Healthcare Breach Report analysis from the OCR/HHS

Posted on Mon 19 August 2024 in Thought • Tagged with healthcare, security, analytics, data

Breach Report!

Why am I writing about healthcare breach reports? Well I like data, especially unsexy data. Also a couple friends (you might know who) and I are looking into some unsexy parts of industries that are underserved and in need of help to make impact for the better good …


Continue reading

Evince Integer Overflow and Truncation Due to Type Promotion in TIFF Backend

Posted on Thu 01 August 2024 in Thought, vulnerability research and discovery • Tagged with chronicles, vulnerability research, vulnerability discovery, type promotion

I have been pretty facinated with type promotion bugs in the recent months. Why? Because I love when there is some crazy mixed data types with arithmetic. Something about math (in)correctly implemented always makes me geek out. For those not familiar with Type promotion, it's when data type values …


Continue reading

Back to the Chronicles [07/15/24]

Posted on Mon 15 July 2024 in Thought • Tagged with thought, daily, update

Just an update

Took some weeks off from the nightly grind. Although I mostly kept up with current events, research, reading, and watching some past con talks. Now it's Hacker Summer Camp time, and all the conferences are in full swing. I probably won't be attending them, but I do …


Continue reading

Now and Later Bug Hunting Side Quest [04/28/24]

Posted on Sun 28 April 2024 in Thought, vulnerability research and discovery • Tagged with zde, chronicles, VR, 0day, vulnerability research, vulnerability discovery

Distracted..

This post is more about a side quest, as I was a bit distracted awaiting some responses on some UAF and Format string vulnerabilities submitted to a couple bug bounty programs.

In order to keep momentum going and my thirst for knowledge well fed with regards to vulnerability discovery …


Continue reading

Rediscovering the Art of Vulnerability Discovery [04/24/24]

Posted on Wed 24 April 2024 in Thought, vulnerability research and discovery • Tagged with zde, chronicles, VR, 0day, vulnerability research, vulnerability discovery

Introduction to My Chronicles

If you've been keeping up with my adventures, you know I've dived back into low-level vulnerability discovery and research. Recently, I took some time to refresh my understanding of low-level code (assembly) and architecture review, particularly of ARM systems. Given that most systems I work on …


Continue reading