Independent security researcher based in Brisbane, Australia. Contributing researcher on CVE-2019-11510 (Pulse Secure VPN, CVSS 10.0). Focused on uncovering vulnerabilities in consumer electronics and critical infrastructure that impact public safety.
I'm an independent security researcher working out of Brisbane, Queensland. My work spans hardware teardowns, firmware reverse engineering, and vulnerability research across consumer electronics and enterprise infrastructure. I've contributed to research on some of the most impactful CVEs in recent memory, including collaborative work on CVE-2019-11510, the critical Pulse Secure VPN pre-authentication arbitrary file read vulnerability that carried a perfect CVSS 10.0 score and affected tens of thousands of organisations worldwide.
My day-to-day focus is on the physical and digital security of everyday consumer devices. From lithium battery safety in portable power banks to firmware vulnerabilities in home routers, my research sits at the intersection of hardware, software, and real-world risk. When a device can overheat, catch fire, or silently expose an entire network, that's a public safety problem, and those are the problems I go after.
I believe in responsible disclosure and working with manufacturers to fix issues before they become incidents. Security research should make the world safer, full stop.
{
"name": "Rory Jones",
"location": "Brisbane, QLD, AU",
"focus": "Public Safety Research",
"domains": [
"Consumer Electronics",
"Network Devices",
"Power Systems",
"IoT Security",
"Enterprise VPN"
],
"cves": ["CVE-2019-11510"],
"approach": "Responsible Disclosure",
"status": "Available for consultation"
}A path traversal flaw in Pulse Secure SSL VPN (versions prior to 9.0RX) allowed unauthenticated remote attackers to read arbitrary files from the server filesystem, including plaintext credentials, private keys, and active session tokens. Exploitation required a single crafted HTTP request with no authentication.
Compromised credentials and session data enabled full VPN network access and, when chained with post-auth exploits, complete server takeover. CISA issued multiple advisories as the vulnerability was actively exploited against government agencies, defence contractors, and financial institutions globally. Tens of thousands of exposed endpoints were identified at peak.
Rory contributed to the collaborative research effort behind this discovery, working alongside fellow researchers to identify, validate, and document the vulnerability through coordinated analysis and responsible disclosure.
Investigating lithium battery management systems, charge controller vulnerabilities, and thermal runaway risks in portable power banks. Identifying products that cut corners on safety circuits and documenting failure modes that put consumers at risk.
Firmware analysis of consumer and small business routers. Identifying default credential issues, unpatched vulnerabilities, insecure update mechanisms, and backdoors in widely deployed networking equipment.
Security assessment of internet-connected consumer devices. From smart plugs to security cameras, evaluating authentication, encryption, data handling, and physical safety of devices that people install in their most private spaces.
Testing USB-C PD implementations, wireless charging systems, and mains-powered consumer electronics for compliance with safety standards. Documenting cases where non-compliant products create fire, shock, or equipment damage risks.
Sourcing consumer devices from retail channels and identifying potential safety and security concerns through initial assessment and teardown.
Deep technical analysis combining hardware teardown, firmware reverse engineering, electrical testing, and protocol analysis to document vulnerabilities.
Responsible disclosure to manufacturers with clear reproduction steps, impact assessment, and remediation guidance. Coordinated timelines for public awareness.
Detailed public writeups after vendor coordination, contributing to the broader security community and informing consumers about risks in the products they use daily.
Interested in collaborating on research, have a device you think needs investigating, or want to discuss a responsible disclosure? Reach out.