Research

Talks

• Don’t judge an audiobook by its cover: taking over your Amazon account with a Kindle @ Black Hat Europe 2025, CODE BLUE 2025
• Bug hunting in Steam: a journey into the Remote Play protocol @ SSTIC 2023 (paper)
• Fuzzing Microsoft’s RDP Client using Virtual Channels @ SSTIC 2022 (paper)

CVEs

• TBA in Philips Hue Bridge (Pwn2Own Ireland 2025)
• TBA in Kindle OS
• CVE-2023-51364, CVE-2023-51365 in QNAP QTS: RCE (Pwn2Own Toronto 2023)
• CVE-2021-38666 in Windows: RCE in the RDP client
• CVE-2021-38665 in Windows: Remote Heap Leak in the RDP client
• CVE-2021-37595 in FreeRDP: Remote Arbitrary File Read
• CVE-2021-37594 in FreeRDP: Remote Memory Leak

Other

• Remote Code Execution in Steam Remote Play (2023)