The following links are some of my past information security research. Not all.
Chris Anastasio and I came back to defend our title and we found multiple vulnerabilities targeting several ICS applications. Unfortunately we didn’t win, but we had heaps of fun!
I found a remote code execution vulnerability that could have been triggered during a MiTM attack which scored a partial win.
In preperation for this competition, Chris Anastasio and I found multiple vulnerabilities and developed exploits targeting several ICS applications that allowed us to win the competition!
Some past presentations that I have shared.
In this presentation I discuss the various vulnerabilities I discovered when auditing VMWare Workspace ONE Access and how they were exploited creatively.
In this presentation Yuhao, Zhiniang and I discuss the various vulnerabilities we discovered when auditing Microsoft SharePoint Server and reveal some of the hidden attack surfaces.
In this presentation I discuss a few interesting primitives in the current PHP environment. The first allows an attacker to achieve an information disclosure using TypeError and the second is how an external entity injection (XXE) vulnerability can be leveraged for deserialization of untrusted data.
I discussed how I developed a postscript fuzzer to target Adobe’s postscript engine and uncover many zeroday vulnerabilities.
I discussed how I found a use-after-free vulnerability and chained it together with an uninitialized object vulnerability to achieve reliable exploitation bypassing several operating system mitigations.
Roberto and I discussed how we found over 200+ Remote Code Execution vulnerabilities within Trend Micro Software.
Here I demonstrated a new technique/variation for exploitation against the Windows 7 heap manager that abuses the allocation offset mechanism. Additionally, I also presented a likely attack technique against the consumer preview version of the Windows 8 heap manager.
This presentation was about the introduction of a plugin for Immunity Debugger that I developed called heaper that is designed to not only detect a corrupted heap state before out-of-bounds memory access, but was also designed to detect exploitable conditions in past Windows operating systems.
Other blog posts I have written:
Some mentions of my work that are publically available.
- Inside the World’s Highest-Stakes Industrial Hacking Contest
- Critics Hit Out at Cisco After Security Researcher Finds 120+ Vulnerabilities in a Single Product
- One Mans Patch is Another Mans Treasure. A Tale of a Failed HPE Patch
- Exploiting Untrusted Objects Through Deserialization: Analyzing 1 of 100+ HPE Bug Submissions
- Busting Myths in Foxit Reader
- Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months