Tim (lanmaster53) Tomes
Believer, husband, father, veteran, coder, breaker, teacher, entrepreneur, and sharer.
Burp Suite master and king of making HTTP requests tremble.
Work
- Web Application Security Engineer
- Founder, Practical Security Services (PractiSec)
- Web Application Security Instructor
- Certified: CISSP, CISA, GWAPT (expired), GPEN (expired), CEH (expired), CCNA Security (expired), MCSA (2003), Comptia A+ and Network+, blah, blah, why are you still reading this?
Play
- Co-founder of Proverbs Hackers, a community of Christian Information Security professionals who share a common thread of faith, fellowship and pwning.
- Security Blogger. Most stuff is here, but there's some other stuff floating around. Google me.
- Open source advocate. Creator and maintainer of the Recon-ng Framework amongst other things. See Projects for more information.
- Curator of the AppSec Watercooler Slack channel.
Public Speaking
- {JWT}.{Misuse}.&Abuse - Carolina Code Conference 2024
- {JWT}.{Misuse}.&Abuse - BSides Augusta 2023
- Sucking @Capitalism - BSides Greenville 2020 (keynote)
- Rapid Recon for Red Teams - Upstate SC ISSA 2020
- Rapid Recon for Red Teams - Clemson University Cyber Meetup (10/17/2019)
- To CORS! The Cause of and Solution to All of your SPA Problems - DerbyCon 9.0 (2019)
- To CORS! The Cause of and Solution to All of your SPA Problems - BSides Greenville 2019
- InfoSec Proverbs: The Tim Tomes Top 10 - BSides Greenville 2018 (keynote)
- Burping for Joy and Financial Gain - DerbyCon 7.0 (2017)
- Burping for Joy and Financial Gain - BSides Augusta 2017
- Edge Cases in Web - DEF CON 25 (2017)
- Ermahgerd Werb Verlns - Upstate SC ISSA 2016
- Ermahgerd Werb Verlns - Church IT Network Conference 2016
- OSINT for AppSec: Recon-ng and Beyond - Upstate SC ISSA 2015
- OSINT for AppSec: Recon-ng and Beyond - DerbyCon 5.0 (2015) (slides)
- OSINT for AppSec: Recon-ng and Beyond - BSides Augusta 2015
- Ball and Chain: A New Paradigm in Stored Password Security - DerbyCon 4.0 (2014)
- Stored Password Security: The Adobe Guide to Keyless Decryption - BSides Augusta 2014
- Look Ma, No Exploits! - The Recon-ng Framework - Upstate SC ISSA 2013
- Look Ma, No Exploits! - The Recon-ng Framework - DerbyCon 3.0 (2013)
- Look Ma, No Exploits! - The Recon-ng Framework - BSides Augusta 2013
- Look Ma, No Exploits! The Next Generation of Open Source Reconnaissance – Boise ISSA Conference 2013
- Hide and Seek, Post-Exploitation Style – ShmooCon 2013
- Next Generation Reconnaissance – Hack3rcon 2012
- Next Generation Reconnaissance – DerbyCon 2.0 (2012)
- Web Recon for Penetration Testing and Network Defense – Colorado Springs ISSA Conference 2012 (keynote)
- Lurking in the Shadows – Augusta ISSA November 2011
- Lurking in the Shadows – Hack3rcon 2011