Projects
This is a collection of my various projects, including security research, open source projects, etc.- Badgelife 101 Workshop [2023-10-05]
- Red Teaming: Why Organizations Hack Themselves [2020-10-06]
- Test Interface for Multiple Embedded Protocols [2020-05-09]
- Assessing the Embedded Devices on Your Network [2017-02-13]
- WebBorer: Directory Enumeration in Go [2015-12-28]
- PwnableWeb: Vulnerable Apps & Scoreboard for Teaching [2014-04-01]
- Presentation: The Keys to SSH [2012-04-01]
- Presentation: GnuPG: Open Encryption, Signing and Authentication [2011-07-01]
- Presentation: Drupal: Open Source Content Management [2011-07-01]
- Code Audit: KeePassX [2010-11-01]
- Resource List
Security Advisories
- CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry [2019-08-23]
- Playing with the Gigastone Media Streamer Plus [2018-01-28]
- TP-Link Kasa App: SSL Verification Disabled (Fixed) [2018-01-16]
- [CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House [2017-12-18]
- Belden Garrettcom 6K/10K Switches: Auth Bypasses, Memory Corruption [2017-05-19]
- Security Issues in Alerton Webtalk (Auth Bypass, RCE) [2017-04-27]
- ObiHai ObiPhone: Multiple Vulnerabilties [2016-08-22]
- [CVE-2014-5204] Wordpress nonce Issues [2014-09-10]
- CVE-2014-4182 & CVE-2014-4183: XSS & XSRF in Wordpress 'Diagnostic Tool' Plugin [2014-07-04]