Wladimir Palant@WPalant@infosec.exchange
It seems that I’ve never done a proper #introduction despite having been here since 2018, so well…
I’m Wladimir Palant, and for the past few years I’ve been mostly doing security and privacy research. My goal is both making popular software more secure and teaching people about ways in which things typically go wrong. I also raise awareness to privacy violations. My findings are published in my blog: https://palant.info/
My primary focus are browser extensions, which I consider a severely under-researched area. I do also find myself reverse engineering binary applications occasionally.
You might have heard about my research on Avast spying which eventually led to their Jumpshot division being shut down: https://palant.info/categories/avast/
Some other interesting research:
· Remote code execution in Bitdefender antivirus from any website: https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
· Remote code execution in McAfee WebAdvisor from any website: https://palant.info/2020/02/25/mcafee-webadvisor-from-xss-in-a-sandboxed-browser-extension-to-administrator-privileges/
· Remote code execution in Avast Secure Browser from any website: https://palant.info/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/
· Amazon Assistant is a perfect user tracking machine: https://palant.info/2021/03/08/how-amazon-assistant-lets-amazon-track-your-every-move-on-the-web/
· Issues caused by Kaspersky antivirus breaking up HTTPS connections: https://palant.info/2019/08/19/kaspersky-in-the-middle--what-could-possibly-go-wrong/