Hello, I’m Howard, an athlete and cyber security researcher.

I am a Technical Manager for Aon’s Cyber Solutions, where I primarily perform red teams, web application testing and pretty much everything else… I spend my spare time running, hiking and researching.

Accolades / CVEs / Stuff

CVE-2021-20595

Mitsubishi XXE / DoS

• https://www.aon.com/cyber-solutions/aon_cyber_labs/cve-2021-20595-unauthenticated-xxe-in-multiple-mitsubishi-electric-air-conditioner-control-systems/

CVE-2021-20698

Sharp / NEC Buffer Overflow (RCE / Command Injection)

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-and-buffer-overflow-in-multiple-sharp-nec-displays/

CVE-2021-20699

Sharp / NEC Buffer Overflow (RCE / Command Injection)

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-and-buffer-overflow-in-multiple-sharp-nec-displays/

CVE-2021-40144

Command Injection in Araknis Networks AN-210 Network Switches

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-in-multiple-snap-one-araknis-networks-products/

CVE-2021-40844

Command Injection in Araknis Networks AN-810 Access Points

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-in-multiple-snap-one-araknis-networks-products/

CVE-2021-42661

Command Injection in Araknis Networks AN-700-O Access Points

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-in-multiple-snap-one-araknis-networks-products/

Asus Stuff

CVE-2022-26673

Stored XSS in Asus Routers

• https://localh0st.run/post/asus/

CVE-2022-26674

Authenticated Format String RCE in Asus httpd (dope)

• https://localh0st.run/post/asus/

CVE-2023-34358

Unauthenticated DoS Condition in Asus httpd

• https://localh0st.run/post/asus-dos/

CVE-2023-34359

Unauthenticated DoS Condition in Asus httpd

• https://localh0st.run/post/asus-dos/

CVE-2023-34360

Stored XSS in Asus httpd

• https://localh0st.run/post/asus-xss/

CVE-2023-41349

Format String DoS / Memory Leak (ASLR / PIE Bypass)

• https://localh0st.run/post/asus-vpn/

CVE-2024-31159

Reflected XSS in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-1/

CVE-2024-31160

Stored XSS in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-1/

CVE-2024-31161

Arbitrary file upload / directory traversal in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-1/

CVE-2024-31162

Command injections in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-2/

CVE-2024-31163

Buffer overflows in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-2/

Jitbit HelpDesk

XSS, Reflected and Stored (Publishing: TBD)

• CVE-2023-29648
• CVE-2023-29649
• CVE-2023-29650
• CVE-2023-34555
• CVE-2023-34556
• CVE-2023-34557
• CVE-2023-34558
• CVE-2023-34559
• CVE-2023-34560

Microsoft

• Feb 29, 2024 “acknowledgement” in online services for Teams SSRF (n0rthw4rd) - $5k bounty

  • https://msrc.microsoft.com/update-guide/acknowledgement/
  • https://localh0st.run/post/teams-ssrf/

• Mar 31, 2024 “acknowledgement” in online services (n0rthw4rd)

• Mar 31, 2024 “acknowledgement” in online services for SSRF in Office apps (Word, Excel, PowerPoint) - $5k bounty

  • Aon publishing TBD

• Mar 31, 2024 “acknowledgement” in online services for SSRF in Sharepoint

  • Aon publishing TBD

• Apr 30, 2024 “acknowledgement” in online services for SSRF in Office Search services - $5k bounty

  • Aon publishing TBD