Other Stuff
Publication
Cybersecurity AI: Hacking Consumer Robots in the AI Era
arXiv • 2025
PDF• Abstract
Speaking
Deductive Engine: LLM-Guided Binary Taint Analysis
Offensive AI Con • Oceanside, California • October 2025
Slides • Speaker Notes & In-Depth Look
Discover Shambles, the Next-Generation IoT Reverse Engineering
NorthSec • Montreal, Canada • May 2023
It's not a gun, but it's loaded - how to get DA in under 30 minutes
QCTF • Kingston, Canada • Jan 2023
Bug Writeups
- Moosefs - Heap buffer overflow in read_worker() via malicious chunkserver
- Moosefs - Systemic uint32 overflow in GID count validation across 23 FUSE handlers
- Moosefs - Integer overflow in in FUSE registration crashes master matoclserv_fuse_register() via ileng
- Moosefs - Heap OOB read in syslog packet handler matoclserv_syslog() via length check
- Moosefs - Integer overflow in SETXATTR length validation enables OOB read crash
- Moosefs - NULL pointer dereference in matoclserv_node_info() via NODE_INFO in unregistered dispatch
- Moosefs - POSIX ACL uint16 truncation leaks uninitialized heap information in posix_acl_set()
- Moosefs - Stack buffer overflow in matoclserv_sclass_create() via labelscnt
- Moosefs - Heap overflow via integer wrap in metalogger download
- Soundtouch - Heap Buffer Overflow Write in SoundTouch Rate Transposer via Unchecked setPitchOctaves/setRate
- Soundtouch - Heap OOB Read in SoundTouch FIFOSampleBuffer::setChannels() on Mid-Stream Channel Chang
- Soundtouch - evaluateFilterMulti Stack Buffer Overflow
- FFmpeg - Uninitialized AVTextFormatDataDump causes UB in avtext_print_data()
28 CVE's
CVE-2020-4757 CVE-2021-3271 CVE-2022-31898 CVE-2022-42054 CVE-2022-42055 CVE-2022-40843 CVE-2022-40844 CVE-2022-40845 CVE-2022-40846 CVE-2022-40847 CVE-2022-41395 CVE-2022-41396 CVE-2022-42053 CVE-2022-42058 CVE-2022-42060 CVE-2022-47697 CVE-2022-47698 CVE-2022-47699 CVE-2022-47700 CVE-2022-47701 CVE-2022-47703 CVE-2023-29778 CVE-2023-34940 CVE-2023-34941 CVE-2023-34942 CVE-2024-51096 CVE-2025-2850 CVE-2026-27509 CVE-2026-27510