About me

I have started as desktop and backend C++/C# developer. While one part of me enjoyed creating programs, my other passion always was finding cracks and breaking things. After some time I’ve moved into Information Security field where I feel I found a balance: I enjoy writing security tools and performing technical security assessments. In my free time I like researching security of third party products (both closed and open source).

Open source projects I am or was actively involved:

Security Code Scan - Security static code analysis for C# and VB.NET.
Electronegativity - Vulnerability patterns detector for JavaScript/TypeScript Electron applications.

You can find me on Twitter, GitHub, Linkedin and you can reach me at jarlob+gh()gmail.com

Disclosures:

Arbitrary code execution in Resource.NET (not fixed)
Arbitrary code execution in dnSpy
Path Traversal in Aspose.ZIP for .NET
RCE in Joplin desktop client
SQL injection in Xataface. (The fix)
SQL injection in PHP-MySQLi-Database-Class