Selected Research Publications

Drafts, Preprints, Patents, CVEs, POCs, Talks and more

I research on all things computer science, especially applied computer security. I relish computational thinking and human-computer interaction. I'm interested in making systems more natural and transparent and probably, that's the reason my research spans around password dynamics, software and hardware vulnerabilities, software obfuscation, privacy on the Internet and beyond. I love open-source culture and thus, try to release everything I do as soon as possible.


Jun 04th: Augmenting Motion Sensing To Improve Ordinary IP Webcam Feeds Exploiting Alpha Compositing, Copyright Office, Govt. of India
«Cold Storage»


Dec 28th: Contre Sozial — Breaking the doomscrolling cycle using the power of machine learning algorithms.

Jun 26th: Full Address Bar Spoofing On Opera Mini Android (ANMEXT-148725) — The vulnerability not only spoofs the address bar, but makes the spoofed web-page completely responsive so the attack becomes practical.
«Hall of Fame» «blog»

Jun 23rd: Medium Android — Injection of augmented malicious stories in Reading List capable of causing Javascript Injection & Open Redirects.
«Hall of Fame»

Jun 22nd: Medium Android — Camouflaged GitHub Activity Giving Access to Internal API Calls.
«Hall of Fame» «blog»

Mar 20th: Deaf-INATOR & Noisy — Urbane Microphone Jamming.

Mar 14th: Introducing πrate — Pi Day 2020
«blog» «GitHub»


Nov 24th: Delatar — Exposing hackers. The story of CMU-PPP.

Oct 11th: Server fingerprinting — How I broke most famous recon tools and made the script kiddies sad, BSides Delhi.
«pdf» «blog» «GitHub»

Sep 19th: res-block — Extension Resources Block Attack on Chrome, Google.
«code» «blog»

Sep 7th: SNYK-JS-JISON-570539 — OS Command Injection on Jison [all-parser-ports], Node.js third-party modules, HackerOne, Snyk.
«report#690010» «advisory»

Sep 5th: CVE-2019-14339 — Canon PRINT 2.5.5 URI Injection, MITRE, NVD, U.S. govt.
«advisory» «exploit»

Aug 29th: Address bar spoofing in Firefox Lite for Android.
«blog» «PoC»

Jun 25th: Gaming py4e — Python for Everybody, Dr. Charles Russell Severance.


Rough drafts in privacy and security area.


Aug 26th: Possible Information Leak & RCE on Motorola, Sony, OnePlus Android 7.0.


No activity.

Whenever one decides not to follow the herd mentality, one signs it's own mock-me warrant.

Piyush Raj, 22 June 2020