Projects
##
Security Advisories
- CVE-2024-40817 - Safari Web Browser
- CVE-2024-34714 - Bypass enabled origins - Hoppscotch Browser Extension
- CVE-2024-1135 - HTTP Request Smuggling in Gunicorn.
- CVE-2023-46134 - Remote Code Execution in D-tale.
- CVE-2023-30589 - HTTP Request Smuggling in Node.js.
- CVE-2022-25850 - Server-Side Request Forgery (SSRF) attack in Proxyscotch.
- CVE-2021-23404 - Cross-Site Request Forgery (CSRF) bug in SQLite Web.
- CVE-2021-3666 - Prototype pollution in body-parser-xml Node.js module.
##
Presentations & Talks
- HackerOne Meetup - Beginner’s Guide to Prototype Pollution - 2023
- Introduction to DNS Spoofing - 2021
- InCTF - Introduction to Web Exploitation - 2021
- A Case Study on the Android Architecture - 2021
- Apache Tomcat RCE by Deserialization - CVE 2020-9484 - 2020
- YAML Deserialization - 2020
- Introduction to LDAP and LDAP Injection - 2020
##
Security Hall of Fames
- For critical information disclosure (via Cross-Site Leaks) in deepnote.com
- For potential Denial-of-Service (DoS) attack in standard.com
- For Cross-Site Scripting attack (XSS) in conclusion.nl
##
Dev Projects
- Docker-On-Demand
- Developed a web application and REST API server to manage and deploy docker containers on user’s demand.
- Can be easily integrated with platforms such as CTFd for challenge deployment.
- Phishing Detection using Machine Learning
- Implemented K-Nearest Neighbors Algorithm from scratch for detecting malicious URLs.
- Developed a web application to detect malicious websites.
- Pandora CTF Framework
- Developed an easily customizable Capture-The-Flag platform.
- Developed for InCTFj v5.0.
* Presentations listed above contain information taken from various sources. All credits belong to their respective owners.