❯ whoami?
I’m a seasoned security research leader with over a decade of experience in various fields, including penetration testing, static code analysis, reverse engineering, software development, and more. Following Oxeye’s acquisition by GitLab, I’m currently leading the GitLab Vulnerability Research Group, which is responsible for the security research endeavors of the organization.
✨ “If I had 8 hours to chop down a tree, I would spend 6 of those hours sharpening my axe.”
Employment Background
| Company | Years | Position |
| GitLab | 2024-present | Vulnerability Research Group Manager |
| Oxeye | 2021-2024 | Head of Research |
| Akamai | 2016-2021 | Principal Security Research Lead |
| Avnet | 2014-2016 | Senior Security Researcher |
Public Appearance
| Conference | Year | Topic |
| BlueHat IL | 2023 | The Story of a Backstage RCE |
| Blackhat Arsenal USA | 2022 | Ox4Shell - Deobfuscate Log4Shell payloads with ease |
| BSides Las Vegas | 2020 | Abusing the Service Workers Web API |
| Blackhat Arsenal USA | 2019 | JSShell - An interactive XSS Managment Tool |
| Blackhat Arsenal USA | 2018 | MQTT-PWN Your IoT Swiss Army Knife |
Blog Posts
- Take Me to Prom - Exploiting an RCE in openTSDB through Prometheus
- Gophers & Bees - parsing Golang structures in memory with eBPF
- RCE through SQL Injection Vulnerability in Hashicorp’s Vault
- “BreakStage” – an Unauthenticated Remote Code Execution in Spotify’s Backstage
- Enter “Sandbreak” - Vulnerability In vm2 Sandbox Module Enables Remote Code Execution (CVE-2022-36067)
- Guess Who’s (R)BAC?
- “ParseThru” – Exploiting HTTP Parameter Smuggling in Golang
- Client Side Threats & How Could Website Owners Mitigate Them?
Projects
Ox4Shell - Deobfuscate Log4Shell payloads with ease
Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shell payloads.
JSShell - An interactive multi-user web based javascript shell
An interactive multi-user web based javascript shell. It was initially created in order to debug remote esoteric browsers during experiments and research. This tool can be easily attached to XSS (Cross Site Scripting) payload to achieve browser remote code execution (similar to the BeeF framework).
MQTT-PWN - A one-stop-shop for IoT Broker penetration-testing
MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing it all within command-line-interface with an easy-to-use and extensible shell-like environment.
Resources:
- Black Hat USA: Log4j de-obfuscator Ox4Shell ‘dramatically’ reduces analysis time
- Oxeye Mitigates Log4Shell Vulnerability with Ox4Shell – Payload Deobfuscation Tool
- Oxeye Tool Can Counter Log4j Obfuscation Attacks
- JSShell takes cross-site scripting to new highs
- 10 Top Tools for Threat Hunters from Black Hat USA 2019
- mqtt-pwn: IoT Broker penetration-testing and security assessment operations