Cover Image for January 2026 Event: Paywall Optional: Stream For Free with a New Technique — RRE

Presented by

A community of 250+ cybersecurity professionals and students driving growth, learning, and networking while shaping the future of information security.

Hosted By

Tech

January 2026 Event: Paywall Optional: Stream For Free with a New Technique — RRE

Name: January 2026 Event: Paywall Optional: Stream For Free with a New Technique — RRE
Start: 2026-01-20T17:30:00.000-08:00
End: 2026-01-20T20:30:00.000-08:00
Location: NetApp

Silicon Valley ISSA Chapter

NetApp

San Jose, California

Welcome! Please choose your desired ticket type:

You will be asked to verify token ownership with your wallet.

About Event

Modern web applications don’t just expose APIs — they expose attack paths. Recursive Request Exploits (RRE) represent a new class of attack that chains interdependent web requests to bypass authentication, authorization, and even payment systems.

This session introduces RRE as a repeatable methodology that uncovers hidden relationships between API and web calls, automates recursive discovery, and exploits business logic flaws that traditional testing overlooks. Through a real-world case study, you’ll see how this technique bypassed premium paywalls on a major streaming platform without breaking DRM or requiring authentication.

More importantly, you’ll learn how RRE exposes fundamental weaknesses in checkout flows, subscription enforcement, and entitlement logic across modern digital platforms. This isn’t a one-off — it’s a shift in the threat landscape. Attendees will also receive a Burp Suite extension used to discover and weaponize these vulnerabilities for both offensive and defensive security.

This research was presented at DEFCON 33 and featured in WIRED Magazine (August 2025).

Speaker

Farzan Karimi
Senior Director of Attack Operations, Moderna
With 20 years of deep offensive security experience, Farzan has led high-impact red teams at Moderna, Google (Android Red Team), and Electronic Arts. His research has been featured by WIRED Magazine and highlighted on Ted Danson’s Advancements. He is a frequent speaker at DEFCON and Black Hat USA, known for his work on Pixel exploitation and cellular security.

Key Topics Covered

How Recursive Request Exploits work and why they bypass traditional defenses
Mapping hidden request dependencies between web and API calls
Real-world case study: bypassing streaming paywalls without authentication or DRM tampering
How RRE exposes structural weaknesses in checkout, entitlement, and subscription logic
Demo + release of a Burp Suite extension for automated RRE discovery and exploitation
Defensive strategies for engineering, security, and product teams

Why Attend

Learn about a new exploit class shaping modern web security
See a real attack chain previously presented at DEFCON and featured in WIRED
Understand how attackers bypass payments, subscriptions, and entitlement logic
Receive open-source tooling to test your own systems
Connect with Silicon Valley’s cybersecurity community during networking, food, and refreshments

Agenda

Location

NetApp

3060 Olsen Dr, San Jose, CA 95128, USA

🆓 Free Parking for Event Attendees. Park in any lot. 💭 The closest parking lot is the "Hatton Street" lot on the corner of Olsen and Hatton. Entrance on Olsen Street. ⚠️ Do not follow the instructions emailed by the NetApp guest registration system; those instructions are for during-hour arrivals.