https://sn1persecurity.com
A collection of exploits developed by @xer0dayz @Sn1perSecurity- Vulnserver.exe GMON SEH Overflow Exploit
- FreeFloat FTP Server HOST Buffer Overflow (ASLR Bypass)
- CoolPlayer+ Portable 2.19.6 Stack Overflow (ASLR Bypass)
- HTTPoxy Exploit/PoC Scanner
- Ability FTP 2.34 Buffer Overflow Exploit
- Aruba AP-205 Buffer Overflow Denial of Service PoC
- Brainpan1 CTF Buffer Overflow Exploit
- CesarFTP 0.99g Buffer Overflow Exploit
- Apache 2.2.x Range Header Denial of Service Exploit
- GHOST Glibc Gethostbyname Buffer Overflow Exploit
- PHP Serialization Injection Remote Code Execution Exploit
- CrikeyConCTF Koala Gallery Exploit
- Webmin 1.920 Unauthenticated RCE Metasploit Exploit
Bug Bounty Profiles
Public Exploits
- https://packetstormsecurity.com/files/author/1N3/
- https://www.exploit-db.com/?author=7787
- https://vulners.com/search?query=1N3
Blogs
- https://sn1persecurity.com/wordpress/blog/
- https://crowdshield.com/blog.php
- https://treadstonesecurity.blogspot.ca
Social Media
- https://twitter.com/xer0dayz
- https://twitter.com/sn1persecurity
- https://twitter.com/crowdshield
- https://youtube.com/crowdshield
- https://youtube.com/sn1persecurity
Websites
Public Exploits/PoC's/CVE's/Bug Bounties/CTF's
2018:
- Featured in Hackin9 Magazine - Open Source Hacking Tools edition (https://hakin9.org/download/open-source-hacking-tools/) 8/2018
- Jetty 6.1.6 Cross-Site Scripting (XSS) (https://seclists.org/fulldisclosure/2018/Aug/15) (Full Disclosure) 8/2018
- Listed on the DoD Defense Travel System HoF 6/2018
- Pre-qualified for the BugCrowd 2018 MVP research list (https://www.bugcrowd.com/bugcrowd-mvps-april-edition/) 4/2018
- CVE-2018-8917 Synology-SA-18:14 - Reflected XSS in DSM 6.1.5-15254 (https://www.synology.com/en-us/security/advisory/Synology_SA_18_14) 3/2018
- CVE-2018-6545 Ipswitch MoveIt v8.1 Stored Cross-Site Scripting (XSS) (https://www.exploit-db.com/exploits/43947) 2/2018
- Multiple Cross-Site Scripting (XSS) vulnerabilities in Illustra IP Cameras ($600 bounty) 2/2018
- Directory Traversal vulnerability in Illustra IP Cameras ($800 bounty) 2/2018
- Remote Command Execution vulnerability in Illustra IP Cameras ($900 bounty) 2/2018
- Listed on the BugCrowd 2017 MVP researcher list (https://www.bugcrowd.com/today-we-recognize-our-2017-mvp-researchers/) 1/2018
2017:
- Recieved Offensive Security Certified Expert (OSCE) cerfication 12/2017
- Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WEMO HomeKit Bridge ($3,000 bounty) 9/2017
- Stored Cross-Site Scripting (XSS) vulnerability in WEMO HomeKit Bridge ($500 bounty) 9/2017
- Systemic Stored XSS vulnerability in WEMO HomeKit Android Application ($1,500 bounty) 9/2017
- Systemic Local File Inclusion in DEMO HomeKit Android Application ($3,000 bounty) 9/2017
- Placed 7th in ToorConCTF CTF 8/2017
- Stored XSS in ModSecurity App for Splunk (Full Disclosure) 8/2017
- Directory Traversal in PSPDFKit/Atlassian Jira Cloud Android application Bug Bounty 7/2017
- Recieved Android Security For Penetration Testers (ASFP) certification from SecurityTube 5/2017
- Gave talk at ISSA/OWASP Phoenix to 90+ attendees titled "Man In The Browser Advanced Client Side Exploitation" (https://www.slideshare.net/1N3/man-in-the-browser-advanced-client-side-exploitation-using-beef) 4/2017
- PSV-2017-0227: Cross-Site Tracing Vulnerability in NETGEAR Arlo CVE 2/2017
- Directory traversal + multiple CSRF + multiple stored and reflected XSS in NETGEAR M4300-8X8F switches ($3,000+ bounty) 3/2017
- Recieved Department of Defense HackerOne Challenge coin for the Hack The Army Bug Bounty Program 2/2017
- Listed on the BugCrowd 2016 MVP list 1/2017
2016:
- Placed 3rd on BugCrowd's Operation Code CTF 9/2016
