About

This is my personal blog/site. It gets updated sometimes. I tend to post about application security, vulnerability research (by reading source code), and sometimes thoughts on teambuilding and wielding political power to improve security outcomes.

I used to work with this guy: http://heasman.blogspot.com

Now I work with this guy: https://tldrsec.com/blog/

I like cryptography and understanding how programming languages work.

I’m credited with a couple of CVEs:

• CVE-2018-1000210 : YamlDotNet insecure deserialization
• CVE-2019-0228 : Apache PDFBox Xml External Entity Injection in XFDF parser
• CVE-2019-10327 : Xml External Entity Injection in Jenkins Maven Pipeline plugin