CVEs
- CVE-2017-11774 - Microsoft Outlook: Remote Code Execution
- CVE-2017-17405 - Ruby FTP: Remote Code Execution
- CVE-2018-11235 - Git: Remote Code Execution
- CVE-2018-16873 - Golang (go get): Remote Code Execution
- CVE-2019-0561 - Microsoft Word: Information disclosure
- CVE-2019-13139 - Docker: Command Injection to Remote Code Execution
- CVE-2020-25695 - Postgresql: restricted sandbox escape and Privilege escalation
- CVE-2021-40153 - Squashfs: file write outside of target
Talks
Botconf 2013
- Slides: https://www.botconf.eu/wp-content/uploads/2013/08/09-EtienneStalmans.pdf
- Video: https://www.dailymotion.com/video/x1bj6h0
Defcon 2015
Troopers 2017
- Slides: https://www.slideshare.net/sensepost/ruler-and-liniaal-troopers-17
- Video: https://www.youtube.com/watch?v=tuc8cwOAAcA
EkoParty 2017
DevSecCon Boston 2018
- Slides and demos: https://github.com/cji/talks/tree/master/DevSecConBoston2018
Brucon 2018
- Slides and demos: https://github.com/cji/talks/tree/master/BruCON2018
- Video: https://www.youtube.com/watch?v=QPCI69vKN04
Troopers 2019
- Slides, demos and other content: https://github.com/staaldraad/troopers19/
- Video: https://www.youtube.com/watch?v=hUhXulSelUQ
Black Hat Europe 2019
- Video: https://youtu.be/g6dtjtYOw2w
Papers
- A framework for DNS based detection and mitigation of malware infections on a network
- Real-time distributed malicious traffic monitoring for honeypots and network telescopes
- Geo-spatial autocorrelation as a metric for the detection of fast-flux botnet domains
- Spatial Statistics as a Metric for Detecting Botnet C2 Servers
- An exploratory framework for non-aggressive response to hostile network traffic
- Remote fingerprinting and multisensor data fusion
- A Framework for DNS Based Detection of Botnets at the ISP Level
- An Exploratory Framework for Extrusion Detection
- Master Thesis