Projects

This is a collection of my various projects, including security research, open source projects, etc.

• Badgelife 101 Workshop [2023-10-05]
• Red Teaming: Why Organizations Hack Themselves [2020-10-06]
• Test Interface for Multiple Embedded Protocols [2020-05-09]
• Assessing the Embedded Devices on Your Network [2017-02-13]
• WebBorer: Directory Enumeration in Go [2015-12-28]
• PwnableWeb: Vulnerable Apps & Scoreboard for Teaching [2014-04-01]
• Presentation: The Keys to SSH [2012-04-01]
• Presentation: Drupal: Open Source Content Management [2011-07-01]
• Presentation: GnuPG: Open Encryption, Signing and Authentication [2011-07-01]
• Code Audit: KeePassX [2010-11-01]
• Resource List

Security Advisories

• CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry [2019-08-23]
• Playing with the Gigastone Media Streamer Plus [2018-01-28]
• TP-Link Kasa App: SSL Verification Disabled (Fixed) [2018-01-16]
• [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House [2017-12-18]
• Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption [2017-05-19]
• Security Issues in Alerton Webtalk (Auth Bypass, RCE) [2017-04-27]
• ObiHai ObiPhone: Multiple Vulnerabilties [2016-08-22]
• [CVE-2014-5204] Wordpress nonce Issues [2014-09-10]
• CVE-2014-4182 & CVE-2014-4183: XSS & XSRF in Wordpress 'Diagnostic Tool' Plugin [2014-07-04]