Exploring the World of Cybersecurity: A Collection of My Blog Posts, Researches, and Open-Source Tools

Introduction

Welcome to my little corner of the cyber world. Over the years, I’ve been fortunate enough to delve into the fascinating realm of cybersecurity, and I’ve had the pleasure of sharing my insights, research findings, and even some open-source contributions with the community. In this post, I’ve compiled a list of my blog posts, research articles, and open-source tools, all conveniently linked for your perusal. So, grab a cup of coffee and let’s embark on this cybersecurity journey together!

Personal Work

In this section, you will find a compilation of publications showcasing the work I have undertaken by myself.

Research Articles

The Evolution of Exploiting Memory Vulnerabilities in Linux

Part 1 — Introduction and Basic Concepts
Part 2 — Compiler Level Security Mechanisms
Part 3 — Kernel Level Security Mechanisms
Part 4 — The Evolution of Attack Techniques
Part 5 — HardeningMeter Documentation
Part 6 — My Talk “The Evolution Of Exploiting Memory Vulnerabilities in Linux”

Open-Source Tools

HardeningMeter — ‘HardeningMeter’ is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems.

CVE-2021–41773_CVE-2021–42013_Exploits — Build and exploit environment vulnerable to CVE-2021–41773 and CVE-2021–42013.

MATCHO-PIDS — MATCHO-PIDS is an automation tool that matches between containers and host PIDs.

Blog Posts

ChatGPT Advises on Using Insecure URLs

Dissecting and Exploiting CVE-2021–41773 and CVE-2021–42013

Match Containers PIDs With Host PIDs

Advanced Shodan Use for Tracking Down Vulnerable Components

Rezilion-Related Work

In this section, you will find a compilation of publications showcasing the work I have undertaken at Rezilion, a startup company I have been working for since 2021.

Open-Source Tools

MI-X — ‘Am I Exploitable?’ is a python open source project that comes to meet the need of validating if your system is exploitable to specific vulnerabilities.

Research Articles

2022’s Most Exploited Vulnerabilities: Insights and Future Preparedness — Report, Blog Post

Do You Know KEV? You Should (Because Hackers Do)! — Download Report

The Conflict Between Operational Risk and Security Risk — Download White Paper, Blog Post

Rezilion Research Rounds Up 2022 Vulnerabilities —Download Report, Blog Post

Vulnerability Recap 2022 Q1 — Download Report

Blog Posts

Curl (CVE-2023–38545)

libvpx (CVE-2023–5217)

libwebp (CVE-2023–4863)

Forged Azure Access Tokens Exploited by Storm-0558: A Cloud Vulnerability Transparency Gap

MOVEit (CVE-2023–34362)

StackRot (CVE-2023–3269)

Fortinet (CVE-2023–27997)

PaperCut (CVE-2023–27350)

Apache SuperSet (CVE-2023–27524)

ChatGPT (CVE-2023–28858)

JsonWebToken (CVE-2022–23529)

SPNEGO NEGOEX (CVE-2022–37958)

SpookySSL (CVE-2022–3602 and CVE-2022–3786)

Text4Shell (CVE-2022–42889)

ProxyShell and ProxyNotShell (CVE-2021–34473, CVE-2021–34523, CVE-2021–31207, CVE-2022–41040 and CVE-2022–41082)

Dirty Cred (CVE-2021–4154 and CVE-2022–2588)

NIMBUSPWN (CVE-2022–29799 and CVE-2022–29800)

Spring4Shell (CVE-2022–22965)

Dirty Pipe (CVE-2022–0847)

Microsoft Patch Tuesday — January, February, March, April, May, June, July, September

Conclusion

I hope you find this curated collection of my cybersecurity blog posts, research articles, and open-source tools valuable and insightful. As I continue to explore the ever-evolving landscape of cybersecurity, I’ll keep updating this post with new additions. If you have any questions, suggestions, or simply want to discuss anything related to cybersecurity, feel free to leave a comment or reach out to me on social media. Happy reading and stay secure!