Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:

Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:

blog.trendmicro.com/trendlabs-

Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:

blog.trendmicro.com/trendlabs-

Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:

zerodayinitiative.com/blog/201

Follow

Finally, I found my first 2 CVEs this year, an HTTP/2 DoS in Tomcat: tomcat.apache.org/security-9.h

And an unauthenticated potential RCE in Windows Deployment Services: portal.msrc.microsoft.com/en-U

· · Web · 1 · 0 · 1

Very much looking forward to being able to share some bigger research in 2020 and maybe even some conference talks. Also starting a non-profit, creating reversing workshops, and all sorts of other fun stuff.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.