Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.
I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!
- Towards Firmware Analysis of Industrial Internet of Things (IIoT)
- Standardized and Repeatable Technology Evaluation for CyberSecurity Acquisition
- Springer book chapter on “An Approach to Organizational Cybersecurity”
- IoDDoS- The Internet of Distributed Denial of Service Attacks: A Case Study on the Mirai Malware and IoT-Based Botnets
- TMT: Technology Matching Tool for SCADA Network Security
- Offensive Security Certified Professional | OSCP
- GIAC Penetration Tester | GPEN
- Red Team Apprentice Certified | RTAC
- Certified Ethical Hacker | CEH
- Certified Information Systems Security Professional | CISSP
PicoC is a miniature code interpreter developed for C scripting. According to their documentation, PicoC was first written as the scripting language for a UAV’s on-board flight system. In this zero-day post we are going to speedrun the discovery of a null pointer dereference (CWE-476) denial of service (DoS) vulnerability in the PicoC interpreter. I …
The best part about security research is the myriad of ways you can find bugs. Sometimes bugs present themselves through diligent research and planning over decades, some bugs demand deep thinking and well-positioned tools, and other times you throw your water bottle at the keyboard and something unexpected happens. Finding the buffer overflow vulnerability in …
Practice can be quite a double-edged sword. Most of us know that creating long-term behaviors and skills only comes through the reinforcement of those skills through practice. We often spend too little time thinking about how we practice and which behaviors are being reinforced during our practice sessions. For us to become good at analyzing …