About Me
I'm an enthusiastic software engineer and cybersecurity researcher looking to responsibly discover critical software vulnerabilities in interesting technology. Over the last few years I have disclosed over 50 vulnerabilities to charities, fortune 500 companies, and independent developers.
Projects & Published Vulnerabilities
PKP-Lib
CVE-2023-4695
Predictable RNG deployed for token generation in PKP-lib.
GPAC
CVE-2023-3523
Out of bounds read in GPAC's 'vobsub' processing system.
HTTP Debugger
CVE-2023-35863
Insufficient kernel-mode access control.
Selino
A cross-platform SOCKS4(a)/SOCKS5(h) proxy with integrated Lua plugin support that allows users to extend the core functionality to suit specialized needs.
Race Conditions to Exploit Windows Drivers
A deep-dive into how CVE-2023-35863 was discovered with the help of PE-imports, Ghidra, and a range of techniques to gain access to a kernel-mode driver providing plaintext access to users' HTTPS traffic.
PE-Imports
A Python script that enumerates over files or directories, printing the static imports of all executables that it finds. Useful when identifying interesting drivers to further research.
Calibre
CVE-2022-0990
Server side request forgery in Calibre's 'book cover' retrieval system.
Apache Pulsar
CVE-2022-33684
Insufficient SSL certificate verification in Pulsar's OAuth2.0 credential flow.
Gogs
CVE-2022-0870
Bypass for SSRF protections in Gogs, a self-hosted Git application.
DLL Sideloading
A Windows tool for use in triaging and identifying DLL sideloading/hijacking vulnerabilities in running processes by hooking relevant functions at runtime.
T2-Lib
A performant, secure C++ library which leverages the boost.asio framework to deliver an object-oriented networking model that can easily be used by other programs. This project was written in C++ (17/20) and supported early versions of Selino (see above).
SSRF to Bypass Firewalls
Reviewing how server side request forgery (SSRF) could be used to transmit data between firewalled networks without triggering IP or domain-based blacklists, or by leveraging SSRF to pass data through whitelisted endpoints.
AQArm
A simplistic UI-driven interpreter of a limited ARM subset. Written in C++ using the Qt Framework and designed with future modularity in mind, making additions to the instruction-set extremely simple.
SiteMon
A Windows tool for monitoring websites for source-level changes in content, this project is configurable via regular expressions, timeouts, custom user-agents, and exportable (encrypted) configuration files. Written in C# using the .NET framework and WinForms for the user-interface.
PNG-CMD
A command-line application that allows users to explore the internals of PNG image files and their comprising chunks. Written in modern C and thoroughly tested using fuzzing (AFL-Fuzz) and a code assurance platform (Codacy).