Home

Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.

About

About Me

I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!

Publications

Certifications

  • Offensive Security Certified Professional | OSCP
  • GIAC Penetration Tester | GPEN
  • Red Team Apprentice Certified | RTAC
  • Certified Ethical Hacker | CEH
  • Certified Information Systems Security Professional | CISSP

Blog

Zero-Day Research: PicoC Version 3.2.2 Null Pointer Dereference (CVE-2022-34556) Speedrun

PicoC is a miniature code interpreter developed for C scripting. According to their documentation, PicoC was first written as the scripting language for a UAV’s on-board flight system. In this zero-day post we are going to speedrun the discovery of a null pointer dereference (CWE-476) denial of service (DoS) vulnerability in the PicoC interpreter. I …

Zero-Day Research: md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)

The best part about security research is the myriad of ways you can find bugs. Sometimes bugs present themselves through diligent research and planning over decades, some bugs demand deep thinking and well-positioned tools, and other times you throw your water bottle at the keyboard and something unexpected happens. Finding the buffer overflow vulnerability in …

HackTheBox: Baby Todo or Not Todo Challenge

Practice can be quite a double-edged sword. Most of us know that creating long-term behaviors and skills only comes through the reinforcement of those skills through practice. We often spend too little time thinking about how we practice and which behaviors are being reinforced during our practice sessions. For us to become good at analyzing …