Thomas Shadwell (zemnmez)

Company: Twitch.tv
Bio: I'm an application security engineer at Twitch. I'm best known for breaking things I like using including reporting 120 vulnerabilities in Steam, breaking Steam's login encryption or getting XSS, then remote code execution in Mr Robot's website. I have a special interest in the interactions of web protocols leads to unintended side effects. My most well-publicized work on this was probably my deanonymization attack leveraging CSP to discover Facebook user identities.