Jul 6, 2020
F5 BIG-IP Remote Code Execution Exploit – CVE-2020-5902
Tracing the authentication bypass and HyperSQL abuse that enabled unauthenticated RCE on vulnerable F5 BIG-IP TMUI deployments.
I’m currently on a break from industry while pursuing a master's degree at UT Austin, where my thesis focuses on reinforcement learning. Previously, I co-founded Vector0, which was acquired by Stratascale (an SHI company). I’ve spent more than a decade in information security, primarily offensive work, where I discovered multiple CVEs and authored the open-source C2 framework DeimosC2.
These days I spend my time studying machine learning and working on research.
Writings
Blogs, technical notes, and walkthroughs from past projects.
Apr 6, 2020
Hard-Coded Administrator Password Discovered in OpsRamp Gateway
CVE-2020-11543 detailing how a shared OpsRamp Gateway credential granted unauthenticated root SSH access across deployments.
Mar 23, 2020
Authentication Bypass Vulnerability Discovered in Infinias eIDC32 WebServer
Bypassing the Infinias eIDC32 controller login by forging the client-side key exchange and taking over the administrative interface.
Jul 16, 2019
ManageEngine Privilege Escalation
Leveraging lax ACLs and DLL hijacking in multiple ManageEngine products to escalate from user access to SYSTEM.
Jul 2, 2019
Breaking & Entering with Zipato SmartHubs
Reverse engineering Zipato's authentication to reuse password hashes, extract hard-coded SSH keys, and remotely unlock doors.
Mar 26, 2019
ManageEngine User Enumeration
Enumerating valid ADSelfService Plus usernames through divergent error messages and documenting the vendor response.
Jan 22, 2019
Abusing mshta.exe to Gain PowerShell Access
Using signed Microsoft tooling and HTA payloads to run PowerShell in memory, persist, and evade traditional defenses.
Dec 27, 2018
Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
Full disclosure of Guardzilla's shared S3 credentials, testing evidence, and remediation guidance for the affected cameras.
Dec 27, 2018
Finding Credentials – CVE-2018-5560
Uncovering hard-coded AWS keys inside the Guardzilla security system firmware and coordinating disclosure.
May 26, 2018
MalwareTech Shellcode Challenge 2
Static analysis of a shellcode-heavy binary leveraging dynamic imports, file IO, and XOR decoding.
May 25, 2018
MalwareTech Shellcode Challenge 1
Reverse engineering a compact Windows binary to recover an obfuscated flag using IDA Pro and Python.
May 8, 2018
JavaScript Coinhive in Excel
Exploring the attack surface created by Excel's custom JavaScript functions and building a proof-of-concept miner.
