## https://sploitus.com/exploit?id=4427DEE4-E1E2-5A16-8683-D74750941604
<p align="center">
<h3 align="center">Security Research</h3>
<p align="center">Some notes, analysis and proof-of-concepts about my vulnerability research journey </p>
<p align="center">
<a href="/LICENSE.md">
<img src="https://img.shields.io/badge/license-MIT-blue.svg">
</a>
</p>
</p>
---
### Summary
My research focus is vulnerability discovery in applications/services and exploit devlopment, I have fun bypassing modern defenses, exploring systems and playing with new technologies and in parallel: sharing some of my research notes on [my blog](https://heitorgouvea.me); Here, you can find some of my experiments, advisories and analysis of advisories from others researchers.
---
### Research
| Name | Description | Category |
| ----------- | ----------- | ----------- |
| [CVE-2021-41773](/analysis/CVE-2021-41773) | RCE & LFI on feature to path normalization in Apache HTTP Server| Analysis |
| [CVE-2021-22204](/analysis/CVE-2021-22204) | N-Day for RCE on Exiftool | Analysis |
| [Fuzz.PM](/experiments/fuzz.pm) | Differential fuzzing to find logic bugs on Perl Modules | Experiment |
| [CVE-2020-9376 & CVE-2020-9377 ](/) | 0-day authentication bypass + RCE on D-LINK 610 | Advisories |
| [Puppet](/experiments/puppet/) | Puppeter module to find client-side vulns | Experiment |
---
### Contribution
- Your contributions and suggestions are heartily โฅ welcome. [See here the contribution guidelines.](/.github/CONTRIBUTING.md) Please, report bugs via [issues page](https://github.com/htrgouvea/research/issues) and for security issues, see here the [security policy.](/SECURITY.md) (โฟ โโฟโ)
- If you are interested in providing financial support to this project, please visit: [heitorgouvea.me/donate](https://heitorgouvea.me/donate)
---
### License
- This work is licensed under [MIT License.](/LICENSE.md)