Mav Levin Security Research
I find critical security flaws in software and work with maintainers to fix them before publishing my research.
My 3 am realization exposed a vulnerability in blockchain infrastructure handling billions in cryptocurrency transactions. This vulnerability writeup details a critical race condition I found in the Flashbots Ethereum MEV-Boost relay that allowed attackers to hijack MEV auctions and trick validators.
I challenged myself to hack the next system I stumbled into and ended up with unauthenticated RCE on Ethereum’s retesteth. This is the exploit, the race, and the human side.
How I turned a competition distraction into a 0-day. This writeup covers the discovery and exploitation of CVE-2022-35420, an auth bypass in Scada-LTS that exposes critical industrial control systems to unauthenticated account takeover.
Here’s a fun html-injection vulnerability in one of Stanford University’s websites and how I found it. Screenshot of HTML-injection vulnerability proof of concept:
Announcing my latest developer tool: Source Snapshot – A source code directory visualizer for your browser.
