I break it so attackers don’t.

I’m a hacker/red teamer/reverse engineer with a passion for finding impactful vulnerabilities in highly used products and libraries. With experience in multiple programming languages and expertise in penetration testing and exploit development, I’ve identified and exploited numerous critical vulnerabilities.

An Analysis of CVE-2023-36563, a WordPad Information Disclosure Vulnerability

In this blog post, I’ll discuss my analysis of CVE-2023-36563, a Microsoft WordPad Information Disclosure Vulnerability, from initial patch diff to working exploit. Then, I’ll discuss detection and mitigation strategies for preventing exploitation of this vulnerability. CVE-2023-36563 Overview Summary CVE-2023-36563’s flaw lies within legacy functionality to convert an OLE 1 storage object (OLESTREAM) to the new IStorage format. By crafting a file with a malicious OLE 1 LinkedObject, an attacker could coerce authentication to an untrusted server to steal NTLM hashes....

October 23, 2023 · 9 min

ProtoBurp: Encode and Fuzz Custom Protobuf Messages in Burp Suite

Background Protocol Buffers (Protobufs) are a language agnostic data serialization format that allow data to be safely and efficiently trasmitted or stored. Protobuf usage has exploded within the past several years. When testing web applications, mobile applications, and embedded devices alike, it’s increasingly likely you’ll encounter Protobuf data within requests like this: A normal binary Protobuf request You might have logically tried to fuzz these inputs as you would any other parameter, only to realize that things weren’t as simple as they appeared:...

August 2, 2023 · 5 min

Java Static Vulnerability Analysis to Increase Your Bounty

If you want to get serious about finding impactful vulnerabilities through static analysis, it’s time to move beyond simply grep-ing through code bases. In this blog post, I’ll share my personal process for setting up a robust environment for Java static analysis of console applications, web applications, and Android applications. Once you’ve established this test environment, you’ll be able to take advantage of automatic code references, trace usages across a code base, and leverage source-to-sink analysis to find elusive vulnerabilities....

March 3, 2023 · 9 min