RESEARCH &
PUBLIC WORK.
CVE disclosures, vulnerability research, and responsible disclosure.
Vulnerability Research & CVEs
Industrial Lighting Controller Vulnerabilities
Joint research with Nick Schroeder examining critical security gaps in industrial lighting controllers (ETC Mosaic, Pharos LPC/TPC/MSC) deployed at high-profile landmarks. Unauthenticated information disclosure and default configuration weaknesses affecting stadium and entertainment venue infrastructure.
VIEW FULL RESEARCH →Kaseya RapidFire Tools Network Detective
Critical credential storage vulnerabilities in Kaseya's widely-deployed MSP network assessment platform. Cleartext credential storage and deterministic encryption allow trivial password extraction from temporary files. Affects thousands of MSPs running Network Detective for customer assessments.
- > Cleartext credentials in temp files (CVE-2025-32353)
- > Hardcoded encryption keys enable decryption (CVE-2025-32874)
- > Full environment takeover via credential harvesting
Podcasts & Media
Hacker and the Fed
A conversation with Hector Monsegur (Sabu) and FBI Special Agent Chris Tarbell, who led the LulzSec investigation. We discuss what happened, what I learned, and how all of us have changed since.
LISTEN ON SPOTIFY →
LEVEL UP: vCSO EDITION
Co-authored with Bruce McCully. A simple, scalable vCSO framework for MSPs/MSSPs that grows your bottom line while reducing liability.
HOVER OVER BOOK TO VIEW BACK COVER
GET THE BOOK →Hacker's View of Cyberthreat Landscape
Two-part deep dive with Channel Insider on how attackers actually operate. Not the sanitized conference version—real methodology, real tooling, and what actually stops us.
WATCH PART 1 → PART 2 →Cyber Crime Junkies
A conversation about attacker psychology and what defenders can learn from how the other side thinks.
WATCH NOW →