Certifications

  • OSCP Offensive Security Certified Professional
  • AWS Certified Security - Specialty
  • AWS Certified Cloud Practitioner
  • GCFR GIAC Cloud Forensics Responder
  • Microsoft Certified Azure Security Engineer Associate
  • CCA-V Citrix Certified Associate - Virtualization
  • CMNO Cisco Meraki Network Operator

Public Disclosures & CVEs

I tend to stay out of the spotlight and usually disclose vulnerabilities anonymously or request to stay anonymous. Here are a couple of semi-recent findings 🙂.

Unauthenticated OS Command Injection in stamparm/maltrail

Description

Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.

CVSS 3.x Severity: Critical (10)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2021-29996

Description

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.

CVSS 3.x Severity: Critical (9.6)

Open source projects

revshells.com

CTF profiles

TryHackMe

TryHackMe

Hack The Box

Hack The Box