█
I'm David Rochester, a penetration tester by day and a security researcher by night. I studied computer science in undergrad and found a passion for cybersecurity, specifically offensive cybersecurity. I have some security certifications and a few CVEs, most notably in Docker and Ollama. I enjoy writing code and hacking things, whether it's new toys my kids get, new technology my wife brings home, or anything else I find interesting. I occasionally participate in CTFs, but recently my efforts have been focused on researching OSS and looking for novel vulnerabilities.
SSRF in Docker Model Runner’s OCI authentication flow. A malicious registry can redirect the token exchange to scan internal networks and exfiltrate tokens during a model pull....
Missing authentication in the smART Sketcher 2.0 allows anyone within Bluetooth range to send arbitrary images to a child’s toy without any pairing or authorization....
Phase 6 of the CMU Binary Bomb. Reversing a linked list sorting algorithm to find the correct node ordering and defuse the final bomb....
Phase 5 of the CMU Binary Bomb. Mapping an array lookup chain to find the input that iterates exactly 15 times and lands on 0xF....
Phase 4 of the CMU Binary Bomb. Using Ghidra to decompile a recursive function and trace the call tree to find the correct input....
Phase 3 of the CMU Binary Bomb. Tracing sscanf format strings and conditional jumps to find the correct two-number input....
Phase 2 of the CMU Binary Bomb. Reverse engineering a doubling algorithm that expects the sequence 1 2 4 8 16 32....
Phase 1 of the CMU Binary Bomb. Using WinDbg to find a plaintext string comparison and defuse the first phase....
Introduction to the CMU Binary Bomb reverse engineering challenge. Background on the lab, tools used, and what to expect across all 6 phases....
Walkthrough of the ‘bof’ challenge from pwnable.kr. Analyzing the stack layout in Ghidra and crafting a buffer overflow payload to overwrite a function parameter....
