Lead Penetration Tester at BAE Systems DI
3
Talks Delivered
3
Events Spoken At
2
Countries Visited
3
Years Speaking
3
Total Talks Given
Aden is a Lead Penetration Tester at BAE Systems DI based in Malaysia, with over 10 years of experience in offensive security. He has successfully led red teaming and advanced penetration testing engagements across multiple industries worldwide, uncovering critical vulnerabilities in both applications and infrastructure. Beyond client work, he actively contributes to bug bounty and vulnerability disclosure programs. His research has led to the discovery of multiple internet-exposed vulnerabilities, earning him 18 CVE IDs to date. He has previously shared his work at ROOTCON, BSides, Nanosec, and RedTeam Hacker Academy conferences.
Areas of Expertise
Presentation Types
Audience Types
Electron is a free and open-source software framework developed and maintained by OpenJS Foundation. The framework is designed to create desktop applications using web technologies that are rendered using a version of the Chromium browser engine and a back end using the Node.js runtime environment. To mitigate the vulnerability, “NodeIntegration” function was set to default false on all Electron Frameworks starting from version 5.0.0, which means the renderer process does not have access to the Node.js APIs. Similarly, the “nodeIntegrationInWorker” option is also by default set to false, so that Electron Web Workers do not have access to the Node.js APIs. This helps prevent malicious code from executing in the renderer process and accessing sensitive system resource. If the developer still requires the “NodeIntegration” to be enabled, they will need to explicitly enable it in Electron Node.js configuration. BAE Systems security researchers was able to identify dozens of misconfigured apps written using Electron framework that are publicly available on the Internet, these misconfigurations could potentially lead to RCE if a simple XSS vulnerability was present. BAE Systems security researchers will demonstrate techniques used to exploit these vulnerabilities to achieve RCE by chaining a simple XSS bug. Some of these vulnerabilities are Pre-auth (no authentication required), thus can be easily exploited in the wild without user interaction (zero-click). At the time of writing, BAE Systems security researchers had found 3 0-days in popular apps hosted on Github, these apps are widely used on the Internet and are easily exploitable via our zero click exploit that we had developed. We had reported these vulnerabilities to their respective application owners and now awaiting their response. If the fix is available before we present this topic, we will provide full disclosure of the vulnerabilities during the conference.
OpenEMR is the most popular open-source medical practice management, electronic medical records, prescription writing and medical billing application used by Healthcare Professionals. Security researchers from Project Insecurity and SonarSource had reported numerous vulnerabilities in OpenEMR application prior to 2021.
However, BAE Systems Vulnerability Research team took up the challenge to uncover more vulnerabilities in the same application. To our surprise, we still found a huge number of high impact vulnerabilities inside the application recently. These vulnerabilities could potentially expose medical records and other sensitive patient data, to tampering of the billing information and administrator functionalities by unauthorized personnel. The security flaws were discovered by combining both manual source code analysis and white box testing.
In this talk we will share our experiences of uncovering over 60 vulnerabilities resulting in 8 public CVEs. We will share the key findings (subject to pending patch rollout) and challenges in hunting for OpenEMR VDP. It is our hope that this talk will enable other researchers to get involved in Vulnerability Research and help make the Internet a safer place.
