Research

Talks

• Bug hunting in Steam: a journey into the Remote Play protocol (SSTIC 2023) (paper)
• Fuzzing Microsoft’s RDP Client using Virtual Channels (SSTIC 2022) (paper)

CVEs

• CVE-2021-38666 in Windows — Remote Code Execution in the RDP client
• CVE-2021-38665 in Windows — Remote Heap Leak in the RDP client
• CVE-2021-37595 in FreeRDP — Remote Arbitrary File Read
• CVE-2021-37594 in FreeRDP — Remote Memory Leak

Other

• Remote Code Execution in Steam Remote Play