: Tab persistence
thespanner.co.uk/hackvertor-h...
Demo of the new Shadow Repeater response timing differences.
November 18, 2025 at 2:47 PM
Demo of the new Shadow Repeater response timing differences.
🚀 Shadow Repeater just got a big upgrade!
It now detects response timing differences.
thespanner.co.uk/shadow-repea...
It now detects response timing differences.
thespanner.co.uk/shadow-repea...
Shadow Repeater v1.2.3 release - The Spanner
The new version of Shadow Repeater has been released with a couple of cool new features.
Timing differences
Shadow Repeater analyses your Repeater requests and looks for response differences but it wa...
thespanner.co.uk
November 18, 2025 at 12:59 PM
🚀 Shadow Repeater just got a big upgrade!
It now detects response timing differences.
thespanner.co.uk/shadow-repea...
It now detects response timing differences.
thespanner.co.uk/shadow-repea...
Coming to Hackvertor soon...
Big thanks to CoreyD97 for the suggestion!
Big thanks to CoreyD97 for the suggestion!
November 14, 2025 at 10:45 PM
Coming to Hackvertor soon...
Big thanks to CoreyD97 for the suggestion!
Big thanks to CoreyD97 for the suggestion!
Reposted by Gareth Heyes
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
October 13, 2025 at 9:00 AM
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
Reposted by Gareth Heyes
I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y
HTTP Anomaly Rank - a new Turbo Intruder feature
YouTube video by PortSwigger
youtu.be
November 11, 2025 at 2:49 PM
I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y
Reposted by Gareth Heyes
We've updated our XSS cheat sheet to include 9 new vectors from @garethheyes.co.uk! Here are the top three, you can find the rest here: portswigger.net/web-security...
November 10, 2025 at 2:49 PM
We've updated our XSS cheat sheet to include 9 new vectors from @garethheyes.co.uk! Here are the top three, you can find the rest here: portswigger.net/web-security...
Reposted by Gareth Heyes
I only released InsiKt last night, but I've already made a great improvement to row filtering.
Filtering 130k entries with regex now takes only 2 seconds! 🔥
Filtering 130k entries with regex now takes only 2 seconds! 🔥
Long overdue, but I rewrote Logger++ to be more memory efficient and fix all the bugs!
github.com/CoreyD97/Ins...
github.com/CoreyD97/Ins...
Release Initial Release! · CoreyD97/InsiKt
Logger++ is dead, long live InsiKt!
It has been a long time since I first adopted Logger++ from @irsdl back in 2017. Since then I have left NCC Group and no longer have access to the repository, so...
github.com
November 9, 2025 at 2:00 PM
I only released InsiKt last night, but I've already made a great improvement to row filtering.
Filtering 130k entries with regex now takes only 2 seconds! 🔥
Filtering 130k entries with regex now takes only 2 seconds! 🔥
Reposted by Gareth Heyes
This was pretty fun to exploit! Even though I didn't manage to pwn the version used for Pwn2Own Berlin, I still learned a ton about LLMs. Maybe I can get my revenge in future competitions 🤞
From bit flip to RCE in Ollama! 🦙
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
Our latest blog post explains how a file parsing bug led to an interesting out-of-bounds write primitive. Learn how it could have been exploited in Ollama, a tool to run LLMs locally:
www.sonarsource.com/blog/ollama-...
#security #vulnerability #llm #ai
www.sonarsource.com
November 4, 2025 at 5:45 PM
This was pretty fun to exploit! Even though I didn't manage to pwn the version used for Pwn2Own Berlin, I still learned a ton about LLMs. Maybe I can get my revenge in future competitions 🤞
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
November 3, 2025 at 12:26 PM
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
October 30, 2025 at 12:48 PM
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
You can now create private vectors on Shazzer. Useful if you're working on something you're not ready to share yet.
shazzer.co.uk/blog/shazzer...
shazzer.co.uk/blog/shazzer...
Shazzer now has private vectors - Shazzer
When I first designed Shazzer, my goal was to ensure that even if an account were compromised, no private data could be stolen - because there simply wasn’t any private data to begin with. This was a ...
shazzer.co.uk
October 27, 2025 at 8:08 PM
You can now create private vectors on Shazzer. Useful if you're working on something you're not ready to share yet.
shazzer.co.uk/blog/shazzer...
shazzer.co.uk/blog/shazzer...
Reposted by Gareth Heyes
HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
youtu.be/BAZ-z2fA8E4
youtu.be/BAZ-z2fA8E4
HTTP is supposed to be stateless...
YouTube video by PortSwigger
youtu.be
October 22, 2025 at 2:06 PM
HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
youtu.be/BAZ-z2fA8E4
youtu.be/BAZ-z2fA8E4
If you want to learn how to construct epic payloads like this? You need JavaScript for Hackers.
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
October 16, 2025 at 5:40 PM
If you want to learn how to construct epic payloads like this? You need JavaScript for Hackers.
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Requires this hash:
#<img/src/onerror=alert(1)>
www.amazon.com/JavaScript-h...
Want to learn how to craft payloads like these?
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
October 14, 2025 at 11:17 AM
Want to learn how to craft payloads like these?
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Read JavaScript for Hackers to master creative XSS techniques and understand exactly why they work.
🧠 Learn to think like a hacker
⚡ Master the art of payload design
Grab your copy 👉 www.amazon.com/JavaScript-h...
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
October 13, 2025 at 9:00 AM
Last chance to catch "Splitting the Email Atom: Exploiting Parsers to Bypass Access Controls" at the NDC Conference, Manchester. Join me and see just how wild the email RFCs really are.
portswigger.net/research/tal...
portswigger.net/research/tal...
Reposted by Gareth Heyes
I’m excited to announce that I’ll be presenting The Fragile Lock: Novel Bypasses for SAML Authentication at Black Hat Europe! In this talk, I’ll show how I was able to continuously bypass security patches to achieve complete auth bypass for major libraries. #BHEU @blackhatevents.bsky.social
October 7, 2025 at 2:55 PM
I’m excited to announce that I’ll be presenting The Fragile Lock: Novel Bypasses for SAML Authentication at Black Hat Europe! In this talk, I’ll show how I was able to continuously bypass security patches to achieve complete auth bypass for major libraries. #BHEU @blackhatevents.bsky.social
Reposted by Gareth Heyes
Anyone in Warsaw left without a ticket to THS yet? I found out I have a discount code :)
Come see me next week
Come see me next week
October 2, 2025 at 7:33 AM
Anyone in Warsaw left without a ticket to THS yet? I found out I have a discount code :)
Come see me next week
Come see me next week
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS
September 26, 2025 at 11:20 AM
In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more.
www.amazon.com/dp/B0BRD9B3GS
www.amazon.com/dp/B0BRD9B3GS