I'm a Sydney-based security engineer, consultant and researcher. You can find me on Twitter @0x6c73 or email me at ls at moar.so.

Blog posts

2015-12-28:

Exploring the QNX shadowed password hash formats

2015-10-08:

iOS 9 tethering and the use of VPNs

Security contributions to open source projects

2016-12-05:

ryanbrainard/forceworkbench: Fix 30+ reflected cross-site scripting vulnerabilities

2016-01-20:

Kitware/CDash: Fix insecure random number generator use

2015-11-04:

Kitware/CDash: Update recoverPassword.php to use a secure random number generator (password prediction attack)

2015-11-03:

Kitware/CDash: Remove router.php and tests/test_router.php (remote code execution)

2015-03-25:

nakagami/CyMySQL: Fix broken SSL/TLS socket wrapper (functional issue)

Bursts of enthusiasm (code, scripts, tools)

2017-06-05:

Middlebox bootstrap scripts for Arch Linux on a Raspberry Pi 3

2016-01-21:

Sample code for XOR encryption oracles

2016-01-09:

Steam Source Dedicated Server Docker image for Linux