M Amin Nasiri (nXenon)
Application Security Engineer | Web Security Researcher
Experienced application security engineer | web application penetration tester with 5+ years of hands-on security assessment and auditing experience.
Recent Researches
- Published research paper: QUIC-er Races: HTTP/3 won't save you from TOCTOU vulnerabilities
- Developed new library based on quic-go named h3spacex to perform single datagram attack (SDA) on HTTP/3 - H3SpaceX
- Implemented a new timing feature in the h2spacex library to exploit timing attacks and perform single-packet attack on HTTP/2 - H2SpaceX
- Focusing on DevSecOps implementation at the company where I work - DevSecOps Notes & Tools
Past Presentations
- gRPC-Web Pentest Presentation & Article
- Introduction to gRPC-Web pentest methodologies and developing gRPC-Pentest-Suite Tool
- Let's Learn Single Packet Attack (in Persian language) on Youtube
Contact
Amin Nasiri: mnima.irisan@gmail.com
Researches & Tools
- QUIC-er Races: HTTP/3 won't save you from TOCTOU vulnerabilities (Research Paper)
- HTTP/2 Single Packet Attack Library + Exploit Timing Attacks
- gRPC-Web Pentesting Suite + Burp Suite Extension (Tool)
- HTTP/3 Single Datagram Attack Library
- gRPC-Web Official Extension at PortSwigger BAPP
- Hacking into gRPC-Web Article
- Dive into Single Packet Attack Article