Hey! I am Marc-Alexandre Montpas, welcome to my place. 🙂
I’m currently working as a Vulnerability Researcher, leading the Vulnerability Research Team at Sucuri. My interests are vasts, ranging from Web Application Security and Reverse Engineering to OS Design and Implementation. You’ll generally find me hacking stuffs at Security CTFs (Capture The Flag) or disclosing vulnerabilities in popular products for the fun of it.
You might’ve heard of me through some of these:
- (2017) Bleeping Computer – New Joomla SQL Injection Flaw Is Ridiculously Simple To Exploit
- (2017) The Hacker News – Critical WordPress REST API Bug: Prevent Your Site From Being Hacked!
- (2016) PCWorld – Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
- (2016) Softpedia – Stored XSS Bug Affects All bbPress WordPress Forum Versions
- (2016) ITWorld – Critical vulnerabilities patched in Magento e-commerce platform
- (2015) SCMagazine – Stored XSS bug in popular Akismet plugin puts WordPress sites at risk
- (2015) SCMagazine – Stored XSS vulnerability identified in Jetpack plugin for WordPress
(2015) PCWorld – Flaw in WordPress caching plug-in could affect 1 million sites
- (2015) SC Magazine – Bug in popular WordPress plugin opens up websites to SQL injection attacks
- (2015) Threatpost – PHP Applications, WordPress Subject to Ghost glibc Vulnerability
- (2015) The Hacker News – GHOST glibc Vulnerability Affects WordPress and PHP applications
- (2014) PCWorld – Vulnerability in popular Joomla e-commerce extension puts online shops at risk
- (2014) Threatpost – Akeeba Patches Bypass Vulnerability in Joomla
- (2014) Ars Technica – Bugs in widely used WordPress plug-in leave sites vulnerable to hijacking
Just the usual stuff, the ideas and opinions presented here are my own and does not represent those of people, institutions and organizations that I may be associated with (unless explicitely stated).