Skip to content
View Eriner's full-sized avatar
125 followers · 39 following

Organizations

@zsh-users @zimfw @forcesunseen
Block or Report

Block or report Eriner

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Eriner/README.md

I'm Matt

Security researcher, developer, and co-founder of Forces Unseen.

Projects and Tools

🧠 Research and Disclosures

Disclosure CVEs
Home-Assistant addon-ssh: Blueprint RCE CVE-2021-45099
🌟 Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains NA, patches by Verisign and Amazon
🌟 ConnectWise Control: multiple CVEs CVE-2019-16513, CVE-2019-16512, CVE-2019-16517, CVE-2019-15614, CVE-2019-16515
Argo: multiple CVEs CVE-2018-21034, CVE-2020-8828, CVE-2020-8827, CVE-2020-11576
Harbor: SSRF CVE-2020-13788
Keycloak: DoS CVE-2020-10758
Simple: Information Disclosure CVE-2019-8350
CoreOS Tectonic: CVE-2018-5256 CVE-2018-5256
Home-Assistant: information disclosure CVE-2018-21019
Home-Assistant: markdown injection N/A
Mastodon: Remote User/Server Lookup DoS CVE-2018-21018

✉ Contact

Email: matt@forcesunseen.com

Pinned

  1. zimfw/zimfw zimfw/zimfw Public

    Zim: Modular, customizable, and blazing fast Zsh framework

    HTML 3.6k 177

  2. jsonl jsonl Public

    JSON Lines for Go. Unstable package.

    Go 1

  3. launchpad launchpad Public

    Go package providing an API for communicating with Novation Launchpad X devices

    Go 8 2

  4. dailysuntzu dailysuntzu Public

    ~5M Docker container to send Sun Tzu quotes via Twilio SMS daily

    Go 2

  5. PoC for github.com/hassio-addons/add... PoC for github.com/hassio-addons/addon-ssh <= 9.1.1 - CVE-2021-45099
    1 
    blueprint:
    2 
      name: PoC for CVE-2021-45099
    3 
      description: the not-a-vulnerability was patched in github.com/hassio-addons/addon-ssh v10.0.0
    4 
      domain: automation
    5 
      input:
  6. Keycloak <v11.0.1 Content-Length DoS... Keycloak <v11.0.1 Content-Length DoS - CVE-2020-10758 - https://www.soluble.ai/blog/keycloak-cve-2020-10758
    1 
    #!/bin/zsh
    2 
    
              
    
              
    
                3
                
    # Keycloak Vuln disclosure: https://www.soluble.ai/blog/keycloak-cve-2020-10758
    
              
    
              
    
                4
                
    #
    
              
    
              
    
                5
                
    # LWN post about HTTP POST Content-Length DoS: https://lwn.net/Articles/418017/
    
              
    
          
    
    
    
  
    

    7.