Home

Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.

About

About Me

I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!

Publications

Certifications

  • Offensive Security Certified Professional | OSCP
  • GIAC Penetration Tester | GPEN

Blog

2020 Quarantine CTF

In honor of social distancing, I will be hosting a remote quarantine CTF Thursday, April 2nd, 2020 from 6:00-9:00 PST. The CTF is completely free and presents five different web application security challenges. You can easily register here to secure your spot! Details Any way that you can find the flag is valid in my book. That …

Zero-Day Research: Mechanical Keyboard Finder Version 4.31

Introduction In this edition of Zero-Day Research, I happen to come across a DOM-based Cross Site Scripting Vulnerability in ‘Mechanical Keyboard’s (MK’s) Famous Mechanical Keyboard Finder (Version 4.31)’ and helped their team verify the issue upon request. I have to give lots of kudos to the awesome security team at MK. They quickly responded and patched …

Return to .Text

Prerequisites In this article, we are going to quickly discuss a ROP technique called ‘return to .text’ (ret2.text). Before you proceed to learn about this slightly more advanced topic, I recommend becoming extremely familiar with the following prerequisites before moving on: Exploiting Basic Buffer Overflows Return Oriented Programming (ROP) Return to LIBC Python Basic C …