Hey! My name is
Ayyappan Rajesh
Cybersecurity Professional | Researcher
I am Ayyappan Rajesh, a cybersecurity professional and researcher. Currently addressing evolving challenges of automotive cybersecurity @ Block Harbor.
About Me
Hey there! I'm Ayyappan Rajesh, a Cybersecurity Engineer at Block Harbor Cybersecurity with a relentless passion for protecting and securing the digital landscape. I specialize in breaking and securing everything from Cloud, Wireless, Automotive, IoT security, to Critical Infrastructure. I've published numerous high-impact CVEs in the automotive and IoT sectors and love nothing more than tinkering with everything I can get my hands on.
Beyond my research and hacking exploits, I play a pivotal role in organizing the Car Hacking Village , and have had the honor of presenting my work at prestigious conferences like DEFCON, IEEE HPEC, BlackHat MEA, and several other conferences.
My mission extends beyond identifying vulnerabilities; I am committed to transforming the landscape of cybersecurity. Alongside my technical endeavors, I am deeply interested in cybersecurity policy and its impact on our digital future. By focusing on the broader picture, I strive to build a more secure and resilient future. My goal is to protect our digital infrastructure from all threats, ensuring a safer world for current and future generations.
- Cybersecurity consulting
- Offensive Security
- Red Teaming
- Wireless Security
- Cloud Cybersecurity
- Automotive Cybersecurity
- Physical Security
- Software Defined Radio
- SIGINT
- Public speaking
I've worked with
Offensive Security Engineer @ Block Harbor Cybersecurity
July 2024 - Present
- Conducted comprehensive penetration testing across diverse platforms including web apps, mobile apps, connected vehicles, EV chargers, and critical infrastructure.
- Designed and implemented advanced automotive cybersecurity solutions, developing attack plans, vulnerability reports, and remediation strategies.
- Collaborated closely with clients to resolve technical issues, manage project timelines, and propose innovative cybersecurity solutions.
- Presented at conferences, authored publications, and automated cybersecurity testing processes, enhancing testing efficiency and community engagement.
Featured Projects
Featured Project
Wireless Security : CVE-2022-27254
Published CVE-2022-27254, which discusses an issue wherein the remote keyless system on various Honda vehicles sends the same, unencrypted RF signal for each door-open, door-close, boot-open and remote start (if applicable). This allows for an attacker to eavesdrop on the request and conduct a replay attack. The research was featured on various news websites such as TheRecord, TheHackerNews, Bleeping Computer, TheRegister, Threatpost as well as FOX News.
Inspired by Samy Kamkar's Radio Hacking: Cars, Hardware, and more!
- HackRF One
- GNURadio
- Flipper Zero
- Universal Radio Hacker
- Python
Featured Project
IoT Security : CVE-2023-22906
Published CVE-2023-22906, which discusses an issue wherein the Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. This allows an attacker to execute arbitary code on the target device, allowing an attacker to eavesdrop on the end-user along with infecting it with malware.
- Flipper Zero
- Bash
- Python
- Embedded Linux
- Reverse Engineering
Featured Project
IoT Security : CVE-2023-41442
Published CVE-2023-41442, a critical security issue has been identified in the Tor.AI (formerly Kloudq) Tor Loco platform. This vulnerability could potentially enable remote attackers to track and monitor end-users and execute arbitrary code through a carefully crafted request to the MQTT component, where there is potential to cause significant harm, including physical damage or harm to individuals.
- Python
- MQTT
- CAN Bus
- IoT
- Reverse Engineering
Projects | Presentations | Certifications | Awards
View ArchiveONCD DEFCON CTF
Won the Office of the National Cyber Director DEFCON Challenge at DEFCON 31.
CyberAuto Challenge
Student/ Speaker at the week-long CyberAuto Challenge. The CyberAuto Challenge is the oldest and longest running event that focuses on automotive cybersecurity (established in 2012). It seeks to inspire and train the next generation workforce and puts students in teams with industry, government, and hackers/researchers to work on real platforms and full systems.
POTUS Office of the Cyber Director Challenge Coin
Received a challenge coin from the Director of the Office of the National Cyber Director, John C. Inglis at the Car Hacking Village during DEFCON 30.
Cybereason Challenge Coin
Received a challenge coin from my mentor, Mr. Sam Curry (CSO, Cybereason) as a recognition of my attitude, work ethic, passion, and the quality of work.
Incident Response Plan Evaluation
Evaluated the Cyber Incident Response Plan for a large public research university
CompTIA Security+ (SY0-601)
Certified for CompTIA Security+