I'm a graduate student at Georgetown University in the Security Studies Program at the Walsh School of Foreign Service. My academic interests are on the intersection of emerging technology and national security, with a specific focus on state-sponsored cyber network operations and cyber operations policy. In my free time, I develop my vulnerability discovery and exploit development skills through freelance security research and bug bounty programs. Since 2018, I've engaged dozens of software vendors in responsible disclosures for vulnerabilities in open-source projects, web applications, IoT and embedded devices, culminating in being credited with discovery of several vulnerabilities.
Featured Security Research
| Date | CVE | Title |
|---|---|---|
| 09/2021 | CVE-2021-38701 | Avigilon - Multiple Devices Authenticated Stored XSS |
| 08/2021 | CVE-2021-3441 | HP Officejet - 'AirPrint' Unauthenticated Stored XSS |
| 06/2021 | CVE-2021-35956 | AKCP sensorProbe - 'Multiple' Authenticated XSS |
| 05/2021 | N/A | PHP Timeclock 1.04 - Time & Boolean Based Blind SQL Injection |
Exploit-DB Proof of Concept Exploits
- CVE-2021-3441 HP OfficeJet 4630/7110 MYM1FN2025AR/2117A - Stored Cross-Site Scripting (XSS)
- CVE-2021-3595 AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)
- PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)
- TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection
- PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
- TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection
Other Security Research
- MonkeyType.com - `Self` Cross Site Scripting (XSS) via Word History
- BlockFi - Undisclosed Vulnerability
- Hinge - Modification of Assumed-Immutable Data
- TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection
- Authentication Bypass by Spoofing in Miodec/monkeytype
- MonkeyType.com - Stored Cross-Site Scripting (XSS) via Tribe Chat