Bio
By day I hack companies large and small, by their own requests of course.
At night I’m usually skateboarding, creating music, studying, or coding.
LinkedIn / Security Consulting Services
Projects
- yubikey-gpg-piv-provision – Provisioning scripts for Yubikey GPG and PIV applications.
- kvm-encrypted-vm-management – Manage Encrypted KVM VMs.
- security-findings-templates – Templates for disclosing security findings.
- org-clock-split – Split Emacs ORG clock entries into two.
Blog Posts
Security
- Fun With Unsafe Rust
- Bug Hunting Tips
- How many people are writing memory corruption exploits?
- How To Break Into Application Security
- Binary Reversing Methodologies
- CVE-2020-16225: TPEditor v1.96 Code Execution via Memory Corruption
- CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads
- Exporting Bitwarden Vault Items When Master Password Is Forgotten But TouchID Unlock Is Enabled
- .NET Deserilization Gadgets
- Applying SELinux Tags To Allow Cross-VM Disk Access
- Creating and backing up security sensitive VMs using KVM and Borg
Misc
- My Take On Stocks: Why They Are Bought
- Importing CSV Bank Statements in Manager.io
- Using Emac’s Cider with Docker
- Business Types
- Typing Ergonomics – Modal editing, Sticky Keys, Voice Control
- A note to my past self about stock market investing
- Scaling A Read Heavy WordPress Blog
- On Emacs
Bug Trophies
- CVE-2016-2067 – Direct Memory Attack through Qualcomm Adreno GPU on Android DevicesĀ
- Remote Code Execution Via Player Fragging in Counter-Strike
- CVE-2020-16225: TPEditor v1.96 Code Execution via Memory Corruption
- CVE-2021-29084: Exploiting CRLF Header Injection in Synology NAS for Unauthenticated File Downloads
Books I Enjoy
- This Book Will Make You Kinder – A Handbook For Empathy
- The Book Thief