Some notes, analysis and proof-of-concepts about my vulnerability research journey
My research focus is vulnerability discovery in applications/services and exploit devlopment, I have fun bypassing modern defenses, exploring systems and playing with new technologies and in parallel: sharing some of my research notes on my blog; Here, you can find some of my experiments, advisories and analysis of advisories from others researchers.
This repository stores all the structure, code and files of my personal website (https://heitorgouvea.me). My website was developed using Jekyll. Its basic structure revolves around this and some HTML5, CSS3 (with sass) and JavaScript files.
| Name | Description | Category |
|---|---|---|
| CVE-2021-41773 | RCE & LFI on feature to path normalization in Apache HTTP Server | Analysis |
| CVE-2021-22204 | N-Day exploit RCE on Exiftool | Analysis |
# Download
$ git clone https://github.com/htrgouvea/research && cd research
# Building and running docker image
$ docker build -t blog-jekyll .
$ docker run -d -p 4000:4000 --name heitorgouvea.me blog-jekyllThis Blog uses some Github Actions workflows, for example to deploy itself and some others in the security aspect, such as: Dependa bot as a Software Composition Analsys (SCA), Semgrep as a Static Analsysis Security Testing (SAST) and OWASP ZAP as a Dynamic Analysis Security Testing (DAST).
Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page and for security issues, see here the security policy. (✿ ◕‿◕)
This work is licensed under MIT License.