§ 00 · Cybersecurity Researcher · Developer · Builder

I break, verify,
patch, and build.

I am Ali Firas, a source-code-focused cybersecurity researcher and builder with a strong interest in real-world vulnerability discovery, precise proof-of-concept development, technical reporting, and secure product engineering. My work connects offensive analysis, defensive thinking, and clean execution into one workflow.

focussource audit, PoC, disclosure
methodreproduce → root cause → impact → fix
styleprecise · evidence-driven · patch-aware
moderesearch / reporting / builder
Explore CVE Portfolio GitHub Profile
— listed CVEs
07
Public identifiers
2025 — 2026
— core focus areas
03
Research · PoC · Reporting
one repeatable path
— research mindset§
01
Honest · reproducible · patch-aware
no inflated claims
§ 01 About

A disciplined
engineering process.

Research that reads like engineering: trust boundaries first, reproducible evidence second, honest impact always.

I study systems carefully, identify trust boundaries, reproduce flaws cleanly, and communicate findings maintainers can act on quickly.

My work sits at the intersection of vulnerability research, secure software design, proof-driven reporting, and technical product building. I enjoy reading source code, reasoning about exploitability, and translating findings into clear technical reports with realistic threat models, root cause analysis, impact framing, and remediation paths.

I care about findings that are technically honest and practically useful. That means no inflated claims, no weak assumptions, and no vague impact language. I prefer reproducible evidence, exact code paths, realistic attacker models, and fixes that fit maintainers' codebases.

01 · precision
Root-cause first

Analysis with technical clarity and clean reproduction paths.

02 · execution
Idea to patch

Move from idea to report, patch, pull request, or advisory without losing depth.

§ 02 Core Expertise

Where depth meets clarity.

Security research is strongest when technical depth and communication quality move together. These are the areas that define how I work.
01 / discovery

Vulnerability
Research

I analyze application and library behavior for logic flaws, input validation failures, unsafe assumptions, race conditions, file handling issues, and server-side or client-side impact paths.

logic flaws toctou / races input validation auth boundaries
02 / validation

Proof-of-Concept
Engineering

I turn suspected issues into clean demonstrations that prove the bug, isolate the attack path, and support accurate severity discussions without overclaiming.

minimal repro harness evidence capture severity framing
03 / reporting

Technical
Reporting

I build reports around root cause, exploitation conditions, attack surface, affected versions, remediation direction, and publication-ready language.

root cause threat model advisory draft cvss framing
§ 03 Impact Workflow

A repeatable
path, not hype.

The strongest findings usually come from following a repeatable path instead of chasing hype.
i.

Map the Trust
Boundary

Find where untrusted input crosses into sensitive logic, file operations, rendering, authorization, or state transitions.

locate · identify the interface
ii.

Reproduce
Cleanly

Build a minimal but realistic path that demonstrates the flaw with stable evidence and without unnecessary noise.

prove · minimal, stable, honest
iii.

Frame the
Real Risk

Describe what the flaw allows, what constraints matter, and which attack scenarios remain realistic in practice.

report · impact + remediation
§ 04 CVE Portfolio

Disclosed work.
Linked references.

A curated list of public identifiers associated with disclosed work, including linked references and related tracker entries.
2025 · 63095

DoS via improper input validation in hello-video-codec

Public DoS input validation EUVD-2025-199991 CNNVD-202512-067 PT-2025-48451
→ NVD → CVE Record → PoC Gist
2025 · 59717

Type confusion / filter bypass in @digitalocean/do-markdownit

Public type confusion filter bypass EUVD-2025-30235 CNNVD-202509-3044 PT-2025-38507
→ NVD → GH Advisory
2025 · 59716

Unauthenticated user enumeration in ownCloud Guests registration flow

Public user enum unauth EUVD-2025-37881 CNNVD-202511-387 PT-2025-45141
→ NVD → GH Advisory → PoC Gist
2025 · 67125

Signed integer overflow in docopt.cpp with downstream distro tracking

Public int overflow distro EUVD-2026-4308 UBUNTU-CVE-2025-67125 DEBIAN-CVE-2025-67125 PT-2026-4472 CNNVD-202601-4006
→ NVD → CVE Record → Ubuntu USN
2025 · 67124

TOCTOU + symlink race in miniserve upload finalization path

Public TOCTOU symlink race EUVD-2026-4261 PT-2026-4471 CNNVD-202601-4008
→ NVD → CVE Record → Project
2025 · 13437

zx cleanup path leading to unintended external node_modules deletion

Public cleanup path fs EUVD-2025-198297 CNNVD-202511-2323 PT-2025-47601
→ NVD → GH Advisory
2026 · 25500

Stored XSS in Rack::Directory via javascript:-prefixed filenames

Public stored xss usn DEBIAN-CVE-2026-25500 UBUNTU-CVE-2026-25500 USN-8066-1 PT-2026-20325 CNNVD-202602-2768
→ NVD → GH Advisory → USN-8066-1
§ 05 Connect

Connect.

Research, collaboration, responsible disclosure, technical networking, and portfolio access.
01 — Contact Channels

Direct channels for research communication, public profiles, and platform presence.

email · personal firaswq12@gmail.com email · research alifiras@smartshadow.dev disclosure HackerOne code GitHub professional LinkedIn social X / Twitter social Instagram direct Telegram
02 — Profile Snapshot

Cybersecurity researcher focused on source code, exploitability analysis, technical reporting, and high-signal disclosure workflows. I like findings that stand up technically, read clearly, and help maintainers fix fast.

role
Researcher / Builder
stack
src audit · poc · advisory
status
open to collabs
based
remote / international
alias
thesmartshadow