# Projects

• SupplyShield
  • Open-source application security orchestration framework designed to secure software supply chains from vulnerabilities and unapproved base images.
  • Automates SBOM generation, vulnerability detection, EPSS-based prioritization, and provides actionable security findings with upgrade recommendations.
  • Features GitHub integration for automated issue creation and CI/CD pipeline integration via message queues. Built with Python 3.10+ and Docker Compose.

# Security Advisories

• CVE-2024-40817 - Safari Web Browser
• CVE-2024-34714 - Bypass enabled origins - Hoppscotch Browser Extension
• CVE-2024-1135 - HTTP Request Smuggling in Gunicorn.
• CVE-2023-46134 - Remote Code Execution in D-tale.
• CVE-2023-30589 - HTTP Request Smuggling in Node.js.
• CVE-2022-25850 - Server-Side Request Forgery (SSRF) attack in Proxyscotch.
• CVE-2021-23404 - Cross-Site Request Forgery (CSRF) bug in SQLite Web.
• CVE-2021-3666 - Prototype pollution in body-parser-xml Node.js module.

# Presentations & Talks

## 2025

• BlackHat Arsenal Asia 2025 Singapore - SupplyShield: Protecting your software supply chain - Slides | GitHub
• BlackHat Arsenal Europe 2025 - SupplyShield: Protecting your software supply chain - GitHub
• Nullcon Goa - Securing the Chains : Building defensive layers for software supply chains

## 2023

• HackerOne Meetup - Beginner’s Guide to Prototype Pollution

## 2021

• Introduction to DNS Spoofing
• InCTF - Introduction to Web Exploitation
• A Case Study on the Android Architecture

## 2020

• Apache Tomcat RCE by Deserialization - CVE 2020-9484
• YAML Deserialization
• Introduction to LDAP and LDAP Injection

# Security Hall of Fames

• For critical information disclosure (via Cross-Site Leaks) in deepnote.com
• For potential Denial-of-Service (DoS) attack in standard.com
• For Cross-Site Scripting attack (XSS) in conclusion.nl

## Archived Projects

• Docker-On-Demand [archived]

  • Developed a web application and REST API server to manage and deploy docker containers on user’s demand.
  • Can be easily integrated with platforms such as CTFd for challenge deployment.
  • Provides on-demand container provisioning and management capabilities for CTF and educational environments.

• Phishing Detection using Machine Learning [archived]

  • Implemented K-Nearest Neighbors Algorithm from scratch for detecting malicious URLs.
  • Developed a web application to detect malicious websites.
  • Machine learning-based approach to identify and classify phishing URLs.

• Pandora CTF Framework [archived]

  • Developed an easily customizable Capture-The-Flag platform.
  • Developed for InCTFj v5.0.
  • Provides a comprehensive framework for hosting and managing CTF competitions.

* Presentations listed above contain information taken from various sources. All credits belong to their respective owners.