About Me
I am a Penetration Tester and Security Researcher with a solid ethical hacking and network security background.
Skilled in identifying and exploiting vulnerabilities in systems, applications, and networks to help organizations improve their security posture.
Adept at using various tools and techniques to perform penetration testing, developing custom security tools, conducting malware analysis, and leading incident response (IR) operations to detect, analyze, and mitigate cyber threats effectively.
CVE
CVE-2024-29663
A Denial of Service (DoS) vulnerability was discovered in DVR samr 4.03.r11.34500142.10001.132304.0000000. By sending multiple requests to the control panel using a directory brute-forcing tool (DirBuster), the DVR system crashed for approximately two minutes and automatically restarted. While the camera feed remained active, the control panel became unresponsive and stopped functioning, effectively rendering the DVR as an analog-only system with no OS-level interaction.
CVE-2023-38859
A DLL planting vulnerability (CWE-427: Uncontrolled Search Path) was discovered in Valve Steam (version 1689034492). This flaw allows a local attacker to execute arbitrary code by placing a malicious DLL in the Steam application directory. By leveraging DLL hijacking techniques, an attacker can drop a maliciously crafted DLL (e.g., user32.dll) into C:\Program Files (x86)\Steam\, causing Steam to load and execute it with elevated privileges. This could result in remote code execution (RCE) and privilege escalation.