Portfolio of Marshall Whittaker / oxagast

I am a security researcher interested in many types of vulnerabilities. I disclose bugs both publicly and privately.
Contact me


Projects I've worked on:

ansvif A Not So Very Intelligent Fuzzer.
MAPDAV More Accurate Pasword Dictionary Attack Vector.
Metasploit Framework Metasploit automation.
SQLMap Helper SQLMap helper module in javascript for Firefox.

CVEs I've discovered or written exploits for:

CVE-2006-3392 Webmin <=1.29 remote root dir transversal to session hijack pivot.
CVE-2010-2626 Perl pipe upload past restrictive firewall with encoded data.
CVE-2016-10401 Zyxel pk5001z DSL modem remote root.
CVE-2018-17336 UDisks 2.8.0 Memory courruption as root via malformed filesystem label.
CVE-2019-12881 Linux kernel 4.15 i915 DRM panic via crafted ioctl calls.
CVE-2019-15947 Carve wallet.dat data out of a memory .core dump of bitcoin-qt.

Other exploits and unfinished stuff archive: sploits