top of page

ABOUT

Nolan B. Kennedy (nxkennedy)

​

Nolan is an enthusiastic go-getter that always brings the spice to the cybersecurity party. With over a decade of professional experience in a wide range of IT security roles, he got his start defending and testing networks in the US Navy before transitioning to leading the vulnerability management program for the SaaS branch of a Fortune 500 company. Lately he’s been cutting his teeth leading offensive security teams in the trenches, executing penetration tests and red team engagements alongside his teammates for commercial and government clients.

 

Nolan and his talented team members have been publicly credited for discovering the following security bugs:

​

  1. CVE-2020-8496:  Stored XSS in Kronos Web Time and Attendance (webTA) version 4.1.x - 5.0.

  2. CVE-2020-8495: Remote Privilege Escalation (2) in Kronos Web Time and Attendance (webTA) version 3.8.x - 4.0.

  3. CVE-2020-8494: Remote Privilege Escalation in Kronos Web Time and Attendance (webTA) version 3.8.x - 4.0.

  4. CVE-2020-8493: Stored XSS in Kronos Web Time and Attendance (webTA) version 3.8.x - 4.0.

  5. CVE-2019-19616: IDOR in Xtivia WebTE for Microsoft Dynamics NAV before 2017

  6. CVE-2019-10716: Information Disclosure Issue in Verodin Director before version 3.5.4.0

  7. CVE-2019-10715: Stored XSS in Verodin Director before version 3.5.3.1

  8. CVE-2019-8997: XXE in BlackBerry Athoc 7.6 Management System

  9. CVE-2019-5398: HPE 3PAR Service Processor prior to 5.0.5.1 is vulnerable to Stored Cross-site Scripting (XSS).

  10. CVE-2019-5396: HPE 3PAR Service Processor prior to 5.0.5.1 is vulnerable to remote authentication bypass.

IMG_0071 copy.jpg
bottom of page