NAME

ankur-sundara - Info about Ankur Sundara.

DESCRIPTION

I do security consulting with Leviathan Security. CS grad from University of Illinois at Urbana-Champaign. InfoSec nerd with a focus in web and cloud security.

PROJECTS

• UIUCTF '22/Jul 2022: Challenge dev + infra - over 400 teams participated
• UIUCTF '21/Jul 2021: Led infra and helped with challenge development - over 650 teams participated
• valheim-save-editor/Jan 2021: Reverse engineered the save file format for a popular game called Valheim, and made an online editor for it
• UIUCTF '20/Jul 2020: Led infra and helped with challenge development - over 800 teams participated
• Starborne Assistant/Jan 2020: Reverse engineered a desktop game called Starborne using dnSpy + Wireshark, and developed a mobile client for it
• SIGPwny Shibboleth Auth/Oct 2019: Set up a dockerized shibboleth service provider & discord bot to authenticate users to the SIGPwny (UIUC InfoSec club) discord server
• firebase-scanner/Apr 2019: Set of tools to automatically scan for firebase databases and endpoints within the databases, and dump available data
• react-dagre-d3/Jul 2018: React component for creating and doing automatic layout of DAGs
• Truncated LCG Cracker/Jun 2018: Code to break truncated LCGs (type of pRNG) and recover parameters
• CTF(x)/Aug 2016: Organized and hosted a CTF cybersecurity competition - over 400 teams participated
• CTFg/Jul 2016: SPA CTF platform in MeteorJS
• LaundryAlert/Jun 2016: Cross-platform app written in Dart for tracking laundry machine status at U of I
• SciBowl Practice/Apr 2016: SPA webapp in MeteorJS to practice random questions for USDoE's Science Bowl
• EyeSpy/May 2016: Application to control your computer mouse using only your eyes. Won 1st place in HackExeter 2016
• Minecraft Server Plugins/2013-2015: I made a ton of random Minecraft server plugins, you may have seen a few if you played a lot of multiplayer Minecraft. Some of the unique (first to implement) things I did: editing signs by simply right-clicking them (200k+ downloads), adding new custom enchantments, animated server status messages, library to send ASCII images in chat, hologram item shops, and MMO-like physical item drops

RESEARCH

• XS-Leaks: Currently doing lots of research into various vectors for XS-leaks, hopefully a talk in the future?? Some browser vulns discovered, including CVE-2021-37989
• PyYAML 0day/Jul 2020: Found a vulnerability in PyYAML's default deserialization method (FullLoader) which allowed attackers to obtain arbitary code execution (CVE-2020-14343)

WORK

• Currently working as a Security Consultant @ Leviathan Security: Web, cloud, and game security
• Research Intern @ Trail of Bits/Summer 2019: Worked on slither-codegen, a project to generate EVM Bytecode directly from SlithIR
• SWE Intern @ Instabase/Summer 2018: Worked on a distributed systems scaling framework, full stack web development, and fixed security bugs
• SWE Intern @ Formlabs/Summer 2017: Full stack web dev, created a new company blog, outlined a new API version for authenticated API requests and a protocol for upgrading
• Web Development Intern @ Seceon/Summer 2016: Created a server anlytics aggregation portal
• Research Intern @ JHU Center for Computational Biology/Summer 2015: Worked with prof Liliana Florea to develop an algorithm for detecting different types of gene alternative splicing events

OTHER

BLOG(1)

CONTACT

TWITTER(1) DISCORD(1) GITHUB(1), LINKEDIN(1),