Experienced leader, developer, consultant, and security researcher. I specialize in application and cloud security. I have helped a wide variety of organizations secure their systems over the course of approximately 12 years. Some of these include: Internet Service Providers & Electronic Medical Software vendors and Open Source projects. My main focus is to report critical vulnerabilities in software/hardware before malicious adversaries have the opportunity to exploit them.
- CVE-2019-11354 (EA Origin RCE) [Blog post, Advisory]
- CVE-2019-12828 (EA Origin RCE) [Blog post, Advisory]
- CVE-2019-14277 (Axway SecureTransport XML Injection / XXE) [Blog post, Advisory]
- CVE-2019-14744 (KDE Frameworks < 51.60 Command Execution) [Blog post, Advisory]
- CVE-2020-16116 (KDE Ark < 20.08.0 Directory Traveral Code Execution) [Blog post, Advisory]
- CVE-2020-24656 (Maltego XML External Entity Injection) [Blog post, Advisory]
- CVE-2024-38392 (Pexip Infinity Connect Arbitrary JavaScript Execution) [Advisory]
- CVE-2024-54540 (Apple Music Windows Arbitrary JavaScript Execution) [Advisory]
- CVE-2025-13780 (pgAdmin < 9.11 Meta-Command Filter Command Execution) [Advisory]
Porch Pirate is the most comprehensive recon / OSINT client and framework for Postman that facilitates the automated discovery and exploitation of API endpoints and secrets committed to workspaces, collections, requests, users and teams. Porch Pirate can be used as a client or be incorporated into your own applications.
intelx.py is a Python command-line utility and API wrapper for intelx.io, made to perform any kind of open-source intelligence.
