Bio

M.S. in Computer Science, Georgia Tech.
B.S. in Software Engineering, Drexel University

Ax Sharma is a Security Researcher, Threat Intel Analyst, and Tech Reporter who holds a passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically, and educating a wide range of audiences via blogging and vlogging. He’s an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Ax’s expertise lies in malware analysis, vulnerability research, threat intelligence analysis, and web app security. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organisations like HM GovernmentYodel, U.S. DHS, P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian, and the popular restaurant chain, Buca di Beppo.

In early 2018, Ax helped prevent a data breach at Georgia Tech by going public with a serious flaw that was left unpatched for over a year.

To consult Ax for your next big security project or for media source requests, drop him a note here.

Ax’s hobbies include working out, reading, playing piano and developing innovative, upcoming web projects.

  • Sigma rules explained: When and how to use them to log eventsSigma rules explained: When and how to use them to log events
    A typical corporate network consists of hundreds or thousands of devices generating millions of lines of logs pouring in every minute. What can make it possible, then, for SOC and threat intel analysts to sift through all this flow of information efficiently and separate malicious activity from daily noise in… Read more »
  • Who's who in the cybercriminal undergroundWho's who in the cybercriminal underground
    We are at a point in time when cybercriminals including ransomware gangs have established themselves as organized, illicit businesses rather than a one-person hacking operation. More and more ransomware groups have emerged and existing ones continue to prosper in terms of repeatedly attaining success with breaching prominent organizations.The increased success… Read more »
  • Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft's Patch Tuesday blunderPrioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft's Patch Tuesday blunder
    The past few weeks left IT professionals overwhelmed as organizations scrambled to assess if they were vulnerable to threats posed by the Log4Shell vulnerability. As if that weren't enough of a challenge over the holidays, more Log4j CVEs followed, not all of which deserved equal attention.And Microsoft’s January Patch Tuesday… Read more »
  • Where did these mysterious PrismJS npm versions come from?Where did these mysterious PrismJS npm versions come from?
    In 2015, strange 9000.0.x versions of PrismJS appeared on npm downloads, and nobody had a clue where they came from, or what purpose they served. Roughly four years later, PrismJS 9000.0.1 and 9000.0.2 were removed from npm for the reasons described below. But to date, no one seems to know anything more about this incident. PrismJS is a… Read more »
  • NodeJS malware caught exfiltrating IPs, username, and device information on GitHubNodeJS malware caught exfiltrating IPs, username, and device information on GitHub
    Multiple NodeJS packages laden with malicious code have been spotted on npm registry. These “typosquatting” packages served no purpose other than collecting data from the user’s device and broadcasting it on public GitHub pages. The findings were spotted by Sonatype’s automated malware detection systems and further investigated by the company’s Security Research… Read more »
  • Can a Windows wallpaper really hijack your Microsoft account password?Can a Windows wallpaper really hijack your Microsoft account password?
    This month security researcher bohops demonstrated a credential harvesting trick that uses Windows theme files. Setting a Windows wallpaper location to a file present at a remote location, for example, a password-protected HTTP(s) page, instead of a locally present image, can be abused for phishing. This happens because the password-protected… Read more »