...

Iā€™m a penetration tester, freelance security researcher, and passionate open-source developer. In my own time, I conduct vulnerability research and compete in CTF competitions to better understand the cyber threat landscape.

Education & Certifications

As a freelance security researcher, I try to constantly learn new techniques for finding vulnerabilities in everyday applications and software. Below is a list of my findings to date, including bug bounties and 0-day vulnerabilities disclosed as part of responsible disclosure guidelines

Publically Disclosed Vulnerabilities
Date Title Vendor Platform CVE Bounty
04/16/2021 Undisclosed Vulnerability on Blockfi via HackerOne BlockFi Hackerone N/A $1,000
05/20/2020 Modification of Assumed Immutable Data (M.A.I.D) on the Hinge Dating Application Hinge Hackerone N/A $250
10/13/2020 TimeClock Software 1.01 0(Authenticated) Time-Based SQL Injection Timeclock Exploit-DB N/A N/A

Below is a short list of articles and research papers I've published. For more information or to read the full article, click the linked icons below.

  1. Considering the Plausibility of IDN Homograph Attacks on iOS
    Butler, Tyler
    2021
  2. Modification of Assumed Immutable Data (M.A.I.D) on the Hinge Dating Application
    Butler, Tyler
    2020

Below is a short overview of courses I've taken while at The Pennsylvania State University.

Below is a short overview of courses I've help teach as an undergrad at The Pennsylvania State University.

CRIM 100 Introduction to The American Justice System

1/08/2016 - 06/30/2016

I assisted Professor Lecinda M. Yevchak in the Department of Sociology and Criminology in grading student papers and assisting students on the capstone project.

DEPARTMENT OF SOCIOLOGY AND CRIMINOLOGY

As a passionate open source developer, I spent much of my time writting and reviewing code. Below is a couple projects I am currently hacking on. If you're interested in the full list of projects I'm contributing to, please see my GitHub

hp-cve-check [CVE-2021-091213]
A python threat intelligence tool for automating IoC discovery for CVE. Easily search targets for indicators of compromise.HP CVE Check is a python tool to search targets for indicators of compromise to CVE. The script gets product versions from the target's http response header. If the product version is vulnerable, and a module for the version has been created, the script requests the resource that could contain an exploit payload. Once the html entity that could contain an exploit is loaded, common XSS characters are searched for. The program alerts the user through the console if exploit payloads are found and can log findings to an output file.
Technologies
python Shodan
Jekyll-Theme-Dumbarton
Dumbarton is a jekyll theme designed for academics. It is the theme that powers this site. It provides enough content to fully represent a full body of work but still retains a minimalistic feel. The theme features a central homepage with easy access to publications, projects, courses, and projects in a single interactive card.
Technologies
jekyll github bootstrap
TimeClock-1.01-Vuln
TimeClock-1.01-Vuln is a proof of concept for a time-based SQL injection attack in the Employee Time-clock software, version 1.01. This exploit was added to Exploit-DB in entry 48874.
Technologies
docker PhpMyAdmin Digital Ocean
jPigLatin
JPigLatin is a pig-latin translation and speech synthesis application powered by my jPigLatin npm package. Check it out at JPigLatin.com
Technologies
NPM JavaScript