//

Publications

CVEs discovered, research publications, and security disclosures from my work in vulnerability research and security engineering.

//

CVE Discoveries

CVE-2019-5071 HIGH (7.8)

Tenda AC9 Router Command Injection Vulnerability (DNS1 Parameter)

Command injection vulnerability in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router. A specially crafted HTTP POST request can cause command injection in the DNS1 post parameter, resulting in code execution.

NVD Details Talos Advisory
CVE-2019-5072 HIGH (7.8)

Tenda AC9 Router Command Injection Vulnerability (DNS2 Parameter)

Command injection vulnerability in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Router. A specially crafted HTTP POST request can cause command injection in the DNS2 post parameter, resulting in code execution.

NVD Details Talos Advisory
//

Conference Talks

Conference talks and presentations coming soon...

//

Open Source Contributions

Onn. 4K Streaming Box Rooting

Complete rooting guide and scripts for Onn. 4K Android TV box. Bootloader unlock, Magisk root, remote button remapping, and bloatware removal.

70 stars 9 forks

Re2Pcap

Create PCAP files from raw HTTP requests/responses. Open-sourced via Cisco Talos.

60 stars 22 forks

PhishGuard

AI-powered phishing detection for Thunderbird. Privacy-preserving security tool.

2 stars 0 forks