Ax’s research centers around digital technology, networking, and cybersecurity.
Malware discovery and/or analysis:
- Python cryptomining malware on PyPI registry aka “Warehouse”
- Fake “Browserify” component with Linux, macOS zero-detection ELF malware
- Malicious dependency confusion copycats exfiltrating
.bash_historytargeting Amazon, Lyft, Zillow, Slack, etc.
- Discovered/analyzed “an0n-chat-lib“, “discord-fix”, “sonatype” typosquatting malware from CursedGrabber malware authors
- Malicious RubyGems “ruby-bitcoin” and “pretty_color” laced with cryptocurrency (Bitcoin, Monero, ETH) stealing malware
- njRAT/Bladabindi Windows malware discovery/analysis on npm registry in “jdb.js” and “db-json.js” packages.
- CursedGrabber Windows malware analysis (“xpc.js”) with Sonatype Security Research team
- “discord.dll“, “discord.app”, “ac-addon”, “wsbd.js” malware discovery and analysis
- “twilio-npm” brandjacking malware
- “electorn“, “loadyaml” typosquatting malware analysis
- “fallguys” malware technical analysis
Vulnerability deep-dive analysis and blogging
- GitHub-hosted malware calculates Cobalt Strike payload from an Imgur picture
- Bouncy Castle authentication bypass due to incorrect password hash matching algorithm
- NodeJS module downloaded 7M times lets hackers inject code
- Linux malware authors use Ezuri Golang crypter for zero detection
- PoC exploits for Apache Flink Path Traversal vulnerabilities
- Why streaming a video could freeze Microsoft IIS servers?
- Many many many more on BleepingComputer and Security Report.
Reported CVEs and Vulnerabilities:
NOTE: This may not be an exhaustive list because of “good faith” responsible disclosure agreements and ongoing vulnerability research pending disclosure.
- 2021: EXCLUSIVE: Indian Govt sites leaking thousands of COVID-19 test results online
- HM Government of Gibraltar SQL Injection and Authentication Bypass
- Hacker Noon Stored XSS via SVGs
- CVE-2018-10990: Insufficient Session Expiration in Arris Touchstone Gateway Devices
- CVE-2018-10989: Cleartext Transmission of Sensitive Information in Arris Touchstone Gateway Devices
- Georgia Tech’s Backdoor
- StartupTree: Open Redirects
- P.F. Chang’s: Member Information Leak (RT’d by Brian Krebs and computer security experts)
- Buca di Beppo: XSS
- PlanetFitness: Premium Access Bypass
- Ellucian Software (pending disclosure)
Published Papers and miscellaneous works:
- Analyzing 150+ Million Network Flows in Real-Time with nProbe and Elastic Sketch
- A Non-Oppressive, Community-Driven Electronic Identification Platform (Fall 2013 – Present)
- Implementation (Proof of Concept): https://electronicid.org/
- Park, J.R, Sharma, A, El Mimouni, H. (2016). Developing an Automatic Metadata Harvesting and Generation System for a Continuing Education Repository: A Pilot Study. Juried poster at iConference 2016 in Philadelphia, March 20, 2016.
- From Computational Thinking to Computational Making: a Demo (Co-author)- Best Companion Paper, Ubicomp 2015
- Contribution/Discussion: “Does Technology Have a Race?” http://houdaelmimouni.com/publications/hankerson_alt.chi_2016.pdf
- Patent: Method for Establishing Unique Online User Identification System with Facial Recognition, USPTO 61/616605 (Pending), 2011-12
- Patent: System and Method for Authenticating Paper Documents over a network, UKIPO GB1215191.6, 2012