@b1gchoi
Security Researcher & Full Stack Developer. Specializing in offensive security, vulnerability analysis, and creating robust web architectures.
Proof of Concept for a critical Authentication Bypass (CWE-288) in Cisco Secure Firewall Management Center (FMC). Allows unauthenticated attackers to gain administrative access via an alternate diagnostic channel (CVSS 10.0).
Exploit / PoCA lightweight Python tool for analyzing encrypted traffic patterns using heuristic analysis. Designed for CTF challenges and network debugging.
PythonProof of Concept for a critical Use-After-Free in Google Chrome CSS processing (Blink). Allows arbitrary code execution in the renderer sandbox via a crafted HTML page on vulnerable versions <=144.0.x (all platforms).
Exploit / PoCAuthentication Bypass Using an Alternate Path (CWE-288) in All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress (≤ 2.2.5). Allows unauthenticated remote attackers to log in as any user, including administrators.
Exploit / PoCCritical Remote Code Execution (RCE) vulnerability in Microsoft Devices Pricing Program. Exploits unauthenticated file upload functionality to achieve arbitrary code execution (CVSS 9.8). The vulnerability allows attackers to upload malicious ASPX files and execute arbitrary commands on the target system.
Exploit / PoCOpen for collaboration on security research and development projects.
View GitHub Profile