I have started as desktop and backend C++/C# developer. While one part of me enjoyed creating programs, my other passion always was finding cracks and breaking things. After some time I’ve moved into Information Security field where I feel I found a balance: I enjoy writing security tools and performing technical security assessments. In my free time I like researching security of third party products (both closed and open source).
Open source projects I am or was actively involved:
Security Code Scan - Security static code analysis for C# and VB.NET.
You can find me on Twitter, GitHub, Linkedin and you can reach me at jarlob+gh()gmail.com
Authenticode signature validation bypass in Autodesk Dynamo BIM (CVE-2020-7079) and SoundSwitch
Arbitrary code execution in Resource.NET (not fixed)
Arbitrary code execution in dnSpy
Path Traversal in Aspose.ZIP for .NET
RCE in Joplin desktop client
SQL injection in Xataface. (The fix)
SQL injection in PHP-MySQLi-Database-Class