Jared Arave

Security Researcher, Pentester, Exploit Developer


About Jared

About Me

I am a security researcher driven by a desire to challenge myself, learn new things, and share knowledge with others. These motives drew me to information security, a rapidly changing field with no shortage of challenge, and have since served me well. In the offensive security space I bring a unique skill-set to the table. I pentest web applications, embedded systems, and everything in between. I perform code analysis, reverse engineer binaries, and fuzz for exploitable flaws. When existing tools don't suffice, I develop my own, and have developed custom hardware and software tools to aide with my assessment work.

I analyze, customize, and deploy existing exploits when it's possible, and develop new exploits when it's not. I'm a skilled communicator, and I'm able to communicate information to others is a way that in concise and effective. In my spare time, I pursue independent security research, build synthesizers, and participate in the odd CTF.

Experience

HEWLETT PACKARD ENTERPRISE

2014 - Present

Penetration Tester

Provided application and network penetration testing services for a variety of HPE and third-party products. Diverse assortment of assessments ranged in scope from web apps to thick clients to appliance full stack assessments to physical assessments. Delivered reports at the conclusion engagements, along with working exploits where necessary to demonstrate risk or aide with reproduction. Developed hardware tools to assist with physical penetration tests, and software tools to automate repetitive tasks and aid with assessment work.

REDACTED SECURITY

2016 - Present

Co-founder and Security Researcher

Performed assessments of enterprise grade software and hardware products. Provided hands-on training services for IT professionals and developers.

HEWLETT PACKARD

2013 - 2014

Storage Test Engineer

Developed and maintained an automated test suite for storage appliances in C++, Perl and Python. Participated in triage of nightly crashes, tracking of known bugs, and validation of bug fixes. Collaborated with product development teams to provide feedback and validation during product development. Developed tools which utilized machine learning to automate triage.

Education

BOISE STATE UNIERSITY

Graduated 2013

BS - Electical Engineering

GPA: 3.96

THE EVERGREEN STATE COLLEGE

Graduated 2008

BA - Music Technology & Media Arts

GPA: N/A

CVEs

Unitrends UEB 9

CVE-2017-12477 : Unauthenticated Root RCE

nist | edb | msf

CVE-2017-12478 : Unauthenticated Root RCE

nist | edb | msf

CVE-2017-12479 : Lowpriv RCE

nist | edb

Unitrends UEB 10

CVE-2018-6328 : SQLi Unauthenticated RCE

nist

CVE-2018-6329 : bpdserve Local Privesc

nist

Nagios XI

CVE-2018-8733 : Authentication Bypass

nist

CVE-2018-8734 : SQL Injection

nist

CVE-2018-8735 : Command Injection

nist

CVE-2018-8736 : Local Privilege Escalation

nist

Certifications

OFFENSIVE SECURITY

OSCP - Offensive Security Certified Professional

2016

OSCE - Offensive Security Certified Expert

2017

Contact

Email me at jared {shift+2} redactedsec.net
Github lives here