Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.
About
About Me
I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!
Publications
- Towards Firmware Analysis of Industrial Internet of Things (IIoT)
- Standardized and Repeatable Technology Evaluation for CyberSecurity Acquisition
- Springer book chapter on “An Approach to Organizational Cybersecurity”
- IoDDoS- The Internet of Distributed Denial of Service Attacks: A Case Study on the Mirai Malware and IoT-Based Botnets
- TMT: Technology Matching Tool for SCADA Network Security
Certifications
- Offensive Security Certified Professional | OSCP
- GIAC Penetration Tester | GPEN
- Red Team Apprentice Certified | RTAC
- Certified Ethical Hacker | CEH
- Certified Information Systems Security Professional | CISSP
Blog
Zero-Day Research: PicoC Version 3.2.2 Null Pointer Dereference (CVE-2022-34556) Speedrun
PicoC is a miniature code interpreter developed for C scripting. According to their documentation, PicoC was first written as the scripting language for a UAV’s on-board flight system. In this zero-day post we are going to speedrun the discovery of a null pointer dereference (CWE-476) denial of service (DoS) vulnerability in the PicoC interpreter. I …
Zero-Day Research: md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)
The best part about security research is the myriad of ways you can find bugs. Sometimes bugs present themselves through diligent research and planning over decades, some bugs demand deep thinking and well-positioned tools, and other times you throw your water bottle at the keyboard and something unexpected happens. Finding the buffer overflow vulnerability in …
Continue reading “Zero-Day Research: md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)”
HackTheBox: Baby Todo or Not Todo Challenge
Practice can be quite a double-edged sword. Most of us know that creating long-term behaviors and skills only comes through the reinforcement of those skills through practice. We often spend too little time thinking about how we practice and which behaviors are being reinforced during our practice sessions. For us to become good at analyzing …
Continue reading “HackTheBox: Baby Todo or Not Todo Challenge”