1. Andy's Cave
  2. Blog
    ❱
    1. Security Research
      ❱
      1. 2025-05-28 - OpenC3 Cosmos - Vulnerability Research
      2. 2025-04-07 - Designing Secure Space Systems
      3. 2025-03-29 - NASA cFS - Vulnerability Research
      4. 2025-03-07 - NASA F' - Vulnerability Research
      5. 2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter
      6. 2024-11-08 - Quack-quack - HID attacks with NetHunter
      7. 2024-11-06 - Flashing an OS image to your Android device
      8. 2024-08-21 - How to crash a Spacecraft – DoS through Vulnerability in NASA CryptoLib v1.3.0
      9. 2024-08-09 - Ground Control to Major Threat: Hacking the Space Link Extension Protocol
      10. 2024-07-17 - IDOR's in NCIA ANET v3.4.1
      11. 2024-05-21 - Remote Code Execution via Man-in-the-Middle (and more) in NASA's AIT-Core v2.5.2
      12. 2024-01-16 - Exploiting the Apache Karaf Console
      13. 2024-01-12 - Exploitation of the OSGi console
      14. 2023-11-02 - XSS in NASAs Open MCT v3.0.2 - data exfiltration
      15. 2023-10-13 - Yamcs Vulnerability Assessment
      16. 2023-10-12 - Prototype Pollution in NASAs Open MCT CVE-2023-45282
    2. Personal
      ❱
      1. 2025-07-18 - STARPWN DEF CON 33 CTF
      2. 2025-06-21 - Rosetta Flashback
      3. 2024-12-29 - What a year 2024 has been - a brief summary
      4. 2024-09-17 - ChatGPT wrote a Rust program for me that generates an RSS feed from Markdown files
      5. 2024-09-16 - Navigating the Leap: My Journey from Software Engineering to Offensive Security
      6. 2024-01-17 - Getting a Black Belt in Wi-Fu - OSWP Review
      7. 2023-10-19 - My Journey to Finding My First 0day/CVE
      8. 2023-08-05 - How I Failed OSWA Exam
      9. 2023-01-12 - ADwalk: simple PowerShell script to enumate Active Directory
      10. 2022-12-20 - clif: simple command-line application fuzzer
      11. 2022-12-12 - nansi: simple tool for task automation
    3. Mid-career Transition to Infosec
      ❱
      1. 0x07 (2023-07-23)
      2. 0x06 (2023-03-19)
      3. 0x05 (2023-01-16)
      4. 0x04 (2022-09-01)
      5. 0x03 (2022-08-10)
      6. 0x02 (2022-04-27)
      7. 0x01 (2022-03-10)
  3. About
  4. Conferences
  5. Trophy Wall
  6. Exploits

Andy's Cave

My Infosec Trophies

Certificates

Offensive Security Certified Professional (OSCP)

Offensive Security Web Assessor (OSWA)

Offensive Security Wireless Professional (OSWP)

CVEs

CVE-2025-28380 6.1 MEDIUM

CVE-2025-28381 7.5 HIGH

CVE-2025-28382 7.5 HIGH

CVE-2025-28384 9.1 CRITICAL

CVE-2025-28386 9.8 CRITICAL

CVE-2025-28388 9.8 CRITICAL

CVE-2025-28389 9.8 CRITICAL

CVE-2025-25374 7.5 HIGH

CVE-2025-25373 9.8 CRITICAL

CVE-2025-25372 7.5 HIGH

CVE-2025-25371 7.5 HIGH

CVE-2024-55030 9.8 CRITICAL

CVE-2024-55029 6.1 MEDIUM

CVE-2024-55028 9.8 CRITICAL

CVE-2024-44912 7.5 HIGH

CVE-2024-44911 7.5 HIGH

CVE-2024-44910 7.5 HIGH

CVE-2024-38447 8.1 HIGH

CVE-2024-38446 6.5 MEDIUM

CVE-2024-35061 7.3 HIGH

CVE-2024-35060 7.5 HIGH

CVE-2024-35059 7.5 HIGH

CVE-2024-35058 7.5 HIGH

CVE-2024-35057 7.5 HIGH

CVE-2024-35056 9.8 CRITICAL

CVE-2023-47311 6.1 MEDIUM

CVE-2023-46471 5.4 MEDIUM

CVE-2023-46470 5.4 MEDIUM

CVE-2023-45885 5.4 MEDIUM

CVE-2023-45884 6.5 MEDIUM

CVE-2023-45282 7.5 HIGH

CVE-2023-45281 6.1 MEDIUM

CVE-2023-45280 5.4 MEDIUM

CVE-2023-45279 5.4 MEDIUM

CVE-2023-45278 9.1 CRITICAL

CVE-2023-45277 7.5 HIGH

CTFs

CTFtime

HackTheBox