Senior Security Researcher at Sonatype
Author at CSO Online, Bleeping Computer, CIO, Security Report, Hacker Noon, Dev.to, et al.
M.S. in Computer Science, Georgia Tech.
B.S. in Software Engineering, Drexel University
Endorsed an Exceptional Talent, a recognised leader in Tech by the British Government and frequently featured on leading media outlets like Fortune, The Register and CIO, Ax is a Security Researcher and Engineer who holds passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically and educating a wide range of audiences. He’s an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
Ax’s expertise lies in vulnerability research, software development and web app security. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organisations like HM Government, Yodel, U.S. DHS, P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian and the popular restaurant chain, Buca di Beppo.
In early 2018, Ax helped prevent a massive data breach at Georgia Tech by going public with a serious flaw which was left unpatched for over a year. He hence earned himself a place on Tech’s Vulnerability Reporters “hall of fame” page.
To consult Ax for your next big security project or for media source requests, drop him a note here.
Ax’s hobbies include working out, reading, playing piano and developing innovative, upcoming web projects.
- John the Ripper explained: An essential password cracker for your hacker toolkitJohn the Ripper definition To read this article in full, please click here(Insider Story) Read more »
- Lessons learned from the ANPR data leak that shook BritainOn April 28, 2020, The Register reported the massive Automatic Number-Plate Recognition (ANPR) system used by the Sheffield government authorities was leaking some 8.6 million driver records. An online ANPR dashboard responsible for managing the cameras, tracking license plate numbers and viewing vehicle images was left exposed on the internet,… Read more »
- PrintDemon vulnerability explained: Its risks and how to mitigateMicrosoft’s May 2020 update patched some 111 vulnerabilities including one for Windows Print Spooler. That vulnerability, discovered by Peleg Hadar and Tomer Bar of SafeBreach Labs, caught the eye of security experts, as hackers can exploit it to elevate privileges and execute arbitrary code. Dubbed PrintDemon and known by CVE-2020-1048,… Read more »
- PlayStation discloses “severe” kernel vulnerabilityPlayStation has disclosed a severe use-after-free vulnerability, after over three months since it was reported. The vulnerability discovered by researcher Andy Nguyen exists in PS4 Firmware versions 7.02 and below. After constructing a demonstrable Proof of Concept (PoC) exploit, the researcher had responsibly reported the flaw to the company in March 2020.… Read more »
- Hacking the antivirus: BitDefender remote code execution vulnerabilityWhat happens when the very antivirus designed to keep you and your organization safe becomes a threat vector for the attackers to exploit? Yesterday, I broke the news story on Bleeping Computer about a remote code execution vulnerability which was recently discovered and disclosed by security researcher and blogger Wladimir Palant. Palant explained how the… Read more »
- NHS contact-tracing app code hints at security and privacy bugs early onNHS recently announced plans to unveil their own coronavirus contact-tracing app, as opposed to joining leagues of Apple and Google, to have better visibility into citizen movements. Suffice to say, the plan has certainly raised eyebrows of privacy activists, lockdown sceptics, and opponents of “big government.” On the bright side, the NHS coronavirus app is… Read more »
- ☢️ Dissecting DEFENSOR: a stealthy Android banking malwareAndroid malware apps are nothing new, but this one is of particular interest in how it implements no such functionality that can be readily detected by security products. The apps named DEFENSOR ID and Defensor Digital rely mainly on Android's Accessibility Service to conduct malicious activities, and go undetected. In… Read more »
- The 'forgotten' ZEE5 data leak you didn't hear about.In an exclusive story reported on my blog about a month ago and on no mainstream media outlet, credentials of some 1,023 Premium accounts were found floating on the web. These user accounts belong to the popular video-on-demand streaming service, ZEE5. The origins of the incident date back to April 12th 2020, when a new data… Read more »
- Facebook’s reluctance to feedback is putting millions of WhatsApp users at risk of malwareWorkarounds aimed at hiding ‘online’ activity on WhatsApp can seriously compromise user security and privacy. But, Facebook doesn’t care. The internet is filled with articles such as this one on Business Insider, aimed at teaching desperate users how can they hide their online presence on WhatsApp. Quite a lot of these articles… Read more »
- “Zoombombing” — an exaggerated phenomenon, not a vulnerability.Why is the exclusive focus on Zoom, when the same “flaw” impacts almost all popular video conferencing apps? In this Coronavirus era, as if daily news briefings on the pandemic-related deaths weren't enough, a new wave of “zoombombing” stories has been dominating headlines. In the U.S., politicians are even urging… Read more »
- 5 ways cybersecurity awareness trainings can strengthen your organizationAccording to an InfoScales report, 95% of successful cyberattacks have human error as the leading cause – most notably company employees falling for phishing scams. This is an important observation as cybersecurity efforts often intuitively focus largely on strengthening the technical controls in an organization to prevent data leakage, willful… Read more »
- 5 practical ways your organization can benefit from DevSecOpsIt’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release.Given how security… Read more »
- Is our obsession with regulation killing the web?Anybody who’s been paying attention has noticed just how much the internet has changed within the last 10 years.From the humble looks of Google’s homepage to the vast existence old-school message boards and a virtually irrelevant “social” media, the internet largely felt like an accessory, a toy you could play… Read more »
- 7 steps to landing your first IT job, fastIT is a constantly expanding sector with its ever-increasing demand for skilled talent and the projected scope for growth within the next few years. This is especially true for the Information Security subfield for which the vacancies are drastically going up while the workers are struggling to catch up in… Read more »
- 7 ‘don’ts’ of diversity for fostering a healthy office cultureChange at a workplace is hard and often comes with improvements and challenges which cannot be ignored. Change can be a struggle for employees who often need time to gradually adapt themselves to it, rather than feeling forced into it. Even minor changes, for example, changing your company’s choice of… Read more »
- 5 ways a global presence can benefit your tech companyIf you run a successful tech startup or an established business, primarily offering digital products and services, chances are you have a significant customer presence worldwide. There also lies a high probability that you leverage a remote workforce ‘round-the-globe enabling increased collaboration over time zones. While staying local never hurt… Read more »
- PlayStation discloses “severe” Use-After-Free kernel vulnerabilityResearcher awarded a $10,000 bounty for reporting the bugContinue reading on The Innovation » Read more »
- Behind an entire catalogue of malicious Chrome extensions? Allegedly, a domain registrarSecurity company has accused an Israeli domain registrar for registering thousands of malicious domains powering Chrome malwareContinue reading on Medium » Read more »
- Curve Card Services Disrupted Due to Wirecard’s Suspended LicenseCustomers advised carrying alternate cards and payment methodsContinue reading on The Innovation » Read more »
Medium: Go to Medium blog >