Products researched this year
Nagios XI
5.11.1Nagios XI is a popular, market leading RMM tool which has become something of a household name amongst Systems Adminstrators over the last couple of decades. Their security posture is excellent at this point, their communication was professional and warm and their proactive approach to bugfixing is genuinely inspiring. I had an excellent time finding and reporting vulnerabilities in this product alongside my talented friend and colleague Colin Brum.
VulnsFaronics Insight
v11.21.2100.262Faronics Insight is a feature rich software platform which is deployed on premises in schools. The application enables teachers to administer, control and interact with student devices. The application contains numerous features, including allowing teachers to transfer files to/from students and remotely viewing the contents of student screens.
I had an amazing time researching this product, and it was an excellent experience working with the Faronics team to coordinate disclosure.
Responsible disclosure in progress
version: privateComing soon - the projected public disclosure date is 10/31/2023 (🎃)
Products researched in 2022
KubeVirt
v0.56Through code review of the KubeVirt source code, I identified a potential path traversal flaw. Researchers at Google were able to weaponise my finding into a full high severity path traversal vulnerability, then led the charge with responsibly disclosing my finding to the KubeVirt team.
VulnsProducts researched in 2021