Security Research

This section of my website highlights my accomplishments in the hacking space. For the most part, there will be corresponding writeups either on this website or hosted externally for each of my CVEs. As far as the company hacking that I have accomplished, most of the bugs cannot be publicly disclosed per NDAs or out of respect for the Company that I have coordinated disclosure with. Any interesting vulnerability writeups that I have done can be found in the "Writeups" section below.

  • Write Ups
    CVE-2021-24495: Improper Neutralization of Input During Web Page Generation on ‘id’ parameter in Wordpress Marmoset Viewer Plugin versions 1.9.3 ≤ leads to Reflected Cross Site Scripting
    Indian Government - Breach Disclosure
    CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux
    UNEP Breached, 100K+ Employee Records Accessed
    CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)
    CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel
    Account Takeover on the Jack Daniel's Tennessee Squire Association Platform
    P1: Critical - Discovering and Foiling a Threat Actor