Zion Boggan
repos/Security Portfolio/commits/258f6d5
zionboggan.com ↗
Code Commits Tags

Add clip #3 (crypto research) - three-clip range story

Real responsibly-disclosed finding: uint8_t/uint64_t type confusion in
Fireblocks mpc-lib batch range-proof verification (40-bit check silently
reduced to 8-bit, ~4.3e9x weaker). Completes the 'See it in action' arc:
web breach -> server takeover -> cryptographic code review.
258f6d5   Zion Boggan committed on May 30, 2026 (3 weeks ago)
assets/hero/crypto-demo-poster.jpg +0 -0
Binary file not shown
assets/hero/crypto-demo.mp4 +0 -0
Binary file not shown
index.html +22 -3
@@ -71,6 +71,7 @@
.demobar .dlabel{color:var(--faint);font-size:12.5px;margin-left:8px;}
.demobar .dbadge{margin-left:auto;color:#06231f;background:var(--accent);font-size:11px;font-weight:700;
padding:3px 9px;border-radius:5px;letter-spacing:.5px;}
+ .demobar .dbadge.alt{background:#7aa2f7;color:#06122a;}
.demovid{display:block;width:100%;height:auto;background:#0a0c10;cursor:pointer;}
.democap{margin:0;padding:15px 18px;color:var(--soft);font-size:14px;line-height:1.55;
background:var(--panel);border-top:1px solid var(--line);}
@@ -212,9 +213,10 @@
<section id="proof" class="proof"><div class="wrap">
<div class="shead"><span class="idx mono">00</span><h2>See it in action</h2><span class="rule"></span></div>
- <p class="proof-intro">Two recorded proofs-of-concept against applications I host in a lab I
- control - a web-app data breach, then full server takeover. Real exploits, real output,
- nothing staged. The techniques are the ones I use in authorized testing; never against
+ <p class="proof-intro">Three recordings, all real output, nothing staged: a web-app data
+ breach and a full server takeover against targets I host in a lab I control, then a real
+ cryptographic flaw I found and responsibly disclosed in production software. Offensive
+ web, infrastructure, and deep code review - the range I actually work in. Never against
systems I don't own.</p>
<div class="demo">
@@ -248,6 +250,23 @@
an appliance's diagnostics tool: a "ping" box that <b>runs whatever I type - as root</b>.
One request turns into <b>remote code execution and the server's production secrets</b>.</p>
</div>
+
+ <div class="demo">
+ <div class="demobar">
+ <span class="d r"></span><span class="d y"></span><span class="d g"></span>
+ <span class="dlabel mono">03 - cryptographic research · production code</span>
+ <span class="dbadge alt mono">DISCLOSED</span>
+ </div>
+ <video class="demovid" autoplay muted loop playsinline preload="auto"
+ poster="/assets/hero/crypto-demo-poster.jpg"
+ onclick="if(this.requestFullscreen)this.requestFullscreen()">
+ <source src="/assets/hero/crypto-demo.mp4" type="video/mp4">
+ </video>
+ <p class="democap"><span class="step mono">03 · CRYPTO RESEARCH</span> Not a lab - a real flaw I
+ found and responsibly disclosed in <b>Fireblocks' MPC threshold-signature library</b>: a
+ one-byte type confusion silently cut a 40-bit security check down to 8 bits
+ (<b>~4.3 billion× weaker</b>). The difference between running tools and reading the crypto.</p>
+ </div>
</div></section>
<section id="oversight"><div class="wrap">