Work and Research
CVEs
- CVE-2022-3017: CSRF on deleting an API key in froxlor/froxlor
- CVE-2021-24347: SP Project & Document Manager WordPress plugin < 4.22 Authenticated Shell Upload
- CVE-2021-26710: Redwood Report2Web 4.3.4.5 and 4.5.3 Cross-Site Scripting
- CVE-2021-26711: Redwood Report2Web 4.3.4.5 Frame Injection
- CVE-2021-24288: AcyMailing < 7.5.0 Open Redirect
Talks:
- Defending AppSec: From Mass Scanning Low Hanging Fruit to Digging for Critical Bugs [BSides Athens 2023]