Ax’s research centers around digital technology, networking and cybersecurity.
Reported CVEs and Vulnerabilities:
NOTE: This may not be an exhaustive list because of “good faith” responsible disclosure agreements and ongoing vulnerability research pending disclosure.
- HM Government of Gibraltar SQL Injection and Authentication Bypass
- Hacker Noon Stored XSS via SVGs
- CVE-2018-10990: Insufficient Session Expiration in Arris Touchstone Gateway Devices
- CVE-2018-10989: Cleartext Transmission of Sensitive Information in Arris Touchstone Gateway Devices
- Georgia Tech’s Backdoor
- StartupTree: Open Redirects
- P.F. Chang’s: Member Information Leak (RT’d by Brian Krebs and computer security experts)
- Buca di Beppo: XSS
- PlanetFitness: Premium Access Bypass
- Ellucian Software (pending disclosure)
Published Papers and miscellaneous works:
- Analyzing 150+ Million Network Flows in Real-Time with nProbe and Elastic Sketch
- A Non-Oppressive, Community-Driven Electronic Identification Platform (Fall 2013 – Present)
- Implementation (Proof of Concept): https://electronicid.org/
- Park, J.R, Sharma, A, El Mimouni, H. (2016). Developing an Automatic Metadata Harvesting and Generation System for a Continuing Education Repository: A Pilot Study. Juried poster at iConference 2016 in Philadelphia, March 20, 2016.
- From Computational Thinking to Computational Making: a Demo (Co-author)- Best Companion Paper, Ubicomp 2015
- Contribution/Discussion: “Does Technology Have a Race?” http://houdaelmimouni.com/publications/hankerson_alt.chi_2016.pdf
- Patent: Method for Establishing Unique Online User Identification System with Facial Recognition, USPTO 61/616605 (Pending), 2011-12
- Patent: System and Method for Authenticating Paper Documents over a network, UKIPO GB1215191.6, 2012