Skip to content

Whoami – Mrvar0x

A Red Teamer and Security Researcher.

Sharing knowledge and achievements. I’m open for any feedback, feel free to contact me at anytime.

Notable Achievements

CVE-2021-44429
CVE-2021-44428
CVE-2021-45856
CVE-2022-31371
CVE-2021-45334
CVE-2022-28480
CVE-2022-28994
CVE-2022-30055
CVE-2023-4523
CVE-2022-44284
CVE-2021-46368
CVE-2022-1068
CVE-2022-37771
CVE-2022-36670
CVE-2023-29786
CVE-2023-29785
CVE-2022-44283

Local Exploits

Unquoted Service Path & DLL Hijacking on Worktime 10.20
Nextar C472 Point-of-Sale (POS) DLL Hijacking
Xlight FTP Server 3.9.3.1 – Local Buffer Overflow
AbsoluteTelnet 11.24 Phone/Username Local Buffer Overflow
Real Time Automation 460MCBS 5.2.14 Cross Site Scripting
Xlight FTP Server 3.9.3.6 – Local Buffer Overflow
Lucee 5.4.2.17 Cross Site Scripting
Gom Player 2.3.92.5362 DLL Hijacking
Gom Player 2.3.92.5362 Buffer Overflow

Publications

Author of Book (Learn Penetration Testing with Python3.X)
Speaker at many international conferences (DefCamp 2016, 2017 – QuBit 2016, 2019, Blackhat 2023)
Hall of Fame of many websites
Author of Book (Learn Penetration Testing with Python3.X) Second Edition
There is a lot more you can view my LinkedIn
Github

Hacking is to Know the Unknown - & Break Boundaries Guided by Curiosity