About

About Me

As a dedicated cybersecurity and artificial intelligence researcher, my passion lies at the intersection of cutting-edge technology and security. With a robust background in Computer Science and a fervent dedication to continuous learning, I have carved a niche in researching and securing complex systems within IoT, SCADA, and AI domains.

My journey in cybersecurity is punctuated by countless Capture The Flag (CTF) competitions, where I’ve honed my skills in ethical hacking, vulnerability analysis, and cybersecurity strategies. These competitions have not only sharpened my technical acumen but also instilled a profound appreciation for teamwork, resilience, and the endless quest for knowledge.

In the realm of Artificial Intelligence, I am particularly fascinated by the security implications of AI systems. My research focuses on the dual aspects of utilizing AI to enhance security measures and, conversely, identifying and mitigating vulnerabilities inherent in AI systems themselves. This unique vantage point allows me to contribute to the development of AI applications that are not only intelligent and efficient but also robust and secure.

Beyond the thrill of discovery in IoT and SCADA systems security research, I am deeply committed to the ethical dimensions of cybersecurity. I believe in responsible disclosure, the importance of safeguarding privacy, and the imperative to use our skills for the greater good. My work is driven by the conviction that in our increasingly interconnected world, security is not just a technical challenge but a fundamental prerequisite for progress and trust.

Publications

• Towards Firmware Analysis of Industrial Internet of Things (IIoT)
• Standardized and Repeatable Technology Evaluation for CyberSecurity Acquisition 
• Springer book chapter on “An Approach to Organizational Cybersecurity” 
• IoDDoS- The Internet of Distributed Denial of Service Attacks: A Case Study on the Mirai Malware and IoT-Based Botnets 
• TMT: Technology Matching Tool for SCADA Network Security

Certifications

• Offensive Security Certified Professional | OSCP

• GIAC Penetration Tester | GPEN

• Red Team Apprentice Certified | RTAC

• Certified Ethical Hacker | CEH

• Certified Information Systems Security Professional | CISSP

Classes

• Cyber Intrusion Fundamentals
• SCADA Intrusion Fundamentals
• Zero-Day Fundamentals

Trophies

Trophy list of zero-day vulnerabilities that I discovered!

