Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.


About Me

I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!



  • Offensive Security Certified Professional | OSCP
  • GIAC Penetration Tester | GPEN
  • Red Team Apprentice Certified | RTAC
  • Certified Ethical Hacker | CEH
  • Certified Information Systems Security Professional | CISSP


Zero-Day Research: CVE-2022-41220 md2roff Version 1.9 Buffer Overflow

After multiple rounds of fuzz testing, I discovered that md2roff version 1.9 suffered from a stack buffer overflow vulnerability via a Markdown file containing a large number of consecutive characters to be processed. Replication To replicate the vulnerability, download a vulnerable version of md2roff (version 1.9): Once the project is compiled, we can use md2roff …

Zero-Day Research: PicoC Version 3.2.2 Null Pointer Dereference (CVE-2022-34556) Speedrun

PicoC is a miniature code interpreter developed for C scripting. According to their documentation, PicoC was first written as the scripting language for a UAV’s on-board flight system. In this zero-day post we are going to speedrun the discovery of a null pointer dereference (CWE-476) denial of service (DoS) vulnerability in the PicoC interpreter. I …

Zero-Day Research: md2roff Version 1.7 Buffer Overflow (CVE-2022-34913)

The best part about security research is the myriad of ways you can find bugs. Sometimes bugs present themselves through diligent research and planning over decades, some bugs demand deep thinking and well-positioned tools, and other times you throw your water bottle at the keyboard and something unexpected happens. Finding the buffer overflow vulnerability in …