-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathindex.html
85 lines (77 loc) · 6.52 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<!-- layout inspired by squarectf.com -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Ankur Sundara</title>
<link rel="stylesheet" href="main.css"/>
<link rel="shortcut icon" href="/favicon.png" type="image/png">
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-129072124-2"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-129072124-2');
</script>
</head>
<body>
<div class="wideline begin">
<span>ANKUR_SUNDARA(1)</span>
<span><a href="https://ankursundara.com/">Ankur Sundara</a></span>
<span>ANKUR_SUNDARA(1)</span>
</div>
<h1>NAME</h1>
<p>ankur-sundara - Info about Ankur Sundara.</p>
<h1>DESCRIPTION</h1>
<p>I do security consulting with <a href="https://twitter.com/LeviathanSec">Leviathan Security</a>. CS grad from University of Illinois at Urbana-Champaign. InfoSec nerd with a focus in web and cloud security.</p>
<h1>PROJECTS</h1>
<ul>
<li><a href="https://ctftime.org/event/1372">UIUCTF '22</a>/Jul 2022: Challenge dev + infra - over 400 teams participated</li>
<li><a href="https://ctftime.org/event/1372">UIUCTF '21</a>/Jul 2021: Led infra and helped with challenge development - over 650 teams participated</li>
<li><a href="https://arxenix.dev/valheim-tools/character">valheim-save-editor</a>/Jan 2021: Reverse engineered the save file format for a popular game called Valheim, and made an online editor for it</li>
<li><a href="https://ctftime.org/event/1075">UIUCTF '20</a>/Jul 2020: Led infra and helped with challenge development - over 800 teams participated</li>
<li><a href="https://github.com/arxenix/starborne-assistant">Starborne Assistant</a>/Jan 2020: Reverse engineered a desktop game called Starborne using dnSpy + Wireshark, and developed a mobile client for it</li>
<li><a href="https://github.com/sigpwny/sigpwny-shibboleth-auth">SIGPwny Shibboleth Auth</a>/Oct 2019: Set up a dockerized shibboleth service provider & discord bot to authenticate users to the SIGPwny (UIUC InfoSec club) discord server</li>
<li><a href="https://github.com/arxenix/firebase-scanner">firebase-scanner</a>/Apr 2019: Set of tools to automatically scan for firebase databases and endpoints within the databases, and dump available data</li>
<li><a href="https://github.com/arxenix/react-dagre-d3">react-dagre-d3</a>/Jul 2018: React component for creating and doing automatic layout of DAGs</li>
<li><a href="https://github.com/arxenix/Truncated-LCG-Cracking">Truncated LCG Cracker</a>/Jun 2018: Code to break truncated LCGs (type of pRNG) and recover parameters</li>
<li><a href="https://github.com/ctf-x/ctfx-problems">CTF(x)</a>/Aug 2016: Organized and hosted a CTF cybersecurity competition - over 400 teams participated</li>
<li><a href="https://github.com/arxenix/CTFg">CTFg</a>/Jul 2016: SPA CTF platform in MeteorJS</li>
<li><a href="https://github.com/arxenix/LaundryAlert">LaundryAlert</a>/Jun 2016: Cross-platform app written in Dart for tracking laundry machine status at U of I</li>
<li><a href="https://github.com/arxenix/Scibowl-Practice-v2">SciBowl Practice</a>/Apr 2016: SPA webapp in MeteorJS to practice random questions for USDoE's Science Bowl</li>
<li><a href="https://github.com/krx/HackExeter-EyeSpy">EyeSpy</a>/May 2016: Application to control your computer mouse using only your eyes. Won 1st place in HackExeter 2016</li>
<li><a href="https://bukkit.org/members/bobacadodl.90595184/">Minecraft Server Plugins</a>/2013-2015: I made a ton of random Minecraft server plugins, you may have seen a few if you played a lot of multiplayer Minecraft. Some of the unique (first to implement) things I did: <a href="https://dev.bukkit.org/projects/clickedit">editing signs by simply right-clicking them</a> (200k+ downloads), <a href="https://dev.bukkit.org/projects/enchantmore">adding new custom enchantments</a>, <a href="https://dev.bukkit.org/projects/motdeditor">animated server status messages</a>, <a href="https://bukkit.org/threads/lib-imagemessage-v2-1-send-images-to-players-via-the-chat.204902/">library to send ASCII images in chat</a>, <a href="https://i.imgur.com/YmfZUpq.png">hologram item shops</a>, and <a href="https://i.imgur.com/X8rtWuz.png">MMO-like physical item drops</a></li>
</ul>
<h1>RESEARCH</h1>
<ul>
<li>XS-Leaks: Currently doing lots of research into various vectors for XS-leaks, hopefully a talk in the future?? Some browser vulns discovered, including <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37989">CVE-2021-37989</a></li>
<li>PyYAML 0day/Jul 2020: Found a vulnerability in PyYAML's default deserialization method (FullLoader) which allowed attackers to obtain arbitary code execution (<a href="https://access.redhat.com/security/cve/cve-2020-14343">CVE-2020-14343</a>)</li>
</ul>
<h1>WORK</h1>
<ul>
<li>Currently working as a Security Consultant @ Leviathan Security: Web, cloud, and game security</li>
<li>Research Intern @ Trail of Bits/Summer 2019: Worked on slither-codegen, a project to generate EVM Bytecode directly from SlithIR</li>
<li>SWE Intern @ Instabase/Summer 2018: Worked on a distributed systems scaling framework, full stack web development, and fixed security bugs</li>
<li>SWE Intern @ Formlabs/Summer 2017: Full stack web dev, created a new company blog, outlined a new API version for authenticated API requests and a protocol for upgrading</li>
<li>Web Development Intern @ Seceon/Summer 2016: Created a server anlytics aggregation portal</li>
<li>Research Intern @ JHU Center for Computational Biology/Summer 2015: Worked with prof Liliana Florea to develop an algorithm for detecting different types of gene alternative splicing events</li>
</ul>
<h1>OTHER</h1>
<p>
<a href="https://blog.ankursundara.com">BLOG(1)</a>
</p>
<h1>CONTACT</h1>
<p>
<a href="https://twitter.com/ankursundara">TWITTER(1)</a>
<a href="https://discordapp.com/users/181927679195480064">DISCORD(1)</a>
<a href="https://github.com/arxenix">GITHUB(1)</a>,
<a href="https://www.linkedin.com/in/ankursundara/">LINKEDIN(1)</a>,
</p>
<div class="wideline end">
<span>arxenix</span>
<span>Aug, 2022</span>
<span>ANKUR_SUNDARA(1)</span>
</div>
</body>
</html>