Research

I never said I did “good” research.

Presos

The Deputies are still Confused Blackhat EU (2013)
Advanced NTLM Relaying Blackhat Arsenal (2012)
New Ways I’m Going to Hack your Web App Bluehat, Blackhat AD, CCC (2011)
Programmatic Web Hacking Toorcon (2010)
SSPA: Simplified Single Packet Authentication SAM (2009)
Concerns with Time-Space Based Wireless Security ICWN (2009)
Misc. Tech Tips Linux Journal (2008-2009)
High Performance Computing and I/O Architectures for Database PDPTA (2006)

Advisories and Projects

CVE-2012-5357,CVE-1012-5358 Unauthenticated RCE Ektron 8.02SP2
BeEf Clickjacking Module
Uncredited Cool Google Clickjacking Edge Cases
Metasploit http_ntlmrelay Module
2012 Google Wall Google Docs Billion Laughs
Uncredited MyFTP WordPress plugin CSRF to RCE
CVE-2012-1036,CVE-2012-1030 DotNetNuke 6.00.02 RCE/SQL injection via XSS
CVE-2011-3122 WordPress 3.1.2 Cross Domain Script Execution
2011 Facebook Wall Facebook Clickjacking Leading to Account Compromise
2010 IOActive Advisory SQL Injection in wa.gov

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.