I was originally a C programmer, with a focus on writing low level code for embedded platforms like the Nintendo DS, Arduino, and Raspberry Pi. However, I have since developed a passion for all areas of the infosec industry: vulnerability analysis, exploit development, reverse engineering, and writing research papers.
I am primarily focused on kernel exploitation, and am currently looking to use the knowledge acquired from my FreeBSD kernel research to progress onto more popular targets such as Linux, and XNU.
The source of my interest in this field stems from a project in which I attempted to exploit every single FIFA game on the DS to run unsigned code via stack overflow vulnerabilities in their save file handling code, which I eventually succeeded at!
Soon after this, I introduced myself to reverse engineering by analysing a piece of malware called VertexNet.
I then decided to research the Sony PlayStation 4 console, using a publicly available WebKit exploit to run my own ROP chains. I used this exploit to dump the available userland modules, and after some reverse engineering of how the JIT system calls were used, I was able to gain unsigned code execution under the WebKit process. Several months later, I developed a kernel exploit for the system using the BadIRET vulnerability. I used this exploit to dump the kernel, before analysing it to help me exploit a vulnerability in the kernel's dynamic linker, which I had previously found by fuzzing.
After having learnt a great deal about kernel exploitation through my PS4 research, I then decided to audit the FreeBSD kernel source code to look for vulnerabilities. I eventually proved successful in identifying and exploiting several critical bugs.
Although I have never had any formal teaching in computer science, and am predominantly self taught, I have learnt a great deal by collaborating with others during the course of much of my research.
I've worked with FreeBSD, Windows, Linux, and a variety of video game consoles from the NES to the PS4. I'm able to adapt quickly to new platforms, and apply a range of techniques to optimise code for either space or performance, as needed.