MICHAEL ROWLEY

Michael Rowley

Researching & Developing Secure Software


About Me

I'm an enthusiastic software engineer and cybersecurity researcher responsibly disclosing critical software vulnerabilities in interesting technology.

Projects & Published Vulnerabilities

Timing Side Channel Attacks

An introduction to how timing discrepancies can be exploited in commmon implementations of functions specified in the C/C++/PHP standards, as well as the different ways that such vulnerabilities can be identified, patched, and avoided.

PKP-Lib

CVE-2023-4695

Predictable RNG deployed for token generation in PKP-lib.

GPAC

CVE-2023-3523

Out of bounds read in GPAC's 'vobsub' processing system.

HTTP Debugger

CVE-2023-35863

Insufficient kernel-mode access control.

Selino

A cross-platform SOCKS4(a)/SOCKS5(h) proxy with integrated Lua plugin support that allows users to extend the core functionality to suit specialized needs.

Race Conditions to Exploit Windows Drivers

A deep-dive into how CVE-2023-35863 was discovered with the help of PE-imports, Ghidra, and a range of techniques to gain access to a kernel-mode driver providing plaintext access to users' HTTPS traffic.

PE-Imports

A Python script that enumerates over files or directories, printing the static imports of all executables that it finds. Useful when identifying interesting drivers to further research.

Calibre

CVE-2022-0990

Server side request forgery in Calibre's 'book cover' retrieval system.

Apache Pulsar

CVE-2022-33684

Insufficient SSL certificate verification in Pulsar's OAuth2.0 credential flow.

Gogs

CVE-2022-0870

Bypass for SSRF protections in Gogs, a self-hosted Git application.

DLL Sideloading

A Windows tool for use in triaging and identifying DLL sideloading/hijacking vulnerabilities in running processes by hooking relevant functions at runtime.

T2-Lib

A performant, secure C++ library which leverages the boost.asio framework to deliver an object-oriented networking model that can easily be used by other programs. This project was written in C++ (17/20) and supported early versions of Selino (see above).

SSRF to Bypass Firewalls

Reviewing how server side request forgery (SSRF) could be used to transmit data between firewalled networks without triggering IP or domain-based blacklists, or by leveraging SSRF to pass data through whitelisted endpoints.

AQArm

A simplistic UI-driven interpreter of a limited ARM subset. Written in C++ using the Qt Framework and designed with future modularity in mind, making additions to the instruction-set extremely simple.

SiteMon

A Windows tool for monitoring websites for source-level changes in content, this project is configurable via regular expressions, timeouts, custom user-agents, and exportable (encrypted) configuration files. Written in C# using the .NET framework and WinForms for the user-interface.

PNG-CMD

A command-line application that allows users to explore the internals of PNG image files and their comprising chunks. Written in modern C and thoroughly tested using fuzzing (AFL-Fuzz) and a code assurance platform (Codacy).