/whoami
- an Independent Security Researcher.
- No 17 from Microsoft’s Top 100 Hackers of 2018.
- acknowledged by apple for disclosing security issues.
- acknowledged by google for disclosing security issues.
- ZDI SILVER status for 2019.
Contact:
- Current email address: ak4yn@protonmail.ch.
- please use my pgp (linked below) for secure communications.
Selection of Public Writeup’s
- CVE-2019-8658 - Pwning Webkit.
- MSRC-52108: Windows SBX and privesc via Race Conditions in the windows kernel.
- CVE-2019-8685: Safari RCE & SBX bugs.
- Messing around with the google fraud detection system.
- ZDI-18-428: Pwning MsEdge.
- ROP: Pwn the Windows Kernel with return oriented programming.
- UAC Backdoors: about bypassing user account control on microsoft windows.
- kbMon: Writing A Ring O keylogger.
Selection of __public__ vulnerability research
- (CVE-2019-8669) #2 Apple Safari, use of uninitialised stack variable leads to RCE.
- (CVE-2019-8669) #1 Apple Safari, Compiler logic error leads to RCE.
- (CVE-2019-8658) Apple Safari, improper binding between the compiler and the dom engine leads to UXSS.
- (MSRC-52108) Microsoft Windows, Race Condition with Win32k leads to EOP.
- (CVE-2019-8685) #2 Apple Safari, UAF in the browser process might lead to SBX.
- (CVE-2019-8685) #1 Apple Safari, Compiler logic error leads to RCE.
- (issue 126413103) ‘google.com’, ‘googleadservices.com’ - fraud detection design issue.
- (CVE-2018-8251) Microsoft Windows, Media Foundation, UAF - RCE Vulnerability.
- (CVE-2018-8274) Microsoft Edge, UAF - RCE Vulnerability.
- (ZDI-18-577) Microsoft Edge, Type Confusion - RCE Vulnerability.
- (CVE-2018-8123) Microsoft Edge, UAF - Information Disclosure Vulnerability.
- (CVE-2018-1021) Microsoft Edge, OOB - Information Disclosure Vulnerability.
- (CVE-2018-0763) Microsoft Edge, Type Confusion - Information Disclosure Vulnerability.
- (CVE-2017-15303) CPUID CPU-Z Kernel Driver, OOB - LPE.
- (CVE-2017-15302) CPUID CPU-Z Kernel Driver, improper access permissions - LPE.
(More)