Vulnerability Research
Advisories
- CVE-2023-46134 - Remote Code Execution in D-tale.
- CVE-2023-30589 - HTTP Request Smuggling in Node.js.
- CVE-2022-25850 - Server-Side Request Forgery (SSRF) attack in Proxyscotch. (Reference)
- CVE-2021-23404 - Cross-Site Request Forgery (CSRF) bug in SQLite Web dashboard. (Reference)
- CVE-2021-3666 - Prototype pollution in body-parser-xml Node.js module. (Reference)
Security Hall of Fames
- For critical information disclosure (via Cross-Site Leaks) in deepnote.com
- For potential Denial-of-Service (DoS) attack in standard.com
- For Cross-Site Scripting attack (XSS) in conclusion.nl
Dev Projects
- Docker-On-Demand
- Developed a web application and REST API server to manage and deploy docker containers on user’s demand.
- Can be easily integrated with platforms such as CTFd for challenge deployment.
- Phishing Detection using Machine Learning
- Implemented K-Nearest Neighbors Algorithm from scratch for detecting malicious URLs.
- Developed a web application to detect malicious websites.
- Pandora CTF Framework
- Developed an easily customizable Capture-The-Flag platform.
- Developed for InCTFj v5.0.
Presentations & Talks
- Ad Service Detection - A Comparative Study Using Machine Learning Techniques - 4 October 2022
- Introduction to DNS Spoofing - 22 November 2021
- Introduction to Web Exploitation - 24 October 2021
- A Case Study on the Android Architecture - 20 May 2021
- Apache Tomcat RCE by Deserialization - CVE 2020-9484 - 24 August 2020
- YAML Deserialization - 3 November 2020
- Introduction to LDAP and LDAP Injection - 30 October 2020
* Presentations listed above contain information taken from various sources. All credits belong to their respective owners.