...

I’m a cyber risk consultant with experience in penetration testing, working towards my Master’s degree in Security Studies at Georgetown’s Walsh School of Foreign Service, focused on Technology, Security, and Eastern Europe. In my free time, I conduct independent vulnerability research and have been credited with several CVE’s including CVE-2021-35956 and CVE-2021-3441, and was nominated to the 2021 Motorola Solutions Bug Bounty Hall of Fame.

Education, Certifications, & Recognition
As a freelance security researcher, I try to constantly learn new techniques for finding vulnerabilities in everyday applications and software. This list includes my findings to date, including bug bounties and 0-day vulnerabilities disclosed as part of responsible disclosure guidelines.
Date Title Vendor Bounty CVE
09/2021 Freshports Reflective Cross-Site Scripting (XSS) Freshports N/A N/A
09/2021 Avigilon Presence Detector, H4A Box/Fisheye, Dome, Bullet, Multisenso Camera Authenticated Stored XSS Avigilon N/A CVE-2021-38701
01/2021 HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS) HP Inc N/A CVE-2021-3441
07/2021 Colorhunt.co Reflective Cross-Site Scripting (XSS) via Pallet Type Colorhunt.co N/A N/A
06/2021 AKCP sensorProbe - 'Multiple' Cross Site Scripting (XSS) AKCP N/A CVE-2021-35956
05/2021 Authentication Bypass by Spoofing in Miodec/monkeytype MonkeyType $40 N/A
05/2021 MonkeyType.com - Stored Cross-Site Scripting (XSS) via Tribe Chat MonkeyType N/A N/A
05/2021 Teradek Bond/Bond 2/Bond Pro - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek Brik - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek Clip - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek Cube/Cube Pro - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek Slice - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek Sphere - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Teradek VidiU/VidiU Mini - Authenticated Stored Cross-Site Scripting (XSS) via Friendly Name Teradek TBD TBD
05/2021 Disclosure Pending Pending N/A TBD
05/2021 PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS) PHP Timeclock N/A N/A
05/2021 PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection PHP Timeclock N/A N/A
05/2021 MonkeyType.com - Cross Site Scripting (XSS) via Word History MonkeyType N/A N/A
04/2021 Blockfi - Undisclosed Vulnerability BlockFi $1,000 N/A
10/2020 TimeClock Software 1.01 0(Authenticated) Time-Based SQL Injection Timeclock N/A N/A
03/2020 Hinge - Modification of Assumed Immutable Data (M.A.I.D) Hinge $250 N/A

Below is a short list of articles and research papers I've published. For more information or to read the full article, click the linked icons below.

  1. PHP Timeclock 1.04 Vulnerability Disclosure
    Butler, Tyler
    2021
  2. Modification of Assumed Immutable Data (M.A.I.D) on the Hinge Dating Application
    Butler, Tyler
    2020
  3. Considering the Plausibility of IDN Homograph Attacks on iOS
    Butler, Tyler
    2021

Below is a short overview of courses I've help teach as an undergrad at The Pennsylvania State University.

CRIM 100 Introduction to The American Justice System

1/08/2016 - 06/30/2016

I assisted Professor Lecinda M. Yevchak in the Department of Sociology and Criminology in grading student papers and assisting students on the capstone project.

DEPARTMENT OF SOCIOLOGY AND CRIMINOLOGY

As a passionate open source developer, I spent much of my time writting and reviewing code. Below is a couple projects I am currently hacking on. If you're interested in the full list of projects I'm contributing to, please see my GitHub

Jek
Jek is a minimalist jekyll theme putting the power of color schemes in the user’s hands. Toggle between schemes hassle-free, create new ones on the go, and store settings in-browser
Technologies
jekyll javascript github
BananaCannon
BananaCannon is a series of exploit proof of concepts for MonkeyType.com, a popular typing test web application with a growing community. Current research includes two cross-site scripting vulenrabilities, a proof of concept exploit that allows users to automatically top the leaderboard, and a proof of concept for impersonating other user's in Tribe chat via socket modification.
Technologies
node burpsuite sockets.io
Jekyll-Theme-Dumbarton
Dumbarton is a jekyll theme designed for academics. It is the theme that powers this site. It provides enough content to fully represent a full body of work but still retains a minimalistic feel. The theme features a central homepage with easy access to publications, projects, courses, and projects in a single interactive card.
Technologies
jekyll github bootstrap
TimeClock-1.01-Vuln
TimeClock-1.01-Vuln is a proof of concept for a time-based SQL injection attack in the Employee Time-clock software, version 1.01. This exploit was added to Exploit-DB in entry 48874.
Technologies
docker PhpMyAdmin Digital Ocean
jPigLatin
JPigLatin is a pig-latin translation and speech synthesis application powered by my jPigLatin npm package. Check it out at JPigLatin.com
Technologies
NPM JavaScript