Home About
About
Cancel

About

Interested in Software Security, Web Application Security and Vulnerability Research.

Hacking to learn while learning to hack. I enjoy finding security vulnerabilities within things in my spare time. Into Static Analysis and Open Source Security.

Wall Of Sheep

Target Vulnerability Advisory
Cocoapods Yaml Deserialization https://github.com/CocoaPods/CocoaPods/pull/11974
kubernetes-sigs/release-sdk Git Arg Injection https://hackerone.com/reports/1763704
Snapd Zip Traversal https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSNAPCORESNAPDOVERLORDSNAPSHOTSTATEBACKEND-3172910
Rancher Command Arg Injection https://github.com/advisories/GHSA-34p5-jp77-fcrc
utils-extend ProtoType Pollution https://snyk.io/vuln/SNYK-JS-UTILSEXTEND-560385
aiosmtplib SMTP Injection https://security.snyk.io/vuln/SNYK-PYTHON-AIOSMTPLIB-3042406
enshrined/svg-sanitize Sanitizer Bypass https://snyk.io/vuln/SNYK-PHP-ENSHRINEDSVGSANITIZE-536969
verot/class.upload.php Arbitary File Upload https://snyk.io/vuln/SNYK-PHP-VEROTCLASSUPLOADPHP-538304
simplito/elliptic-php Timing Attack https://snyk.io/vuln/SNYK-PHP-SIMPLITOELLIPTICPHP-534576
phppgadmin/phppgadmin Cross-site Request Forgery (CSRF) https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
im-metadata Command Injection https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184
written Cross-site Scripting (XSS) https://snyk.io/vuln/SNYK-RUBY-WRITTEN-548685
dariusiii/zipper Zip Traversal https://snyk.io/vuln/SNYK-PHP-DARIUSIIIZIPPER-552163
madnest/madzipper Zip Traversal https://snyk.io/vuln/SNYK-PHP-MADNESTMADZIPPER-552164
chumper/zipper Zip Traversal https://snyk.io/vuln/SNYK-PHP-CHUMPERZIPPER-552162
codecov Command Injection https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149
vega-util Prototype Pollution https://snyk.io/vuln/SNYK-JS-VEGAUTIL-559223
github.com/yi-ge/unzip Zip Traversal https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMYIGEUNZIP-559345
github.com/artdarek/go-unzip Zip Traversal https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARTDAREKGOUNZIP-559505
markdown-editor Cross-site Scripting (XSS) https://snyk.io/vuln/SNYK-PYTHON-MARKDOWNEDITOR-559226
dojox Prototype Pollution https://snyk.io/vuln/SNYK-JS-DOJOX-559225
dojo Prototype Pollution https://snyk.io/vuln/SNYK-JS-DOJO-559224
utilitify Prototype Pollution https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497
benchmark.js ReDoS https://github.com/bestiejs/benchmark.js/issues/229
markdown ReDoS https://snyk.io/vuln/SNYK-JS-MARKDOWN-560793
objutil ProtoType Pollution https://snyk.io/vuln/SNYK-JS-OBJUTIL-559496
netius HTTP Request Smuggling https://snyk.io/vuln/SNYK-PYTHON-NETIUS-569141
reel HTTP Request Smuggling https://snyk.io/vuln/SNYK-RUBY-REEL-569135
meinheld HTTP Request Smuggling https://snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140
goliath HTTP Request Smuggling https://snyk.io/vuln/SNYK-RUBY-GOLIATH-569136
Workerman/Workerman Improper Input Validation https://snyk.io/vuln/SNYK-PHP-WORKERMANWORKERMAN-569105
agoo HTTP Request Smuggling https://snyk.io/vuln/SNYK-RUBY-AGOO-569137
@uifabric/utilities Prototype Pollution https://snyk.io/vuln/SNYK-JS-UIFABRICUTILITIES-571487
iodine HTTP Request Smuggling https://snyk.io/vuln/SNYK-RUBY-IODINE-569134
github.com/helm/helm/pkg/plugin/installer Arbitrary File Write (Zip Slip) https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMHELMHELMPKGPLUGININSTALLER-572401
tiny-http HTTP Request Smuggling https://github.com/tiny-http/tiny-http/issues/173
@fluentui/styles Prototype Pollution https://snyk.io/vuln/SNYK-JS-FLUENTUISTYLES-5708087
fine-uploader Prototype Pollution https://snyk.io/vuln/SNYK-JS-FINEUPLOADER-585902
i18next Prototype Pollution https://snyk.io/vuln/SNYK-JS-I18NEXT-585930
@tsed/core Prototype Pollution https://snyk.io/vuln/SNYK-JS-TSEDCORE-1019382
lightning-server Cross-site Scripting (XSS) https://snyk.io/vuln/SNYK-JS-LIGHTNINGSERVER-1019381
browserless-chrome Path Traversal https://snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657
droppy Path Traversal https://snyk.io/vuln/SNYK-JS-DROPPY-1023656
@firebase/util Prototype Pollution https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324
mquery Prototype Pollution https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
rxdb Prototype Pollution https://snyk.io/vuln/SNYK-JS-RXDB-1050985
@sdscoep/web-review Arbitrary File Read https://snyk.io/vuln/SNYK-JS-SDSCOEPWEBREVIEW-1053230
inireader Prototype Pollution https://snyk.io/vuln/SNYK-JS-INIREADER-1054843
node-ini Prototype Pollution https://snyk.io/vuln/SNYK-JS-NODEINI-1054844
OpenCATS Object Injection https://nvd.nist.gov/vuln/detail/CVE-2021-25294
OpenCATS Cross-site Scripting (XSS) https://nvd.nist.gov/vuln/detail/CVE-2021-25295
iniparserjs Prototype Pollution https://snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989
github.com/pterodactyl/wings/router/downloader Server-side Request Forgery (SSRF) https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPTERODACTYLWINGSROUTERDOWNLOADER-1083290
cypress Insecure Electron Settings https://snyk.io/vuln/SNYK-JS-CYPRESS-1255446
suitecrm Phar Deserialization https://snyk.io/vuln/SNYK-PHP-JAKUBPASSUITECRM-1277522
comrak Zip Traversal https://snyk.io/vuln/SNYK-JS-CALIPSO-1300555
nestie Prototype Pollution https://snyk.io/vuln/SNYK-JS-NESTIE-1300518
async-zip Zip Traversal https://gist.github.com/snoopysecurity/007503097536b557bc22a7ef24f4d11d
mevn-cli DoS through Nested GraphQL Queries https://github.com/madlabsinc/mevn-cli/commit/5f88c24dfe9825349401a4c0b009f57ac31a9099
SonicJS Path Traversal https://nvd.nist.gov/vuln/detail/CVE-2022-42002
SMTPMail-drogon SMTP Injection https://github.com/ihmc3jn09hk/SMTPMail-drogon#updates

Web Application Bug Bounty (2014-2016)

Other

Previously worked as a Security Consultant focused on Web Application Security and Network Security. Also an experienced trainer teaching at multiple conferences: