Research

Ax’s research centers around digital technology, networking and cybersecurity.

Malware discovery and/or analysis:

  1. Discovered/analyzed an0n-chat-lib, “discord-fix”, “sonatype” typosquatting malware from CursedGrabber malware authors
  2. Malicious RubyGems “ruby-bitcoin” and “pretty_color” laced with cryptocurrency (Bitcoin, Monero, ETH) stealing malware
  3. njRAT/Bladabindi Windows malware discovery/analysis on npm registry in “jdb.js” and “db-json.js” packages.
  4. CursedGrabber Windows malware analysis (“xpc.js”) with Sonatype Security Research team
  5. discord.dll“, “discord.app”, “ac-addon”, “wsbd.js” malware discovery and analysis
  6. twilio-npm” brandjacking malware
  7. electorn“, “loadyaml” typosquatting malware analysis
  8. fallguys” malware technical analysis

Vulnerability deep-dive analysis and blogging

  1. GitHub-hosted malware calculates Cobalt Strike payload from an Imgur picture
  2. Bouncy Castle authentication bypass due to incorrect password hash matching algorithm
  3. NodeJS module downloaded 7M times lets hackers inject code
  4. Linux malware authors use Ezuri Golang crypter for zero detection
  5. PoC exploits for Apache Flink Path Traversal vulnerabilities
  6. Why streaming a video could freeze Microsoft IIS servers?
    .
    .
  7. Many many many more on BleepingComputer and Security Report.

Reported CVEs and Vulnerabilities:

NOTE: This may not be an exhaustive list because of “good faith” responsible disclosure agreements and ongoing vulnerability research pending disclosure.

Published Papers and miscellaneous works: