Hello, I’m Howard, an athlete and cyber security researcher.

I currently work as a Security Researcher at Microsoft focusing on Windows internals, and previously was a Technical Director @ Aon’s Cyber Solutions for their United States red team.

I spend my spare time running, hiking, climbing and hacking.

Accolades / CVEs / Stuff

Microsoft

CVEs: CVE-2026-20854, CVE-2026-20929, CVE-2026-26155, CVE-2026-26160, CVE-2026-32071, CVE-2026-26159, CVE-2026-34339

Acknowledgements: 2023 Q4 MSRC Office leaderboards. Multiple 2024 and 2025 bounties and aknowledgements in Online Services– SSRFs, XSS.

• Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability.
• Windows HTTP.sys Elevation of Privilege Vulnerability
• Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
• Remote Desktop Licensing Service Elevation of Privilege Vulnerability
• Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
• Remote Desktop Licensing Service Elevation of Privilege Vulnerability
• Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability

Asus

CVEs: CVE-2022-26673, CVE-2022-26674, CVE-2023-34358, CVE-2023-34359, CVE-2023-34360, CVE-2023-34360, CVE-2023-41349, CVE-2024-31159, CVE-2024-31160, CVE-2024-31161, CVE-2024-31162, CVE-2024-31163

Stored XSS and authenticated format string RCE in Asus http (dope)

• https://localh0st.run/post/asus/

Unauth httpd DoS x 2

• https://localh0st.run/post/asus-dos/

Stored XSS in Asus httpd

• https://localh0st.run/post/asus-xss/

Format string DoS / memory disclosure

• https://localh0st.run/post/asus-vpn/

Reflected, stored XSS and arbitrary file upload + directory traversal in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-1/

Command injections and buffer overflows in Asus Download Master

• https://localh0st.run/post/asus-downloadmaster-2/

Sharp / NEC

CVEs: CVE-2021-20698, CVE-2021-20699

Unauthenticated buffer overflows via HTTP in multiple Sharp NEC public displays

• https://www.aon.com/cyber-solutions/aon_cyber_labs/command-injection-and-buffer-overflow-in-multiple-sharp-nec-displays/

Mitsubishi

CVE: CVE-2021-20595

Unautenticatd XXE / DoS in Mitsubishi electric air conditioner control systems

• https://www.aon.com/cyber-solutions/aon_cyber_labs/cve-2021-20595-unauthenticated-xxe-in-multiple-mitsubishi-electric-air-conditioner-control-systems/

Araknis Networks

CVEs: CVE-2021-40144, CVE-2021-40844, CVE-2021-42661

Command Injections in Araknis Networks AN-210, AN-700-O, AN-810

• https://www.levelblue.com/blogs/spiderlabs-blog/command-injection-in-multiple-snap-one-araknis-networks-products/ (Formerly hosted by Aon)

Jitbit HelpDesk

CVEs: CVE-2023-29648, CVE-2023-29649, CVE-2023-29650, CVE-2023-34555, CVE-2023-34556, CVE-2023-34557, CVE-2023-34558, CVE-2023-34559, CVE-2023-34560

Reflected and stored XSS within ticket submission leading to elevation of privilege and full Jitbit takeover. Never authorized to publish. Identified and exploited within red team op.