Research - Ax Sharma

My research involves malware reverse engineering, cybercrime and scam investigations, as well as open-source software security. It’s easiest to find my most recent write-ups on the following news outlets and tech blogs:

Malware discovery and analyses:

Revived CryptoJS Library: A Crypto Stealer in Disguise
Open source components hijacked and turned into infostealers
Fake Microsoft VS Code extensions abusing ScreenConnect to deploy spyware
Python cryptomining malware on PyPI registry aka “Warehouse”
Exploit creator selling 250+ malicious components on Telegram.
Fake “Browserify” component with Linux, macOS zero-detection ELF malware
Malicious dependency confusion copycats exfiltrating /etc/shadow and .bash_history targeting Amazon, Lyft, Zillow, Slack, etc.
Discovered/analyzed “an0n-chat-lib“, “discord-fix”, “sonatype” typosquatting malware from CursedGrabber malware authors
Malicious RubyGems “ruby-bitcoin” and “pretty_color” laced with cryptocurrency (Bitcoin, Monero, ETH) stealing malware
njRAT/Bladabindi Windows malware discovery/analysis on npm registry in “jdb.js” and “db-json.js” packages.
CursedGrabber Windows malware analysis (“xpc.js”) with Sonatype Security Research team
“discord.dll“, “discord.app”, “ac-addon”, “wsbd.js” malware discovery and analysis
“twilio-npm” brandjacking malware
“electorn“, “loadyaml” typosquatting malware analysis
“fallguys” malware technical analysis

Vulnerability deep-dive analysis and blogging

GitHub-hosted malware calculates Cobalt Strike payload from an Imgur picture
Bouncy Castle authentication bypass due to incorrect password hash matching algorithm
NodeJS module downloaded 7M times lets hackers inject code
Linux malware authors use Ezuri Golang crypter for zero detection
PoC exploits for Apache Flink Path Traversal vulnerabilities
Why streaming a video could freeze Microsoft IIS servers?
.
.
Many many many more on BleepingComputer and Security Report.

Reported CVEs and Vulnerabilities:

NOTE: This may not be an exhaustive list because of “good faith” responsible disclosure agreements and ongoing vulnerability research pending disclosure.

2021: EXCLUSIVE: Indian Govt sites leaking thousands of COVID-19 test results online
HM Government of Gibraltar SQL Injection and Authentication Bypass
Hacker Noon Stored XSS via SVGs
CVE-2018-10990: Insufficient Session Expiration in Arris Touchstone Gateway Devices

CVE-2018-10989: Cleartext Transmission of Sensitive Information in Arris Touchstone Gateway Devices
Georgia Tech’s Backdoor
StartupTree: Open Redirects
P.F. Chang’s: Member Information Leak (RT’d by Brian Krebs and computer security experts)
Buca di Beppo: XSS
PlanetFitness: Premium Access Bypass
Ellucian Software (pending disclosure)

Published Papers and miscellaneous works:

- Analyzing 150+ Million Network Flows in Real-Time with nProbe and Elastic Sketch
- A Non-Oppressive, Community-Driven Electronic Identification Platform (Fall 2013 – Present)
  - Implementation (Proof of Concept): https://electronicid.org/

- Park, J.R, Sharma, A, El Mimouni, H. (2016). Developing an Automatic Metadata Harvesting and Generation System for a Continuing Education Repository: A Pilot Study. Juried poster at iConference 2016 in Philadelphia, March 20, 2016.
  - Implementation: http://metadatace.cci.drexel.edu/omeka/
  - PDF (Research Paper): metadata_paper.pdf

- From Computational Thinking to Computational Making: a Demo (Co-author)- Best Companion Paper, Ubicomp 2015
- Contribution/Discussion: “Does Technology Have a Race?” http://houdaelmimouni.com/publications/hankerson_alt.chi_2016.pdf

- Patent: Method for Establishing Unique Online User Identification System with Facial Recognition, USPTO 61/616605 (Pending), 2011-12
- Patent: System and Method for Authenticating Paper Documents over a network, UKIPO GB1215191.6, 2012