SecPub
Published security vulnerabilities, research, write-ups, and associated information which I have worked on. Vulnerabilities have been broken down per vendor - where applicable.
External
Research
- Messing with SWD - Part I
- Pivoting from blind SSRF to RCE with HashiCorp Consul
- Remote Code Execution (RCE) on Microsoft's 'signout.live.com'
CTF
- BKP CTF - Wackusensor Write-Up
- BKP CTF - Good Morning (Wonderland)
- BKP CTF - Bug Bounty (Suffolk Downs)
- 9447 CTF - Super Turbo Atomic GIF Converter
Vulnerabilities
- Jenkins Swarm Plugin - XXE (XML External Entities) via UDP broadcast
- Jenkins GitLab Plugin - Information disclosure vulnerability
- Jenkins Artifactory Plugin - Information disclosure vulnerabilities
- Jenkins Ansible Tower Plugin - Information disclosure vulnerability
- NetGear WNDR Authentication Bypass / Information Disclosure
- D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities
- D-Link DSP-W110 - multiple vulnerabilities
- Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues.