Skip to content
View stvnhrlnd's full-sized avatar
10 followers · 19 following

Achievements

Achievement: Pull Sharkx2Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pull Sharkx2Achievement: Arctic Code Vault Contributor

Block or report stvnhrlnd

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
stvnhrlnd/README.md

๐Ÿฉ Stvn Hrlnd (He/Him)

Hi ๐Ÿ‘‹, I'm Steven, a software developer and offensive security professional based in Scotland ๐Ÿด๓ ง๓ ข๓ ณ๓ ฃ๓ ด๓ ฟ. Below are some of the more interesting repos you will find on my GitHub profile.

๐Ÿš€ Current Projects

  • CMSup - A Bash script to prepare a Ubuntu system for Umbraco source debugging.
  • Multipass Launch Script - A Bash script I use to spin up and configure Multipass instances.

๐Ÿง Vulnerability Research

  • UmbProfile CSRF PoC - Proof of concept for a cross-site request forgery in Umbraco member profiles.
  • UmbRegister-Spoofer - A Python script to create arbitrary members in Umbraco by exploiting the auto-routed surface controllers that Umbraco ships with.

๐Ÿ—ฃ๏ธ Talks

๐Ÿ”— Other Links

Pinned Loading

  1. cmsup cmsup Public

    A Bash script to prepare a Ubuntu system for Umbraco source debugging.

    Shell

  2. multipass-launch-script multipass-launch-script Public

    A Bash script I use to spin up and configure Multipass instances.

    Shell

  3. offensive-umbraco offensive-umbraco Public

    Forked from hakimel/reveal.js

    Slides from my Codegarden 2021 talk "Offensive Umbraco: Notes of a Friendly Adversary".

    JavaScript

  4. offensive-umbraco-2 offensive-umbraco-2 Public

    Slides from my November 2021 EDINBUUG talk "Offensive Umbraco: The Prequel (The Power of XSS)".

    JavaScript

  5. offensive-umbraco-3 offensive-umbraco-3 Public

    Slides from my April 2023 DC44131 talk "Offensive Umbraco Part 3: XSS Weaponisation".

    JavaScript

  6. offensive-umbraco-4 offensive-umbraco-4 Public

    Slides from my April 2024 EDINBUUG talk "Offensive Umbraco Part 4: Letโ€™s Get Pasted".

    JavaScript