Research Work

2025

LDAPNightmare at SafeBreach

LDAPNightmare Blogpost

How Shahak Morag and I created a first ever public PoC for CVE-2024-49113 that crashes any Windows Server by reverse engineering its patch

2024

QuickShell: Sharing is caring about an RCE attack chain on Quick Share at SafeBreach

Presented at:
- DEF CON 32 (2024) - Video
- Black Hat Asia 2025
- Upcoming:
  - RSAC 2025
  - Recon 2025
QuickShell Blogpost
QuickShell GitHub

How Shmuel Cohen and I found 10 vulnerabilities in Quick Share for Windows & Android and managed to assemble a creative and unconventional RCE attack chain

MagicDot: A Hacker's Magic Show of Disappearing Dots and Spaces at SafeBreach

Presented at:
- Black Hat Asia 2024 - Video
- SEC-T 2024 - Video
MagicDot Blogpost
MagicDot GitHub

How I found four vulnerabilities including an RCE plus rootkit-like techniques that all exist thanks to a known-issue in Windows

2023

One Drive, Double Agent: Clouded OneDrive Turns Sides at SafeBreach

Presented at:
- Black Hat USA 2023 - Video
- SecTor 2023
One Drive, Double Agent Blogpost
DoubleDrive Github Repo

How I turned Windows' local OneDrive agent into a ransomware bypassing all leading EDRs

DoubleDrive: Double Agents Hide Behind The Clouds at SafeBreach

Presented at:
- Troopers 2024
- CONFidence 2024
DoubleDrive Github Repo

"One Drive, Double Agent: Clouded OneDrive Turns Sides" Research Update - How I turned the local Google Drive & OneDrive agents on Windows into a ransomware bypassing all leading EDRs

2022

Aikido: Turning EDRs to Malicious Wipers Using 0-day Exploits at SafeBreach

Presented at:
- Black Hat Europe 2022 - Video
- RSAC 2023 - Video
- SecTor 2023
- Security Fest 2023 - Video
- CONFidence 2023 - Video
- HackCon Online 2023
Aikido Wiper Blogpost
Aikido Wiper GitHub Repo

How I turned EDRs into Wipers using a set of vulnerabilities I found affecting them to delete any file on the system as an unprivileged user

Page updated

Google Sites

Report abuse