*Pawel Wylecial (@h0wlu) - Vulnerability researcher / Blockchain Security Researcher homepage*
List of security vulnerabilities / Advisories
WebKit #215823 - Stealing local files using Web Share API affecting Safari on macOS and iOS
CVE-2020-15926 - Rocket.Chat Cross-Site Scripting / Remote Code Execution
Google Chrome Use-After-Free in portals (Remote Code Execution + Sandbox Escape)
Google Chrome Use-After-Free in accessibility (Remote Code Execution + Sandbox Escape)
CVE-2020-6463 - Google Chrome Use-After-Free in ANGLE (Remote Code Execution) affecting also Mozilla Firefox & Thunderbird
CVE-2019-13766 - Google Chrome Use-After-Free in accessibility (Remote Code Execution + Sandbox Escape)
Google Chrome Use-After-Free in portal (Remote Code Execution + Sandbox Escape)
Google Chrome Use-After-Free in display locking (Remote Code Execution)
CVE-2015-2487 / ZDI-15-420 - Microsoft Internet Explorer Embedded Windows Media Player Use-After-Free Remote Code Execution (MS15-094)
CVE-2015-3680 / ZDI-15-284 - Apple OS X DFont FOND Memory Corruption Remote Code Execution
CVE-2015-3679 / ZDI-15-287 - Apple OS X morx nSubtables Memory Corruption Remote Code Execution
mksh-R50e File Descriptor Parsing Integer Overflow
CVE-2015-0036 / ZDI-15-019 - Microsoft Internet Explorer CShadow Direction Integer Overflow Remote Code Execution (MS15-009)
Hopper Disassembler 2.8.7 / 3.6.2 Mach-O Handling Buffer Overflow
CVE-2014-3788 - Cogent DataHub Heap Buffer Overflow Remote Code Execution
CVE-2014-0256 - Microsoft iSCSI Target Remote Denial of Service (MS14-028)
CVE-2014-0255 - Microsoft iSCSI Target Remote Denial of Service (MS14-028)
CVE-2014-1449 - Maxthon Cloud Browser for Android 4.1.4.2000 Address Bar Spoofing
ZDI-13-252 - Cogent DataHub Heap Overflow Remote Code Execution
CVE-2012-4399 - CakePHP 2.x XXE injection
Research / Publications
SolChat Messages Insecure Encryption Method
Friend.tech app incorrect key pricing + locked ETH (joint work with @ELaszlo_)
New Bitcoin City Stored Cross-Site Scripting (XSS) in Mentions
Wormable Stored Cross-Site Scripting (XSS) in Alpha
Chat Room Messages Leak on Friend.tech
The importance of Web UI security in decentralised applications
Stealing local files using Safari Web Share API
Google Chrome fuzzing conclusion
Google Chrome display locking fuzzing
Google Chrome portal element fuzzing
SyScan360 2014 - Mobile Browsers Security: iOS
I provide IT Security Consulting services - Founder of BlackOwlSec / co-founder of REDTEAM.PL / co-founder of WarCon
Penetration Testing
Smart Contract Audits (Solidity)
Decentralized Applications Security
Vulnerability Research
Browser Security Research / Fuzzing
Browser Extensions Security (e.g. Wallets)
Exploit Development
Feel free to contact me regarding these services using the contact details below
Contact / Links
REDTEAM.PL
BlackOwlSec
@h0wlu
Cantina profile
@h0wlu.lens
REDTEAM.PL blog
Substack
personal blog (no longer maintained)
LinkedIn
keybase
pawel@blackowlsec.com pubkey
pawel.wylecial@redteam.pl pubkey
h0wlu.eth