I worked with Aviation ISAC on the AirFASE Disclosures and they were a pleasure to work with and a great help in the remediation of the issues with AirFASE
I reported a previously disclosed vulnerability regarding their devices leaking the telnet passwords along with advice on how to solve this. They took the advice onboard and thanked me for the work and advice.
I worked with Discord regarding a disclosure for an exploit myself and Styx developed using URI’s to pop reverse TCP shells. However, Discord classed this concept as a Social Engineering attack and thus was not covered in their blog post
Thanked for numerous XSS and exposure disclosures
Welcome to my latest blog post (It’s been a while I know, I’m sorry). Recently a group of us from TheManyHatsClub participated and won the Trace Labs Global Missing Persons CTF. Due to popular demand for us to document our experiences with the CTF here we are.
Introduction Myself and a fellow researcher: Styx were the leads on this research and we were backed up by CyberSecStu, and 5w0rdFish from The Many Hats Club. We discovered a[…]
A small group of security researchers formed of Kizzzzurt (@Infosec_Pom), CyberSecStu (@CyberSecStu) and myself discovered 32 AirFASE devices connected to the public internet via port 8080 over HTTP. The initial[…]
Black Badge – Global OSINT Search Party CTF
Awarded: Jun 22, 2020