Explore HTTP desync attacks and request smuggling techniques in this Black Hat conference talk. Delve into methods for breaking HTTP request isolation, allowing remote attackers to manipulate web infrastructure. Learn about exploiting keep-alive connections, chunked encoding, and TE.CL approaches to desynchronize requests. Discover methodologies for detecting and confirming desyncs, bypassing security rules and rewrites, and leveraging request reflection. Examine advanced topics such as involuntary request storage, cache poisoning, and chaining DOM vulnerabilities. Gain insights into defensive strategies and explore a case study on Application Load Balancer vulnerabilities. Presented by James Kettle, this 48-minute session covers both offensive and defensive aspects of HTTP desync attacks, including real-world examples and bug bounty successes.