Show more

Very much looking forward to being able to share some bigger research in 2020 and maybe even some conference talks. Also starting a non-profit, creating reversing workshops, and all sorts of other fun stuff.

Show thread

Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:

Show thread

Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:

Show thread

Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:

Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:

So I’ve gone and created a vulnerability research room on Matrix if anyone cares to join. Pretty lonely in there at the moment but looking to start a positive place to share tips and tricks and ask questions.!HyTIuilAJZLTZavOK

Finally figured out that whole PAYDAY vuln. Yeah it's pretty bad, but only *really* bad if you haven't patched since April 2018.

Reversing undocumented protocols is tremendously satisfying.

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.