Adversary Academy ResearchClocking into The Network — Attacking KronosTimeclock DevicesOne of the services I’m most excited about at Adversary Academy is our targeted vulnerability research (TVR) program. The challenge I’ve…3 min read·Sep 27, 2023----
Adversary Academy ResearchNo Mud No Lotus: The art of transforming breaches through security improvementIn Buddhist philosophy I often hear the expression “No Mud, No Lotus” this expression aligns with the Buddhist view that life and existence…5 min read·Mar 9, 2023--1--1
Adversary Academy ResearchConfessions of a bug bounty program managerIn my previous article I wrote about my experiences as a top ranked bug bounty hunter. In this article I will write about my experiences on…5 min read·Feb 17, 2023----
Adversary Academy ResearchConfessions of a top-ranked bug bounty hunterFrom 2016 to 2017 I was very active in the bug bounty space, working almost exclusively with Synack. My first year doing bug bounties I was…5 min read·Feb 15, 2023----
Adversary Academy ResearchPatch diffing CVE-2022–21907Our security team does an in-depth analysis of critical security vulnerabilities when they are released on patch Tuesday. This patch…5 min read·Jan 12, 2022----
Adversary Academy ResearchRoot cause analysis on unusual stack writing functions with IDA.A common problem when doing vulnerability research and exploit development is identifying interesting components within binary code. Static…4 min read·Jan 9, 2022----
Adversary Academy ResearchThe Seven Habits of Highly Effective Purple TeamsAs we are approaching the new year I've been thinking about the milestones and achievements that I’ve been able to accomplish both…6 min read·Jan 2, 2022----
Adversary Academy ResearchCVE-2021–3310 Western Digital MyCloud PR4100 Link Resolution Information Disclosure VulnerabilityPwn2own is something like the “academy awards” for exploits and like any good actor… or in this case hacker I dreamt of my chance on the…7 min read·Jun 15, 2021----
Adversary Academy ResearchDeath By a Thousand PapercutsPatch diffing major releases4 min read·Feb 19, 2021----
Adversary Academy ResearchWhy you DON’T need the OSCP to land a cybersecurity job in 2020(or any other security certifications for that matter)4 min read·Feb 21, 2020----