CVEs

• Libforth v4.0 Out of bounds read in static void check_is_asciiz(jmp_buf *on_error, char *s, forth_cell_t end) libforth/libforth.c, line 1436 (CVE-2024-30898)
• Libforth v4.0 Out of bounds read in static void print_stack(forth_t *o, FILE *out, forth_cell_t *S, forth_cell_t f) at libforth.c, line 1481 (CVE-2024-30899)
• Libforth v4.0 Stack-based buffer overflow in static int print_cell(forth_t *o, FILE *out, forth_cell_t u) at libforth.c, line 1367 (CVE-2024-30900)
• Libforth v4.0 Out of bounds read in static int match(forth_cell_t *m, forth_cell_t pwd, const char *s) at libforth.c, line 1306 (CVE-2024-30901)
• Libforth v4.0 Out of bounds write in static forth_cell_t compile(forth_t *o, forth_cell_t code, const char *str, forth_cell_t compiling, forth_cell_t hide) at libforth.c, line 1241 (CVE-2024-30902)
• Libforth v4.0 Out of bounds read in int forth_run(forth_t *o) at libforth/libforth.c (CVE-2024-30903)
• Libforth v4.0 Out of bounds read in static int forth_get_char(forth_t *o) at libforth.c (CVE-2024-30907)
• Lambda Calculus Interpreter Stack Buffer Overflow in int execSystemCmd(TERM *t) at run.c, line 224 (CVE-2024-27543)
• Lambda Calculus Interpreter Invalid Pointer Dereference in void termRemoveOper(TERM *t) at termproc.c, line 632 (CVE-2024-27542)
• Lambda Calculus Interpreter Invalid Pointer Dereference in static TERM fix_precedence(TERM op) at parser.c, line 95 (CVE-2024-27540)
• Lambda Calculus Interpreter Invalid Pointer Dereference in TERM* create_bracket(TERM *t) at parser.c, line 162 (CVE-2024-27541)
• Cherry HTTP Server Out-of-bounds read in static const char *get_file_type(const char *extension) at http.c (CVE-2024-24341)
• Lotos HTTP Server Use-after-free in static inline char *buffer_end(const buffer_t *pb) at buffer.h (CVE-2024-24343)
• Pico HTTP Server Null Pointer Dereference void respond(int slot) at httpd.c (CVE-2024-24340)
• Pico HTTP Server Off-by-one buffer overflow in void respond(int slot) at httpd.c (CVE-2024-24342)
• Cherry HTTP server remote stack buffer overflow vulnerability in handle_request() at http.c (CVE-2024-22086)
• Pico HTTP server remote stack buffer overflow in void route() at main.c (CVE-2024-22087)
• Lotos HTTP server use-after-free in static inline size_t buffer_avail(const buffer_t *pb) at buffer.h (CVE-2024-22088)
• ehttp commit 716ff7a Use-after-free in read_func(void*) at epoll_socket.cpp (CVE-2023-52266)
• ehttp commit 716ff7a Out-of-bounds-read in void _log at simple_log.cpp (CVE-2023-52267)
• MicroHTTPServer off-by-one global buffer overflow in _ParseHeader at lib/server.c (CVE-2023-51771)
• MicroHttpServer Remote Buffer Overflow in uint8_t _ReadStaticFiles(HTTPReqMessage *req, HTTPResMessage *res) at lib/middleware.c (CVE-2023-50965)
• Liblisp Out of Bounds Read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c (CVE-2023-48025)
• Liblisp Use-after-free in void hash_destroy(hash_table_t *h) at hash.c (CVE-2023-48024)
• Libboron 2.0.8 Heap buffer overflow in ur_parseBlockI at i_parse_blk.c (CVE-2023-40294)
• Libboron 2.0.8 Heap buffer overflow in ur_strInitUtf8 at string.c (CVE-2023-40295)
• async-sockets-cpp v0.3.1 off-by-one stack buffer overflow in udpsocket.hpp (CVE-2023-40296)
• async-sockets-cpp v0.3.1 stack buffer overflow in tcpsocket.hpp (CVE-2023-38632)
• xHTTP Double Free in close_connection at xhttp.c (CVE-2023-38434)
• Global Buffer Overflow in N-Prolog Version 1.91 (CVE-2022-43343)
• html2xhtml v1.3 Out-Of-Bounds read (CVE-2022-44311)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceInteger function in expression.c (CVE-2022-44312)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceUnsignedInteger function in expression.c (CVE-2022-44313)
• PicoC v3.2.2 Heap Overflow in the StringStrncpy function in cstdlib/string.c (CVE-2022-44314)
• PicoC v3.2.2 Heap Overflow in the ExpressionAssign function in expression.c (CVE-2022-44315)
• PicoC v3.2.2 Heap Overflow in the LexGetStringConstant function in lex.c (CVE-2022-44316)
• PicoC v3.2.2 Heap Overflow in the StdioOutPutc function in cstdlib/stdio.c (CVE-2022-44317)
• PicoC v3.2.2 Heap Overflow in the StringStrcat function in cstdlib/string.c (CVE-2022-44318)
• PicoC v3.2.2 Heap Overflow in the StdioBasePrintf function in cstdlib/string.c (CVE-2022-44319)
• PicoC v3.2.2 Heap Overflow in the ExpressionCoerceFP function in expression.c (CVE-2022-44320)
• PicoC v3.2.2 Heap Overflow in the LexSkipComment function in lex.c (CVE-2022-44321)
• md2roff Version 1.9 Buffer Overflow (CVE-2022-41220)
• png2webp Version 1.0.4 Out of Bounds Write (CVE-2022-36752)
• SimpleNetwork TCP Server Double Free (CVE-2022-36234)
• md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)
• PicoC Version v3.2.2 Null Pointer Dereference (CVE-2022-34556)
• Rockwell Automation MicroLogix 1400 and CompactLogix 5370 Controllers Open Redirect (ICSA-19-113-01)

Discovered Vulnerabilities

• SimpleNetwork TCP Server Global Buffer Overflow
• N-Prolog v1.94 Out-of-bounds read in add_data() at data.c
• N-Prolog v1.94 Out-of-bounds read in prove_all() at main.c
• N-Prolog v1.94 Stack exhaustion in deref() at data.c
• N-Prolog v1.94 Null pointer dereference in prove() at main.c
• N-Prolog v1.94 Null pointer dereference in b_consult() at builtin.c
• N-Prolog v1.94 Out-of-bounds read in o_define() at builtin.c
• Shibatch Sample Rate Converter (SSRC) Divide By Zero
• LCI v0.10.5 Null Pointer Dereference
• LCI v0.10.5 Out of Bounds Read
• Mechanical Keyboard Finder Version 4.31 Cross Site Scripting
• Crash in N-Prolog Version 1.90