Jimmy Wylie
@mayahustle.com
I look for ICS threats, and spend a lot of time reverse engineering.
Distinguished Malware Analyst @ Dragos.
Lead Analyst on TRISIS and PIPEDREAM.
He/Him
Distinguished Malware Analyst @ Dragos.
Lead Analyst on TRISIS and PIPEDREAM.
He/Him
“No, that’s my neighbor, Bobby. I live at 502, but you have to write 501 on the package or the mail carrier brings it to the wrong house. He has a problem.”
ICS is fun. This blog covers the problem:
blog.softwaretoolbox.com/topserver-mo...
(H/T to Reid Wightman for inspiring this post)
(2/2)
ICS is fun. This blog covers the problem:
blog.softwaretoolbox.com/topserver-mo...
(H/T to Reid Wightman for inspiring this post)
(2/2)
Modbus Offset vs. Addressing: Why Does It Matter?
Discover the relationship between the Modbus address used by TOP Server and the physical offset in a device when enabling/disabling Zero-Based Addressing.
blog.softwaretoolbox.com
October 31, 2025 at 5:18 PM
“No, that’s my neighbor, Bobby. I live at 502, but you have to write 501 on the package or the mail carrier brings it to the wrong house. He has a problem.”
ICS is fun. This blog covers the problem:
blog.softwaretoolbox.com/topserver-mo...
(H/T to Reid Wightman for inspiring this post)
(2/2)
ICS is fun. This blog covers the problem:
blog.softwaretoolbox.com/topserver-mo...
(H/T to Reid Wightman for inspiring this post)
(2/2)
Other questions I'm exploring:
How much does AI know about ICS protocols?
Does AI truly lower the barrier for entry? If not, is that an AI limitation or am I just "holding it wrong"?
Is it shortening my development time? Or solving some problems but creating new ones for a net-zero benefit?
2/2
How much does AI know about ICS protocols?
Does AI truly lower the barrier for entry? If not, is that an AI limitation or am I just "holding it wrong"?
Is it shortening my development time? Or solving some problems but creating new ones for a net-zero benefit?
2/2
October 27, 2025 at 2:04 PM
Other questions I'm exploring:
How much does AI know about ICS protocols?
Does AI truly lower the barrier for entry? If not, is that an AI limitation or am I just "holding it wrong"?
Is it shortening my development time? Or solving some problems but creating new ones for a net-zero benefit?
2/2
How much does AI know about ICS protocols?
Does AI truly lower the barrier for entry? If not, is that an AI limitation or am I just "holding it wrong"?
Is it shortening my development time? Or solving some problems but creating new ones for a net-zero benefit?
2/2
MinusOne, a deobfuscation engine for scripting languages: github.com/airbus-ce...
EPIC Erebus for PCIe and DMA attack research: www.crowdsupply.com/...
3/3
EPIC Erebus for PCIe and DMA attack research: www.crowdsupply.com/...
3/3
GitHub - airbus-cert/minusone: Powershell Linter
Powershell Linter. Contribute to airbus-cert/minusone development by creating an account on GitHub.
github.com
October 24, 2025 at 7:58 PM
MinusOne, a deobfuscation engine for scripting languages: github.com/airbus-ce...
EPIC Erebus for PCIe and DMA attack research: www.crowdsupply.com/...
3/3
EPIC Erebus for PCIe and DMA attack research: www.crowdsupply.com/...
3/3
Here are a few of the projects I enjoyed learning about this time around:
Thorium Malware Pipeline: github.com/cisagov/t...
CTADL Static Taint Analysis Tool: github.com/sandialab...
2/3
Thorium Malware Pipeline: github.com/cisagov/t...
CTADL Static Taint Analysis Tool: github.com/sandialab...
2/3
GitHub - cisagov/thorium: A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale.
A scalable file analysis and data generation platform that allows users to easily orchestrate arbitrary docker/vm/shell tools at scale. - cisagov/thorium
github.com
October 24, 2025 at 7:58 PM
Here are a few of the projects I enjoyed learning about this time around:
Thorium Malware Pipeline: github.com/cisagov/t...
CTADL Static Taint Analysis Tool: github.com/sandialab...
2/3
Thorium Malware Pipeline: github.com/cisagov/t...
CTADL Static Taint Analysis Tool: github.com/sandialab...
2/3
I couldn’t think of a picture, so here’s an image from an old show that probably planted the seed for me to become a malware analyst.
October 10, 2025 at 6:40 PM
I couldn’t think of a picture, so here’s an image from an old show that probably planted the seed for me to become a malware analyst.
I enjoyed it, but I’ll readily admit, it’s not for everyone.
October 8, 2025 at 4:45 PM
I enjoyed it, but I’ll readily admit, it’s not for everyone.
I learned about it reading Orange’s write up in Phrack72: phrack.org/issues/72...
And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0...
Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history.
3/3
And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0...
Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history.
3/3
The Art of PHP - My CTF Journey and Untold Stories!
Click to read the article on phrack
phrack.org
September 19, 2025 at 6:59 PM
I learned about it reading Orange’s write up in Phrack72: phrack.org/issues/72...
And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0...
Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history.
3/3
And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0...
Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history.
3/3
Orange and Splitline discovered they could abuse this feature to turn a soft hyphen into a normal one and bypass a 2012 PHP argument injection patch to leak data and potential RCE.
It’s a fascinating attack surface and a case study on how benign OS features can become unexpected attack vectors.
2/3
It’s a fascinating attack surface and a case study on how benign OS features can become unexpected attack vectors.
2/3
September 19, 2025 at 6:59 PM
Orange and Splitline discovered they could abuse this feature to turn a soft hyphen into a normal one and bypass a 2012 PHP argument injection patch to leak data and potential RCE.
It’s a fascinating attack surface and a case study on how benign OS features can become unexpected attack vectors.
2/3
It’s a fascinating attack surface and a case study on how benign OS features can become unexpected attack vectors.
2/3