Portfolio of Marshall Whittaker / oxagast

I am a security researcher interested in many types of vulnerabilities. I disclose bugs both publicly and privately.
Contact me

Donate! I write a lot of open source software and exploits in my free time.
If you find them useful I accept donations on my work PayPal as well as Bitcoin are welcome.

Resume: I'm for hire! Looking for full or part time infosec related, possibly move into exploit dev afterwards.
Contact me for a security audit.


My infosec and development blog

Projects I've worked on:

ansvif A Not So Very Intelligent Fuzzer.
SPaste A secure SSL encrypted terminal pasting utility.
MAPDAV More Accurate Pasword Dictionary Attack Vector.
Metasploit Framework Metasploit automation.
SQLMap Helper SQLMap helper module in javascript for Firefox.
Password list 2021 Large wordlist of passwords for cracking.

CVEs I've discovered or written exploits for:

CVE-2006-3392 Webmin <=1.29 remote root dir transversal to session hijack pivot.
CVE-2010-2626 Perl pipe upload past restrictive firewall with encoded data.
CVE-2016-10401 Zyxel pk5001z DSL modem remote root.
CVE-2017-5816 HP Enterprise iMC PLAT dbman.exe <=7.3 remote
CVE-2018-17336 UDisks 2.8.0 Memory corruption as root via malformed filesystem label.
CVE-2019-12881 Linux kernel 4.15 i915 DRM panic via crafted ioctl calls.
CVE-2019-15947 Carve wallet.dat data out of a memory .core dump of bitcoin-qt.

Other exploits and unfinished stuff archive: sploits

Bitcoin DonationPaypal Donation