Explore the world of distributed HTTP-based attacks in this 40-minute LASCON conference talk. Learn about Httpillage, a tool designed to distribute attacks across multiple nodes, simulating real-world threats more effectively than single-host attacks. Discover how to conduct online password brute-force attempts, denial of service attacks, and application enumeration with increased speed and effectiveness. Follow along with live demonstrations of common attacks across multiple nodes, including brute-forcing time-based password reset tokens. Gain insights into providing proper impact demonstrations during penetration testing, and understand the limitations of traditional single-host approaches. Delve into topics such as username enumeration, job response flags, dictionary attacks, status codes, and weak token exploitation. Enhance your understanding of application security testing and learn how to better model real-world threats in your assessments.