Ax Sharma

Security Researcher, Engineer, Tech Reporter


Ax’s research centers around digital technology, networking, and cybersecurity.

Malware discovery and/or analysis:

  1. Python cryptomining malware on PyPI registry aka “Warehouse”
  2. Fake “Browserify” component with Linux, macOS zero-detection ELF malware
  3. Malicious dependency confusion copycats exfiltrating /etc/shadow and .bash_history targeting Amazon, Lyft, Zillow, Slack, etc.
  4. Discovered/analyzed an0n-chat-lib, “discord-fix”, “sonatype” typosquatting malware from CursedGrabber malware authors
  5. Malicious RubyGems “ruby-bitcoin” and “pretty_color” laced with cryptocurrency (Bitcoin, Monero, ETH) stealing malware
  6. njRAT/Bladabindi Windows malware discovery/analysis on npm registry in “jdb.js” and “db-json.js” packages.
  7. CursedGrabber Windows malware analysis (“xpc.js”) with Sonatype Security Research team
  8. discord.dll“, “”, “ac-addon”, “wsbd.js” malware discovery and analysis
  9. twilio-npm” brandjacking malware
  10. electorn“, “loadyaml” typosquatting malware analysis
  11. fallguys” malware technical analysis

Vulnerability deep-dive analysis and blogging

  1. GitHub-hosted malware calculates Cobalt Strike payload from an Imgur picture
  2. Bouncy Castle authentication bypass due to incorrect password hash matching algorithm
  3. NodeJS module downloaded 7M times lets hackers inject code
  4. Linux malware authors use Ezuri Golang crypter for zero detection
  5. PoC exploits for Apache Flink Path Traversal vulnerabilities
  6. Why streaming a video could freeze Microsoft IIS servers?
  7. Many many many more on BleepingComputer and Security Report.

Reported CVEs and Vulnerabilities:

NOTE: This may not be an exhaustive list because of “good faith” responsible disclosure agreements and ongoing vulnerability research pending disclosure.

Published Papers and miscellaneous works: