Advisories

CVE Product Description
CVE-2014-4687 pfSense Multiple persistent and reflected XSS vulnerabilities including in Referer HTTP Header.
CVE-2014-4688 pfSense Command Injection in diag_dns.php, diag_smart.php and status_rrd_graph_img.php.
CVE-2014-4689 pfSense LFI vulnerability in pkg_edit.php allows including XML files.
CVE-2014-4690 pfSense LFI vulnerability via directory traversal in pkg_mgr_install.php and system_firmware_restorefullbackup.php.
CVE-2014-4691 pfSense The session ID is not properly reset when initializing a new login session.
CVE-2014-4692 pfSense The session cookie set at login does not have the HttpOnly flag set when the firewall’s GUI is configured to use HTTP.
CVE-2014-4693 pfSense XSS vulnerability in snort_import_aliases.php and in snort_select_alias.php.
CVE-2014-4694 pfSense XSS vulnerability in suricata_select_alias.php.
CVE-2014-4695 pfSense Error and URL Redirection to Untrusted Site in snort_rules_flowbits.php and snort_select_alias.php.
CVE-2014-4696 pfSense Error and URL Redirection to Untrusted Site in suricata_rules_flowbits.php and suricata_select_alias.php.

Whitepapers

Whitepaper Description
Analysis of Disco Savings Adware Analysis of a Disco Savings Adware, which installed a browser extension on victim's computer to be able to modify the content of every web site in order to inject arbitrary malicious HTML content into the visited web sites.

Projects

Project Description
FuzzyFTP The input files that can be used with Peach/Sulley generic fuzzers to fuzz FTP protocol. The basic as well as extended FTP commands are supported.

Open source contributions

Project Description
Keychain Manages SSH and GPG keys in secure manner and acts as a frontend to ssh-agent as well as gpg-agent. It reduces the number of times we need to enter a password when connecting to SSH/GPG enabled endpoint.
ZAProxy Contributed to open source ZAP proxy that can be used for finding vulnerabilities in web applications.
Vim dotfiles The Vim text editor dotfiles that we use at Proteansec.
Awesome dotfiles AwesomeWM configuration files used to configure your Awesome window manager.
Tmux dotfiles TMux configuration files used for configuring terminal multiplexer.
VisualStudio projects Various Windows related projects, mostly programmed in Visual Studio that were written for the purpose of presenting various topics in different articles. Projects present mostly reverse engineering concepts as well as hooking IDT, MSR and SSDT.