K. Reid Wightman 🌻

@reverseics@infosec.exchange

mastodon 4.6.0-alpha.5+glitch

Tinker, Sailor, Biker, Hi

I do industrial security research for a living, mostly looking for #vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities.

Occasionally I analyze #industrial #malware, too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about.

I work for a little startup in the space called Dragos. In my spare time I enjoy long distance #bicycling, #sailing, and doting on our #pets.

I used to have an account on , however I haven't used it in a while and you should no longer assume that it's under my control.

Trying not to be one of the 80% that can be moved in either direction.

0 Followers

0 Following

Joined October 28, 2022

Location:

Des Moines, IA, USA, Planet Earth, second spiral arm around Sagittarius A

Pronouns:

he/him or they/them

Security Level:

Currently clean on opsec

Posts

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

oil on its way to the moon! hodl.

View on infosec.exchange

2

0

1

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

#directorytraversalmemes

View on infosec.exchange

22

0

11

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

#directorytraversalmemes

View on infosec.exchange

5

0

2

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

"GAYINT: The threat intelligence so cool, they can't talk about it in Florida."

View on infosec.exchange

0

0

0

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

30 years later, singing backup to Tori Amos always makes me feel better.

View on infosec.exchange

4

0

0

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Mar 07, 2026

C Y B E R D E T E R R E N C E

View on infosec.exchange

1

0

0

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 25, 2026

oh heck yeah

View on infosec.exchange

19

0

3

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 23, 2026

Our site admin (@jerry@infosec.exchange) is about to get walloped with additional hosting fees, thanks to the great AIpocalypse that is messing up everything with datacenter costs.

I love the fediverse because there are no bullshit targeted ads and no bullshit algorithm-boosted messaging. Just a bunch of humans running servers. The downside of this is there is very little money in running servers and they cost more and more to keep going.

I increased my donation a bit today to help keep up with the costs.

Consult your instance admin for where to donate. In our case you can look at Jerry's profile for the official donation places. If you can afford to donate please do. If you can afford to increase your donation, please do that too.

View on infosec.exchange

135

3

195

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 23, 2026

You wouldn't dare steal /our/ data, said the Stealing Everybody's Copyrighted Data Corporation.

View on infosec.exchange

45

0

29

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 20, 2026

View on infosec.exchange

63

0

46

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 16, 2026

View on infosec.exchange

3

1

0

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 16, 2026

#directorytraversalmemes

View on infosec.exchange

4

1

1

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 16, 2026

Fun fact: the release of the movie Clerks is closer to the US' ground entry into the Vietnam War than to today. 🧓 .

View on infosec.exchange

0

0

0

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 16, 2026

Trying to figure out why one of the ground clamps on my water pipe was corroding lead me to check the water pipe itself. It has between 1 and 3 amps flowing through the copper pipe much of the time.

Took off the subpanel plate as a first check and what do you know, there is a ground connected to neutral. What the heck. And yes several outlets branches are connected to this "ground" wire.

Time to look at the other panels in the house and figure out what madness lies beneat.

View on infosec.exchange

6

3

1

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 14, 2026

#directorytraversalmemes

View on infosec.exchange

1

0

1

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 14, 2026

Anthropic wrote a blog post about their LLM finding 0days in open source projects. I reviewed the first vulnerability they reported, in OpenSC, and as far as I can tell the bug isn't even real? I think so anyway, otherwise I'll eat some humble pie.

I was looking at the code at the time (so a few weeks ago, before opensc removed the strcat call and replaced with strlcat):

https://github.com/OpenSC/OpenSC/blob/33ab343a5c7d80db8cbc17d26f0edbe9dcdae299/src/libopensc/card-piv.c

The offending lines are around line 5145. According to anthropic, this is a buffer overflow found by their predictive text algorithm.

But it's interesting to read the code and to read the context of the code. 'fp' is a string guaranteed to be 64 bytes in length, because of line 5138. This checks the strlen(fp) and if it isn't 64, the code exits with an error.

So the math is: 'filename' is filled with a string that is at maximum 4096-64-2 bytes long == max 4030 bytes. This value (maximum 4030) is eventually passed to a strlcat() call inside of sc_get_cache_dir(), where it is used as the 'size' argument. This means that 'filename' has a maximum size of 4030 bytes when sc_get_cache_dir() exits.

Then the code strcat's one byte (for the '/'), onto the 'filename' buffer, then 64 more bytes (for the 'fp' string) onto 'filename' buffer, meaning the buffer cannot be overflowed because the maximum string length is now 4095 (the last byte being a null terminator).

So, anthropic's LLM probably spent 4 seconds 'finding' this 'vulnerability'. I spent about an hour looking at the code to debunk their finding (really 20 minutes looking at the code, followed by 40 minutes of hemming and hawing about whether I'm right and making sure there wasn't a signed size or some other gotcha, then being anxious about saying anything because golly human brains are funny machines).

I guess it's cool that opensc changed the calls to strlcat() now and that is probably a good thing, but this was never even a bug anyway so it didn't help anything today.

Unless the compiler magically omits instructions like the strlen() check some day. Which, if we really go down the path of compilers being generated by LLMs I guess that is a valid concern 😉 .

View on infosec.exchange

16

3

19

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Feb 03, 2026

#directorytraversalmemes

View on infosec.exchange

71

0

25

0

Boosted by

Charlie Stross @cstross@wandering.shop

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Jan 03, 2026

The Hard Times giving The Onion a run for their money: https://thehardtimes.net/breaking/ice-accidentally-sends-maduro-back-to-venezuela/

View on infosec.exchange

249

0

188

0

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

K. Reid Wightman

K. Reid Wightman

@reverseics@infosec.exchange

Tinker, Sailor, Biker, Hi I do industrial security research for a living, mostly looking for # vulnerabilities in all of the wrong places. I like reverse engineering how PLC logic systems function under the hood, learning how safety instrument protocols work, and figuring out what malicious threat groups are doing and can do with access to such systems. A long time ago, I invented the term 'foreverday' to describe unfixable vulnerabilities. Occasionally I analyze # industrial # malware , too, and on very rare occasions encounter threat groups that actually write malicious logic to do the vile things that I like to learn about. I work for a little startup in the space called Dragos. In my spare time I enjoy long distance # bicycling , # sailing , and doting on our # pets . I used to have an account on :birdsite:, however I haven't used it in a while and you should no longer assume that it's under my control. Trying not to be one of the 80% that can be moved in either direction.

infosec.exchange

@reverseics@infosec.exchange · Apr 25, 2024

Updated firewall guidance just released.

View on infosec.exchange

440

0

267

0