- 1st place @DEFCON CMD+CTRL CTF 8/2016
- HTTPoxy Exploit Scanner Exploit/PoC 7/2016
- CVE-2016-1034 Zabbix SQL Injection 0day (www.cvedetails.com/cve/CVE-2016-10134/) 7/2016
- CVE-2016-4401 Unauthenticated Database Credential Leak in Aruba ClearPass ($1,500 bounty) (https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2016-010.txt) 6/2016
- Tied for 2nd place in BugCrowd Operation Code CTF 6/2016
- Made the top 10 researcher list on BugCrowd 6/2016
- Placed 2nd at CactusCon 2016 RootTheBox CTF 5/2016
- Ranked 19th on BugCrowd's Worldwide Leaderboard Bug Bounty 5/2016
- Charts 4 PHP 1.2.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135666/Charts-4-PHP-1.2.3-Cross-Site-Scripting.html) 2/2016
- Open Web Analytics 1.5.7 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/135948/Open-Web-Analytics-1.5.7-Cross-Site-Scripting.html) 2/2016
- WordPress All In One SEO Pack 2.2.2 Cross Site Scripting (Full Disclosure) 2/2016
- PSV-2016-0127: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053136/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0127) 1/2016
- PSV-2016-0124: Cleartext Submission of Password In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000055105/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Extenders-PSV-2016-0124) 1/2016
- PSV-2016-0116: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0136: Unrestricted Arbitrary File Upload In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000049063/Security-Advisory-for-Security-Misconfiguration-Vulnerability-on-R7800-Routers-PSV-2017-0136) 1/2016
- PSV-2016-0114: Directory Traversal In NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053135/Security-Advisory-for-Arbitrary-File-Read-on-Some-Routers-and-Gateways-PSV-2016-0114) 1/2016
- PSV-2016-0113: Denial of Service (DoS) in NETGEAR R7800 Routers 0day 1/2016
- PSV-2016-0131: Server Side Request Forgery in NETGEAR R7800 Routers 0day (https://kb.netgear.com/000053137/Security-Advisory-for-Security-Misconfiguration-on-Some-Routers-and-Gateways-PSV-2016-0131) 1/2016
2015:
- Made the top 10 researcher list on BugCrowd 11/2015
- Wordpress XMLRPC System Multicall Brute Force Exploit (0day) Exploit/PoC 10/2015
- Aruba AP-205 Remote Command Injection Vulnerability ($750 bounty) (https://www.youtube.com/watch?v=TZqDkN1NQf4) 10/2015
- Apache Range Header Denial of Service Exploit (CVE-2011-3192) Exploit/PoC 8/2015
- Listed on AT&T's Bug Bounty Hall of Fame Bug Bounty (https://bugbounty.att.com/hof.php) 8/2015
- Won the InfoSec Institute Practical Web CTF #2 Challenge (https://resources.infosecinstitute.com/ctf-2-practical-web-hacking-winners/#gref) 8/2015
- HP Photosmart 7520 Printers Stored Cross Site Scripting (0day) Exploit/CVE 7/2015
- Supermicro IPMI/BMC Cleartext Password Scanner Exploit/PoC 3/2015
- WebFOCUS 533 Server XSS & Directory Traversal Vulnerabilities (0day) Exploit/CVE 2/2015
- Imgur Server Side Request Forgery (SSRF) ($1600 bounty) (https://hackerone.com/reports/91816) 1/2015
- CVE-2015-0235 GHOST glibc gethostbyname buffer overflow Exploit (https://www.exploit-db.com/exploits/35951) 1/2015
- Hak5 Wifi PinnappleV Remote Code Execution Exploit/CVE 1/2015
- Hak5 Wifi PinnappleV SSLSplit Cross Site Scripting Exploit/CVE 1/2015
2014:
- Lyris ListManagerWeb 8.95a Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127672/Lyris-ListManagerWeb-8.95a-Cross-Site-Scripting.html) 7/2014
- MyConnection Server (MCS) 9.7i Cross Site Scripting (Full Disclosure) (https://0day.today/exploit/description/22526) 7/2014
- AlogoSec FireFlow 6.3 Cross Site Scripting (Full Disclosure) (https://packetstormsecurity.com/files/127001/AlogoSec-FireFlow-6.3-Cross-Site-Scripting.html) 7/2014
- Recieved Offensive Security Certified Professional (OSCP) certification 2/2014