Posted a technical #AttackerKB #writeup of CVE-2022-47986 (CVE_2022_47986 / #CVE202247986), a #Ruby #deserialization #vulnerability in IBM's Aspera software, which runs on a humorously old version of Ruby:

https://attackerkb.com/topics/jadqVo21Ub/cve-2022-47986/rapid7-analysis?source=mastodon

Fantastic in-depth analytics of CVE-2022-47966: https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966 #AttackerKB @catc0n @todb

I'm trying to get more serious about actually writing #AttackerKB analyses of things that catch my interest. Here's my writeup of #pr_pack mule which is totally the name of this vuln, h/t to @dreadpir8robots .

Wrote up a pair of #AttackerKB entries for the two vulnerabilities in #F5 #BigIP that we released today (largely the same as the blog, but more focus on technical and less on the story):

https://attackerkb.com/topics/i21EbdNxks/cve-2022-41622/rapid7-analysis

https://attackerkb.com/topics/ZClTQn4aG4/cve-2022-41800/rapid7-analysis

Since I'm pretty new here, and I got a whole pile of new followers last night, I figured I'd post my own #introduction! Peer pressure etc. :)

In my non-professional life, I'm a #Canadian living in #Seattle (been in the US for ~9 years), I have a cool husband named Chris, and we have two pet #parrots - green cheek #conures (GCCs) named Clang (like the C compiler) and Sharp (like C#).

Professionally, I've been interested in or working in #infosec kinda forever.. in highschool I used to write hacks and cheats for Starcraft / Diablo 2, some of which are on my GitHub profile. They don't work anymore, of course, but you can see what my old C++ code used to look like :)

Then I went to university at the University of #Manitoba, got a #compsci degree, and worked as a programmer before having a bunch of different infosec jobs - most recently, Google and Counter Hack.

These days, I'm a Lead Security Researcher at #Rapid7 where I spend all day analyzing #vulnerabilities and finding new ones. I get to write them up on #AttackerKB (https://attackerkb.com), the Rapid7 #blog (https://blog.rapid7.com), give talks about vulns that I think are cool (I'll be speaking at #HushCon in Seattle on the first week of December!) and contribute #exploits to #Metasploit when they're a good fit!

I also develop #CTF challenges, particularly for #BSidesSF. We release everything open source afterwards, so you can run them yourself or see our solutions. I also write about them on my blog - although, since I write semi-professionally now, I don't write much other than CTF writeups there.

And finally, me and a bunch of friends founded a #hackerspace called #SkullSpace in like 2012, which is #Winnipeg's best (also only) hackerspace. I haven't been there forevvver, but I'm still a card-carrying member and look forward to visiting again some day. :)

It's great to meet all y'all!