Talks and Publications | The Rose Garden

Videos

Tales of DOMinica

XSS comes in three flavours, so why do we only focus on two? In this talk, we explore DOM-based XSS - the basics, how to find it, why it's missed so often, and even some real life examples! Better yet, a series of labs have been prepared and released alongside - so you can master it as well!

No more alert(1)

Ever seen a pop-up box with '1' in the centre and wondered "what's the impact there"? Well - wonder no longer. By the end of this talk, you'll have learnt how to turn pop ups into beacons, and hopefully had some fun along the way.

How to get away with hacking

A no-nonsense talk on how to actually break into penetration testing, from someone who went from apprentice to CTL in 4 years. Focusing on the best ways to build 'hard' skills fast, the importance of 'soft' skills, and why you don't need to pay harder to get started ;).

Publications, Quotes and Presentations

Photograph of the central library in Helsinki

Quotes and Publications

Catching Subtle User Enumeration Issues

Pentest People

(www.pentestpeople.com)

Quoted in

OSINT: What is Open Source Intelligence and how is it Used

The Daily Swig

(https://portswigger.net/daily-swig/osint-what-is-open-source-intelligence-and-how-is-it-used)

Security in a ‘Work From Anywhere’ World

Pavilion

(https://www.pav.co.uk/blog/security-in-a-work-from-anywhere-world)

Featured in

2021's Most Dangerous Scams

PC Pro

(issue 317, p.27.)

Quoted in

Tackling Cross-Site Request Forgery (CSRF) on Company Websites

HelpNet Security

(https://www.helpnetsecurity.com/2021/03/23/csrf-on-company-websites/)

Can You See Them?

Pavilion

(https://www.pav.co.uk/blog/hackers-can-you-see-them/)

Quoted in

EventBuilder Misconfiguration

The Daily Swig

(https://portswigger.net/daily-swig/eventbuilder-misconfiguration-exposes-personal-details-of-100-000-event-registrants)

Mentioned in

What is a Penetration Tester and do we Need One?

The Times Raconteur

(https://www.raconteur.net/technology/cybersecurity/what-is-a-penetration-tester-and-do-we-need-one/)

Quoted in

Pentest People Comments on GCHQ Cyber Offensive Plan

Business in the News

(https://businessinthenews.co.uk/2021/10/28/pentest-people-comments-on-gchq-cyber-offensive-plan/)

Liam Follin presenting at BSides Bristol 2023

Presentations

How to get Away with Hacking

Notre Dame High School

(Year 10 and 13 Students)

Cross Site Request Forgery - Attacking, Defending and Having Fun

Cardiff University

(Third Year University Students)

Cyber Security and Penetration Testing

York College

(Second Year Students)

How to get Away with Hacking

King Edwards VII School

(Year 12 Students)

No More Alert(1)

SecuriTay 2022

(https://www.youtube.com/watch?v=kznGpwk9bE0)

How to get Away with Hacking

The University of West England

(Undergraduate Students)

How to get Away with Hacking

BSides Leeds 2023

(https://www.youtube.com/watch?v=FDxAQxjQCag)

Domain Name Stupidity

BSides Cambridge 2023

(https://administraitor.video/edition/BSides%20Cambridge/2023)

How to get Away with Hacking

King Edwards VII School

(Year 12 Students)

Domain Name Stupidity

BSides Bristol 2023

(https://administraitor.video/edition/BSides%20Bristol/2023)

Domain Name Stupidity

DC151

(https://dc151.org/speaker-update-8th-november-2023/)

Cyber Security - Industry Lessons

UA92

Tales of DOMinica (15)

SteelCon

(https://www.youtube.com/live/Mie_XQ4_fqk?si=CtXIrlkhqgutehWi&t=16199)

Tales of DOMinica (15)

BSides Exeter

(https://www.youtube.com/watch?v=yB3S9KEhQZA)

No More Alert(1)

BSides Belfast

No More Alert(1)

DC151

(https://dc151.org/october-2024/)

How to get away with hacking

Hack Glasgow

(https://www.youtube.com/watch?v=i4IzoJQdPhM)

Learning to Trust Again

OSFF London 2025

(https://www.youtube.com/watch?v=JhyxLG41F8A)

The Humble Braggings of a Pentester

Cybrewery Leeds

The Humble Braggings of a Pentester

DC151