Welcome to securityCRUSH

Welcome to the securityCRUSH blog, a place where you can find random musings as well as postings relevant to information security, penetration testing, and my latest projects - Daniel Wood.


First and foremost, I'm an avid information security practitioner by trade and hobby.  I spend most of my time throughout the day working on security related projects and at night I am constantly researching security concepts and testing new and revolutionary products and services.  Having been in this field for over 12 years, I've had a wide breadth of experience as an analyst, architect, engineer, penetration tester, and manager.

I specialize in the following areas of information security: application security, penetration testing, malware analysis, reverse engineering, cryptography, cloud security, and counter-threat intelligence gathering and analysis.  I'm a self-taught developer, with a preference in HTML, PHP, and C#; with Perl, Python, and Ruby as my preferences for scripting for security related projects.

After Adobe was breached and millions of customers accounts were leaked online, I put together a script, adobextract to help other individuals, security researchers and organizations determine if their accounts were contained within the leaked database.  My script has been used by several Fortune 50 companies as well as several US Federal Agencies.

On December 6, 2013, I released information on the iOS mobile application for Subway of California detailing many things wrong with the application and how it did not protect customers sensitive data such as their Name, Address, Email Address, Credit Card data, Username and Passwords.  This vulnerability was given CVE-2013-6986.

On January 13, 2014, I released information on how Starbucks was logging customers Name, Address, Email Address, Username and Passwords within their mobile iOS application.  I've worked with Starbucks to ensure that their application successfully fixed those issues by conducting security testing on their app and published those results as well on January 17, 2014.  This vulnerability was given CVE-2014-0647.

No comments:

Post a Comment