...

I’m an independent security researcher with industry experience in penetration testing, cyber risk consulting, and software engineering. On my website I highlight recent vulnerability disclosures or proof of concept exploits, and blog about Capture the Flag competitions and Bug Bounty.

Education and Certifications
As a freelance security researcher, I try to constantly learn new techniques for finding vulnerabilities in everyday applications and software. This list includes my findings to date, including bug bounties and 0-day vulnerabilities disclosed as part of responsible disclosure guidelines.
Date Title Vendor Bounty CVE
05/2021 Disclosure Pending Pending N/A N/A
05/2021 Disclosure Pending Pending N/A N/A
05/2021 MonkeyType.com - Stored Cross-Site Scripting (XSS) via Tribe Chat MonkeyType N/A N/A
05/2021 Disclosure Pending Pending TBD TBD
05/2021 Disclosure Pending Pending N/A TBD
05/2021 PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS) PHP Timeclock N/A N/A
05/2021 PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection PHP Timeclock N/A N/A
05/2021 MonkeyType.com - Cross Site Scripting (XSS) via Word History MonkeyType N/A N/A
04/2021 Blockfi - Undisclosed Vulnerability BlockFi $1,000 N/A
01/2021 Disclosure Pending Pending N/A RESERVED
10/2020 TimeClock Software 1.01 0(Authenticated) Time-Based SQL Injection Timeclock N/A N/A
03/2020 Hinge - Modification of Assumed Immutable Data (M.A.I.D) Hinge $250 N/A

Below is a short list of articles and research papers I've published. For more information or to read the full article, click the linked icons below.

  1. PHP Timeclock 1.04 Vulnerability Disclosure
    Butler, Tyler
    2021
  2. Modification of Assumed Immutable Data (M.A.I.D) on the Hinge Dating Application
    Butler, Tyler
    2020
  3. Considering the Plausibility of IDN Homograph Attacks on iOS
    Butler, Tyler
    2021

Below is a short overview of courses I've help teach as an undergrad at The Pennsylvania State University.

CRIM 100 Introduction to The American Justice System

1/08/2016 - 06/30/2016

I assisted Professor Lecinda M. Yevchak in the Department of Sociology and Criminology in grading student papers and assisting students on the capstone project.

DEPARTMENT OF SOCIOLOGY AND CRIMINOLOGY

As a passionate open source developer, I spent much of my time writting and reviewing code. Below is a couple projects I am currently hacking on. If you're interested in the full list of projects I'm contributing to, please see my GitHub

Jekyll-Theme-Dumbarton
Dumbarton is a jekyll theme designed for academics. It is the theme that powers this site. It provides enough content to fully represent a full body of work but still retains a minimalistic feel. The theme features a central homepage with easy access to publications, projects, courses, and projects in a single interactive card.
Technologies
jekyll github bootstrap
TimeClock-1.01-Vuln
TimeClock-1.01-Vuln is a proof of concept for a time-based SQL injection attack in the Employee Time-clock software, version 1.01. This exploit was added to Exploit-DB in entry 48874.
Technologies
docker PhpMyAdmin Digital Ocean
jPigLatin
JPigLatin is a pig-latin translation and speech synthesis application powered by my jPigLatin npm package. Check it out at JPigLatin.com
Technologies
NPM JavaScript