## Team #### Captain of `the "former gifted kids"` Notable CTF placements: - Defcon Red Team CTF: *4th place* - National Cyber League Team Game - Spring 2024: *1st Place* - Fall 2023: *1st Place* - Spring 2023: *2nd Place* * TCM Invitational: *1st Place* * CyberSEED 2024: *3rd Place* #### Member of `idek` Recently selected to play for `idek` (9th place in the world on CTFtime) - *Will be playing in Defcon CTF with the `Friendly Maltese Citizens` merger next year* #### Member of SIII US Cyber Team - Tooling - After Lloyd finishes the API, I will be spending a ton of time making modules (and doing a bit of backend work) for one of our main CTF Tools (keeping it vague, feel free to pm with questions on discord @jakesss_) ## Individual #### Combine I didn't compete much in the combine, besides the assessment week: - Completed all web, forensics, and reverse engineering challenges - Second blood on one of the webs #### CTFs - SIV US Cyber Open: *13th place* (up 6 places from SIII) - Was one of 6 competitors to full clear Forensics and Web - DOD Cyber Sentinel Challenge: *13th*/1440 - Meta Flash CTF - January: *3rd*/82 - September: *4th*/400 #### Security Research * Several vulnerabilities on [OneUptime](https://github.com/OneUptime/oneuptime)(4.7k stars on GitHub) - [**Remote Code Execution**](https://youtu.be/w5-Ouhx4F_U) via Node.js Sandbox Escape - [**Authorization Bypass**](https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq) (CVE-2024-29194) * **Remote Code Execution** via PHP Eval Jail Escape on a "CRM used by millions of users" (5.2k stars on GitHub) - Demo: Still waiting on the CVE, can't publish right now * ***Account Takeover** on [linen.dev](https://github.com/Linen-dev/linen.dev)(2.7k stars on GitHub) - [Writeup](https://jakesss.com/CVE+Hunting/linen.dev) (CVE-2024-45522)