About me
I am Björn Ruytenberg, MSc student in Computer Science and Engineering, specializing in Information Security, at TU/e and RU. Being a technology enthusiast, I hold a BSc in Electrical Engineering as well as Computer Science (cum laude). Aside from my work as a software developer, I enjoy participating in bug bounty programs. My vulnerability research mainly focuses on input validation and sandboxing technology in widely deployed enterprise products. Previously, I have been a teaching assistant for Parallelization, Compilers and Platforms (5LIM0) and Networks and Security (3USU0).
You can get in touch with me by email at bjornbjornwebnl (PGP), Twitter (@0Xiphorus), and Freenode IRC (Xiphorus).
Blog
My blog is a collection of articles. Here are the most recent entries:
- Playing in the Remote Sandbox: Adobe Flash Windows User Credentials Disclosure Vulnerability (CVE-2017-3085)
- Adobe Flash: Bypassing the local sandbox to exfiltrate data, obtain Windows user credentials (CVE-2016-4271)
- Foxit Reader: Bypassing the Safe Mode sandbox to execute arbitrary code, exfiltrate data (ZDI-16-395)
Security vulnerabilities
I report security vulnerabilities whenever I find them. Some are listed below:
- CVE-2018-12402 - Mozilla Firefox WebBrowserPersist uses incorrect origin information
- CVE-2017-4939 - VMware Workstation DLL Hijacking Arbitrary Code Execution
- SSD-3463 - Microsoft Office Host Machine Information and Windows User Credentials Disclosure
- CVE-2017-3085 - Adobe Flash Remote Sandbox Windows User Credentials Disclosure
- CVE-2016-4271 - Adobe Flash Local Data Exfiltration and Windows User Credentials Disclosure
- ZDI-16-395 - Foxit Reader Arbitrary Code Execution and Information Disclosure
Talks
- Playing in the Sandbox - Details TBA (upcoming)
Conference talk at CONFidence, Krakow (06/2019) - Playing in the Sandbox: Adobe Flash Exploitation Tales
Conference talk at AsiaSecWest, Hong Kong (06/2018) - On the Spectre of Meltdown: Analysing the Attacks and Mitigations
Seminar talk at department of Mathematics and Computer Science, Eindhoven University of Technology (05/2018)
Guest lecture for Embedded Systems graduate course on Parallelization, Compilers and Platforms (03/2018) - Playing in the Sandbox: Bypassing Adobe Flash Input Validation
Invited talk at OWASP Netherlands Chapter Meeting, Radboud University Nijmegen (10/2017) - Scribbles: Dissecting the Vault7 Office Tracker Implant
Information Security seminar, Eindhoven University of Technology (06/2017)