Nick Copi is an application security engineer at CarMax who in his spare time immerses himself in security research and bug bounty. With a background spanning from building full stack web applications to pioneering application security initiatives at CarMax, he brings a wealth of practical experience to the table. Nick’s accolades in cybersecurity competitions underscore his prowess, with multiple first place CTF victories attesting to his skills. As a former president of VCU Cyber Security Club and co-organizer of OffsecRVA meetup, he remains deeply committed to community engagement and knowledge sharing.
X (Twitter): @7urb01
Following The JSON Path: A Road Paved in RCE (<– add to your schedule)
Dive into researching JavaScript implementations of JSON path libraries, breaking out of JavaScript sandboxes, achieving code execution, and examining the blast radius of impacted components. This talk covers both the research process for the discovery of these novel vulnerabilities and footguns, as well as the process for identifying the blast radius, weaponizing the vulnerabilities against actual targets, and engaging impacted stakeholders. Join me to hear a harrowing tale of remote code execution in several widely used products, CVE assignments, and critical bounty payouts.