Welcome! This is the main site for Halcyonic Security Research where I post on interesting (or random) Cybersecurity topics.
About
About Me
I’m a cyber security researcher and a composer/musician in my free time. I love doing CTFs and enjoy researching IoT/SCADA/ICS. As a security researcher I love finding bugs and exploring them, so if you find one here let me know!
Publications
- Towards Firmware Analysis of Industrial Internet of Things (IIoT)
- Standardized and Repeatable Technology Evaluation for CyberSecurity Acquisition
- Springer book chapter on “An Approach to Organizational Cybersecurity”
- IoDDoS- The Internet of Distributed Denial of Service Attacks: A Case Study on the Mirai Malware and IoT-Based Botnets
- TMT: Technology Matching Tool for SCADA Network Security
Certifications
- Offensive Security Certified Professional | OSCP
- GIAC Penetration Tester | GPEN
- Red Team Apprentice Certified | RTAC
- Certified Ethical Hacker | CEH
- Certified Information Systems Security Professional | CISSP
Blog
Zero-Day Research: Ezgif Server Side Request Forgery
Web applications are quite powerful and diverse in their functionality. I can’t imagine anyone could have predicted how fast web technology could forge its way into every sector of business in the world. It seems as if every day a new type of widget, app, and social networking site are created to appeal to a …
Continue reading “Zero-Day Research: Ezgif Server Side Request Forgery”
HackTheBox: Baby Todo or Not Todo Challenge
Practice can be quite a double-edged sword. Most of us know that creating long-term behaviors and skills only comes through the reinforcement of those skills through practice. We often spend too little time thinking about how we practice and which behaviors are being reinforced during our practice sessions. For us to become good at analyzing …
Continue reading “HackTheBox: Baby Todo or Not Todo Challenge”
HackTheBox: Looking Glass Web Challenge
Today we will be walking through the ‘Looking Glass’ web challenge from HackTheBox. This specific challenge is quite simple but provides great insight into common web security flaws that you might find in custom-built applications. HackTheBox is an online platform that hosts various penetration testing challenges ranging anywhere from binary exploitation, web security, Windows Active …