Show more

Very much looking forward to being able to share some bigger research in 2020 and maybe even some conference talks. Also starting a non-profit, creating reversing workshops, and all sorts of other fun stuff.

Show thread

Here's an abridged version of one of our vulnerability reports for quite possibly one of the silliest vulns I worked on this year, the IOS XE REST API auth bypass:

zerodayinitiative.com/blog/201

Show thread

Here's my analysis of a Windows DHCP Server vuln, though I don't personally agree with the "analysis of it's exploitability" title. It'd be tough as nails to exploit (probably) but we don't spend extensive time on that sort of thing:

blog.trendmicro.com/trendlabs-

Show thread

Since I feel like Mastodon is the best place to toot my own horn (HA) and my professional life is one of the few parts of 2019 I actually liked, I'm gonna post my research from the last year that's been made public in some way:

Here's a blog post about a Linux kernel race condition that I wrote because unnamed infosec blogs had our customers freaking out about a non-issue:

blog.trendmicro.com/trendlabs-

So I’ve gone and created a vulnerability research room on Matrix if anyone cares to join. Pretty lonely in there at the moment but looking to start a positive place to share tips and tricks and ask questions.

matrix.to/#/!HyTIuilAJZLTZavOK

Finally figured out that whole PAYDAY vuln. Yeah it's pretty bad, but only *really* bad if you haven't patched since April 2018.

Reversing undocumented protocols is tremendously satisfying.

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.