Vulnerability Research and Malware Analysis

This is a place for documenting what I have learned and discovered through my research. In creating this blog, I hope to share knowledge and connect with other infosec researchers. My main interests lie in vulnerability research, malware analysis, and binary exploitation.

Personal and Professional Research

Vulnerabilities Discovered

CVE-2022-2003: Exposure of Sensitive Information to Unauthorized Actor
CVE-2022-2004: Denial of Service
CVE-2021-42796: Improper Access Control

...see complete list...

The Art of Exploitation

UNC Path Injection
DLL Hijacking

Prezos, Webinars, Blogs

Contributor to Dragos' COSMICENERGY analysis and reverse engineering
Deep Dive Into PIPEDREAM's OPC UA Module, MOUSEHOLE
PLC Password Cracking Malware Blog
Dragos PIPEDREAM Malware Intelligence Briefing Webinar
Examining ICS Vulnerabilities Webinar

Others

Github
Complete Listing of Public Research

Website crafted by hand and hosted via Github pages.