2025
How Ben Nassi, Stav Cohen, and I created Targeted Promptware Attacks allowing to exploit Gemini in various ways leveraging indirect prompt injections to exfiltrate victims' private data, capture live video of victims, control victims' smart home device, wipe victims' calendar events, geolocate victims, generate toxic content for victims, and more
Will be presented at:
How Shahak Morag and I found 4 DoS vulnerabilities allowing to crash Domain Controllers, Windows 11 endpoints, and harness Domain Controllers around the world for a DDoS attack
Will be presented at:
How Shahak Morag and I created a first ever public PoC for CVE-2024-49113 that crashes any Windows Server by reverse engineering its patch
2024
How Shmuel Cohen and I found 10 vulnerabilities in Quick Share for Windows & Android and managed to assemble a creative and unconventional RCE attack chain
How I found four vulnerabilities including an RCE plus rootkit-like techniques that all exist thanks to a known-issue in Windows
Presented at:
2023
How I turned Windows' local OneDrive agent into a ransomware bypassing all leading EDRs
"One Drive, Double Agent: Clouded OneDrive Turns Sides" Research Update - How I turned the local Google Drive & OneDrive agents on Windows into a ransomware bypassing all leading EDRs
Presented at:
2022
How I turned EDRs into Wipers using a set of vulnerabilities I found affecting them to delete any file on the system as an unprivileged user
Presented at:
HackCon Online 2023