Hello, I'm

Kirtikumar Anandrao Ramchandani

A Browser and Kernel Security enthusiast

a little bit

About me

Welcome to my website. I am a PenTester and also a professional eSports player. I love to contribute to work on the Security of Open-Source Projects.

I have won Regional Qualifiers of World Cyber Games 2019 and later ranked 7th in Finals and Top 32 in the World. I go by the alias FaLcOn. Also, I am an intrigued practitioner of VA/PT, Competitive Programming and avid MUNning.

Currently, I am focusing on Browsers and Android Security.

some of my

skills

Vulnerability Assessment

Penetration Testing

Web Development

Internet of Things

Android Development

iOS Development

some of my

achievements
Publications:
  1. Book of Achievers
  2. UAceIt
  3. Fayz
  4. Security Affairs
  5. Security Affairs
  6. Bleeping Computer
  7. Meterpreter
  8. Everipedia

CVEs assigned to me:
  1. CVE-2017-17455 (Mahara - MiTM)
  2. CVE-2019-9709 (Mahara - XSS)
  3. CVE-2020-2545 (Oracle HTTP Server - Denial of Service)
  4. CVE-2020-17153 (Microsoft Edge Android- URL Spoofing)
  5. CVE-2020-27969 (Yandex Browser - Same-Origin-Policy Bypass & Address Bar Spoofing)
  6. CVE-2020-27970 (Yandex Browser Lite - Address Bar Spoofing)
  7. CVE-2021-23253 (Opera Mini for Android- Address Bar Spoofing)
  8. CVE-2021-24100 (Microsoft Edge for Android- Information Disclosure)
  9. CVE-2021-21187 (Google Chrome - International Domain Name Spoofing)
  10. CVE-2021-32078 (Out-Of-Bounds Read in Linux Kernel) Issue was found in collaboration with Patrick Walker (HomeSen)
  11. CVE-2021-25254 (Yandex Browser Lite - Address Bar Spoofing)
  12. CVE-2021-25255 (Yandex Browser Lite - Integer Overflow) Issue was found in colloration with Patrick Walker (HomeSen) and Christoph Diehl (posidron)
  13. CVE-2021-25262 (Yandex Browsers - IDN Homograph Attack)
  14. CVE-2021-30589 (Remote Factory Data Reset) Issue was found in colloration with Patrick Walker (HomeSen) and Eric Lawrence (ericlaw)
  15. Out-Of-Bounds Write in the Kernel of Android 12 and earlier. Vulnerability was found in colloration with Patrick Walker (HomeSen)
  16. Drag-n-Drop Navigation to Privileged URI (NTFS Corruption)- Yandex Browser (Fixed)
  17. Out-Of-Bounds Write to GPU memory- Google Chrome- Windows (Duplicate)
  18. Out-Of-Bounds Write (Heap-Use-After-Free)- Google Chrome
  19. CVE-2021-42308 Spoofing using Cast function of browser- Microsoft Edge (Chromium-based)
  20. SVE-2021-23944 (CVE-2022-22290): Incorrect UI in Downloads- Samsung Internet Browser (Chromium-based)
  21. CVE-2021-44748 (Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser for Android)
  22. CVE-2021-44749 (Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android)
  23. CVE-2022-22758 (Mozilla Firefox: Zero Click Factory Data Reset) Issue was found in colloration with Patrick Walker (HomeSen) and Eric Lawrence (ericlaw)
  24. CVE-2022-28868 (F-Secure SAFE: Address Bar Spoofing)
  25. CVE-2022-28869 (F-Secure SAFE: Address Bar Spoofing)
  26. CVE-2022-28870 (F-Secure SAFE: Address Bar Spoofing)

Honours and Awards:
  1. Paytm First Games Clash Royale Champion (National)
  2. Penetration Tester of the Year
  3. Model United Nations
  4. VIVO PUBGM Tournament Champion
  5. Youngest Tech-Savvy
  6. Online World Records
  7. World Cyber Games 2019 India's Representative

Blogs:
  1. CVE-2021–30589: Erasing a mobile phone with Chrome Zero-day
  2. TOR can leak your identity even if you try to hide it!
  3. CVE-2021-23253: URL Spoofing
  4. CVE-2021-25262: International Domain Name Homoglyph attack

find me here