Security Researcher

Trace Labs Global Missing Persons CTF – July 2019

Welcome to my latest blog post (It’s been a while I know, I’m sorry). Recently a group of us from TheManyHatsClub participated and won the Trace Labs Global Missing Persons CTF. Due to popular demand for us to document our experiences with the CTF here we are.

Using URI to pop shells via the Discord Client

Introduction Myself and a fellow researcher: Styx were the leads on this research and we were backed up by CyberSecStu, and 5w0rdFish from The Many Hats Club. We discovered a vulnerability within the Discord client that enabled an attacker to call local programs on a target system. We then took this flaw and used it…
Read more

Global Aviation Cyber Security Issue – AirFASE Write Up

A small group of security researchers formed of Kizzzzurt (@Infosec_Pom), CyberSecStu (@CyberSecStu) and myself discovered 32 AirFASE devices connected to the public internet via port 8080 over HTTP. The initial discovery was made by Kizzzzurt in early June. We worked in attributing the AirFASE devices to various global corporations and airports, assessing the systems for…
Read more