About me

I am Björn Ruytenberg, MSc student in Computer Science and Engineering, specializing in Information Security, at TU/e and RU. Being a technology enthusiast, I hold a BSc in Electrical Engineering as well as Computer Science (cum laude). Aside from my work as a software developer, I enjoy participating in bug bounty programs. My vulnerability research mainly focuses on input validation and sandboxing technology in widely deployed enterprise products. Previously, I have been a teaching assistant for Parallelization, Compilers and Platforms (5LIM0) and Networks and Security (3USU0).

You can get in touch with me by email at bjornbjornwebnl (PGP), Twitter (@0Xiphorus), and Freenode IRC (Xiphorus).

Blog

My blog is a collection of articles. Here are the most recent entries:

• Playing in the Remote Sandbox: Adobe Flash Windows User Credentials Disclosure Vulnerability (CVE-2017-3085)
• Adobe Flash: Bypassing the local sandbox to exfiltrate data, obtain Windows user credentials (CVE-2016-4271)
• Foxit Reader: Bypassing the Safe Mode sandbox to execute arbitrary code, exfiltrate data (ZDI-16-395)

Security vulnerabilities

I report security vulnerabilities whenever I find them. Some are listed below:

• CVE-2018-12402 - Mozilla Firefox WebBrowserPersist uses incorrect origin information
• CVE-2017-4939 - VMware Workstation DLL Hijacking Arbitrary Code Execution
• SSD-3463 - Microsoft Office Host Machine Information and Windows User Credentials Disclosure
• CVE-2017-3085 - Adobe Flash Remote Sandbox Windows User Credentials Disclosure
• CVE-2016-4271 - Adobe Flash Local Data Exfiltration and Windows User Credentials Disclosure
• ZDI-16-395 - Foxit Reader Arbitrary Code Execution and Information Disclosure

Talks

• Playing in the Sandbox - Details TBA (upcoming)
  Conference talk at CONFidence, Krakow (06/2019)
• Playing in the Sandbox: Adobe Flash Exploitation Tales
  Conference talk at AsiaSecWest, Hong Kong (06/2018)
• On the Spectre of Meltdown: Analysing the Attacks and Mitigations
  Seminar talk at department of Mathematics and Computer Science, Eindhoven University of Technology (05/2018)
  Guest lecture for Embedded Systems graduate course on Parallelization, Compilers and Platforms (03/2018)
• Playing in the Sandbox: Bypassing Adobe Flash Input Validation
  Invited talk at OWASP Netherlands Chapter Meeting, Radboud University Nijmegen (10/2017)
• Scribbles: Dissecting the Vault7 Office Tracker Implant
  Information Security seminar, Eindhoven University of Technology (06/2017)

Miscellaneous

Whenever I have an urge to drop a file somewhere, I usually do this in my files section.