Vulnerability Research

Advisories

• CVE-2023-46134 - Remote Code Execution in D-tale.
• CVE-2023-30589 - HTTP Request Smuggling in Node.js.
• CVE-2022-25850 - Server-Side Request Forgery (SSRF) attack in Proxyscotch. (Reference)
• CVE-2021-23404 - Cross-Site Request Forgery (CSRF) bug in SQLite Web dashboard. (Reference)
• CVE-2021-3666 - Prototype pollution in body-parser-xml Node.js module. (Reference)

Security Hall of Fames

• For critical information disclosure (via Cross-Site Leaks) in deepnote.com
• For potential Denial-of-Service (DoS) attack in standard.com
• For Cross-Site Scripting attack (XSS) in conclusion.nl

Dev Projects

• Docker-On-Demand
  • Developed a web application and REST API server to manage and deploy docker containers on user’s demand.
  • Can be easily integrated with platforms such as CTFd for challenge deployment.
• Phishing Detection using Machine Learning
  • Implemented K-Nearest Neighbors Algorithm from scratch for detecting malicious URLs.
  • Developed a web application to detect malicious websites.
• Pandora CTF Framework
  • Developed an easily customizable Capture-The-Flag platform.
  • Developed for InCTFj v5.0.

Presentations & Talks

• Ad Service Detection - A Comparative Study Using Machine Learning Techniques - 4 October 2022
• Introduction to DNS Spoofing - 22 November 2021
• Introduction to Web Exploitation - 24 October 2021
• A Case Study on the Android Architecture - 20 May 2021
• Apache Tomcat RCE by Deserialization - CVE 2020-9484 - 24 August 2020
• YAML Deserialization - 3 November 2020
• Introduction to LDAP and LDAP Injection - 30 October 2020

* Presentations listed above contain information taken from various sources. All credits belong to their respective owners.