The Internet Observatory (Obsrva) is a vulnerability research project founded by independent security researcher Tyler Butler. Obsrva engages product vendors in coordinated disclosures, publishes vulnerability advisories, and creates proof of concept exploits.
Obsrva engages vendors of hardware, software, and internet-based services in coordinated disclosures after the discovery of vulnerabilities effecting their products. Following industry standards, vendors are provided identification of the vulnerability, statements addressing impact, and mitigation recommendations.
Obsrva coordinates with product vendors to publish vulnerability advisories on obsrva.org/advisories. Advisories allow customers, blue and red team operators, and the broader research community to access technical details and research methodology.
Proof of Concept Exploits
Obsrva develops proof of concept exploits for discovered vulnerabilities and publishes them on the exploit database (exploit-db.com). PoC’s can also be found on GitHub where PR’s are welcome for the community to collaborate.
- HP OfficeJet 4630/7110 MYM1FN2025AR - Stored Cross-Site Scripting (XSS)
- AKCP sensorProbe SPX476 - ‘Multiple’ Cross-Site Scripting (XSS)
- PHP Timeclock 1.04 - ‘Multiple’ Cross Site Scripting (XSS)
- PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
Obsrva maintains the iOT Research Library, a collection of iOT and embedded devices available for loan by independent security researchers. The library provides access to unique, EOL, or other devices no longer under active research by Obsrva.