Derek Abdine

Looking for the Arris advisory?

Bio

Hello! I’m currently Cofounder and CEO of a tech startup focused on <<REDACTED>>.

I started in tech & cybersecurity in my teens building and reversing software and hardware, and using that information for the benefit of positive outcomes in cybersecurity. I have reported issues both privately and publicly to several Fortune 500 companies. I’ve published several CVEs, and I’ve directly developed innovations in LAN/Internet scanning/asset inventory, cybersecurity data science, honeypotting, and vulnerability management over the past 16 years. I’ve been to the White House to discuss the state of cybersecurity trends at the intersection of the US and global economy (related research was subsequently published in the 2019 Economic Report to the President). I’ve been in senate buildings in Washington, D.C. to discuss carve-outs for legitimate cybersecurity research with respect to ancient laws such as the CFAA. I currently hold 5 patents in cybersecurity. Previously, I held the role of CTO at Censys and Head of Labs at Rapid7.

I am also the co-creator of MultiTheftAuto, a first-of-its-kind open source modification to Grand Theft Auto, which added multiplayer capabilities using malicious code injection techniques. Rockstar eventually incorporated this functionality as a core feature of Grand Theft Auto 5.

Advisories

CVE-2006-5379 – NVidia binary blob buffer overflow
CVE-2007-2439 – Caucho Resin DOS device denial of service
CVE-2007-2440 – Caucho Resin directory traversal
CVE-2007-2441 – Caucho Resin system path disclosure
CVE-2007-2437 – Xrender extension denial of service
CVE-2008-1368 – Internet Explorer FTP command injection (disputed as a duplicate of an already patched vulnerability)
CVE-2015-2659 – Oracle Java JRE AES Intrinsics Remote Denial of Service
CVE-2016-6533 – Nine Folders Certificate Validation Vulnerability

Publications/References/Media credit

https://www.engadget.com/western-digital-my-book-live-factory-reset-two-vulnerabilities-044122712.html
https://www.forbes.com/sites/thomasbrewster/2021/05/12/the-colonial-pipeline-hackers-are-one-of-the-savviest-criminal-startups-in-a-370-million-ransomware-game/
https://duo.com/decipher/attackers-target-critical-vmware-bug
https://www.zdnet.com/article/exploit-released-for-vmware-vulnerability-after-cisa-warning/
https://threatpost.com/rce-0-day-western-digital-users/167547/
https://www.zdnet.com/article/additional-fixes-released-addressing-apache-http-server-issue/
https://www.westerndigital.com/support/product-security/wdc-21012-my-cloud-os5-firmware-version-5-18-117
https://www.youtube.com/watch?v=Ptu41QdPLqs
https://blog.rapid7.com/2016/07/13/r7-2016-08-seeking-alpha-mobile-app-unencrypted-sensitive-information-disclosure/
https://www.theregister.co.uk/2016/09/05/cisco_extra_bacon_asa/
https://blog.rapid7.com/2016/10/11/r7-2016-21-nine-folders-certificate-validation-vulnerability-cve-2016-2533/
https://www.theregister.co.uk/2016/10/17/outlook_app_slapped_in_maninthemiddle_diddle/
https://blog.rapid7.com/2016/11/08/election-day-tracking-the-mirai-botnet/
https://searchsecurity.techtarget.com/news/450417249/Oracle-patches-Apache-Struts-exploits-Equation-Group-vulnerability
https://blog.rapid7.com/2018/06/07/vpnfilter-potential-reach/
https://information.rapid7.com/reduce-risk-exposure-cloud.html

Patents

US10986130B1 - Honeypot opaque credential recovery

US10848507B1 - Reactive virtual security appliances

US10826939B2 - Blended honeypot

US10546134B2 - Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems

Contact

Twitter: @dabdine
Mail: derek.abdine/at/gmail.com (PGP)
GitHub: @dabdine