Hardware-Assisted AddressSanitization
Reducing ASAN memory usage by utilizing Top-Byte Ignore (TBI) on ARM64 hardware. Also, some 24-bit Apple Macintosh history.
Sean Deaton
AddressSanitization and Why You Should Use It
A quick guide on using AddressSanitization to find memory corruptions bugs at run-time.
How Learning Ruby Helped Me Understand Swift
I have a confession to make. Until recently, closure syntax confused me to no end. Specifically, I’m talking about Swift closures, but it also applies to other languages. I read Swift’s language specification, Paul Hudson’s guide on closures, and Stack Overflow posts. I even found this appropriately
The Problem with Open Source Software Security
Reporting vulnerabilities in open-source software is a nightmare. How can we make it better?
💎 The Ruby Association Certified Ruby Programmer Silver Exam
I wasted $150 to prove I kinda learned Ruby. And you can too!
Finding CVE-2022-3786 (openssl) with Mayhem
What is the bug?
Disclaimer, I didn’t discover the bug. I’m just here after the fact, showing how fuzzers can detect and prevent memory corruption issues like these. CVE-2022-3786 affected openssl versions 3.0.0 up to and including 3.0.6. This bug affected both clients and
Stop Using Single-Letter Command Line Options
Single-letter command line options are inferior for documentation. Stop using them if you're doing anything that anyone else relies on.
🐛 Fuzzing Random Ubuntu Packages with Mayhem - Part 1
About Mayhem
Mayhem is a cloud (or on-premises) fuzzing solution created by ForAllSecure. It has some great features that make fuzzing more approachable for software developers with little fuzzing experience. I almost think of it as a big red easy button for fuzzing. For experienced fuzz testers, it’s quite
Resume
My experience in life. 📈