Active Researcher

Vulnerability
Research & Security

Identifying and responsibly disclosing vulnerabilities in cryptographic systems, compilers, and public infrastructure.

Kernel V8/JIT NFC/RFID Cryptography
Stuart Thomas — security researcher, wearing many hats
35+ Years in Security
Open Source & Research
NHS National Crypto Standards
Oracle Former Ethical Hacker
Expertise

What I look at.

macOS & Darwin / XNU

Methodology for macOS vulnerability research — the BSD-to-XNU CVE cross-reference technique, the discipline of evidence and red-team review, vendor coordination under the 90-day standard. See the free Complete Framework book.

🔐

Cryptographic Systems & Smart Cards

Smart card design, PKI architecture, key management, and cryptographic protocol analysis. Co-authored NHS national cryptographic standards (2004). Designed ActivCard contactless and TfL Oyster contactless ticketing infrastructure.

🎮

Network Infrastructure

Large-scale network architecture. Designed PlayStation 2 network infrastructure for UK market. Resilience, scalability, secure connectivity.

💾

Compiler & JIT Analysis

Low-level vulnerability research in optimising compilers. Type coercion, unboxing, JIT-specific edge cases. V8, Turbofan, Maglev, SpiderMonkey.

🏛

Public Infrastructure

Security analysis for NHS, TfL, financial institutions, and government networks. Scalability, resilience, regulatory compliance.

🛡

Application Security

OWASP research, injection attacks, authentication bypass, supply chain security, and attack surface reduction.

📡

Protocol & Network

ICMP crafting, DNS poisoning, tunnel protocols. Edge case exploration in RFC-compliant implementations.

Data Protection & Privacy

UK GDPR, DPA 2018, emerging AI/ML privacy risks. Data subject rights, breach response, and algorithmic transparency. CIPP/E certified.

Published Work

Published work and findings.

2026

The Calculator Discipline — AI-Assisted Disclosure Hallucinations

Methodology paper · DOI 10.5281/zenodo.20393083 · CC BY 4.0 · tool BSD-2-Clause
A four-class taxonomy of AI-assisted disclosure failure modes (bug-shape, evidence, severity, trivial-as-critical), a pre-send filter (hallucination_check.py) that catches the mechanical two, and two real disclosure withdrawals plus one near-miss from the author’s own 2026 OpenBSD work. Honest case studies from the sender’s end of a problem the field has so far only described from the receiver’s end.

Read the paper · TriageForge summary · Zenodo (DOI)
2026

RELAYD-001 — OpenBSD relayd: CL.TE HTTP request smuggling

OpenBSD usr.sbin/relayd · CWE-444 · latent since 5.2 (2012) · fixed in −current 2026-06-03 · commit e8e5aa2db9c
relayd parsed the body of an HTTP message using Transfer-Encoding: chunked but did not strip a co-present Content-Length header before forwarding to the backend, contrary to RFC 9112 §6.1. A single crafted request makes the proxy and the backend disagree on the message boundary (the textbook CL.TE primitive), enabling HTTP request smuggling against any backend that prefers Content-Length when both headers are present. Thirteen years latent; found by a targeted source-review pass against the RFC framing rules.

Read the disclosure · TriageForge case study · Upstream commit
2026

OpenSMTPD — five upstream hardening fixes

OpenBSD usr.sbin/smtpd · committed 2026-05-26 by Gilles Chehade (poolpOrg@) · all credit me as diff author · not RCE
Five commits landed in OpenBSD −current on 2026-05-26 following a corrected per-claim disclosure to the OpenBSD security team. Defense-in-depth and hardening across mproc.c, lka.c, smtp_session.c, crypto.c and queue_backend.c. The original 2026-05-23 framing as “chained to RCE” was inflated and was retracted before the upstream commits; this page is the resolution side of the case study at the centre of The Calculator Discipline.

Read the disclosure · TriageForge case study
Full Disclosure  ·  Vendor Ethics & Psychological Contracts
2026
Disclosure

PING-01: /sbin/ping -G sweepmax — Controlled BSS Out-of-Bounds Write on macOS

Apple Security Bounty · OE1105761557610 · 13 May 2026
Missing bounds check on -G sweepmax in /sbin/ping. The fill loop writes past the end of the 65,535-byte outpackhdr global array, overwriting adjacent BSS globals including the socket file descriptor at a deterministic +128-byte offset. Empirically confirmed: sweepmax=65637 overwrites s with 0x63, every subsequent setsockopt() fails EBADF, exit 71. Write-what-where primitive on x86_64 (pointer globals in reach); state-corruption only on arm64e (PAC). One-line fix symmetric to the existing -s guard. Apple confirmed reproduction 16 April 2026; fix scheduled Fall 2026.

Full Disclosure · GitHub · Vendor ref: OE1105761557610

Status note: Published ahead of Apple’s scheduled fix release. ASB bounty consideration accordingly forfeited.
2026
Disclosure

SMB-01A: smbd FSCTL_SRV_COPYCHUNK Missing Limit Enforcement — Network DoS on macOS

Apple Security Bounty · OE1105668888438 · 13 May 2026
Apple’s /usr/sbin/smbd does not enforce any of the three limits mandated by MS-SMB2 §3.3.5.15.6: MaxChunkCount (256), MaxChunkSize (1 MiB), MaxDataSize (16 MiB). An authenticated SMB session can send a 256-byte IOCTL request that drives up to 64 GiB of disk I/O, exhausting smbd and rendering the host unresponsive. Amplification ratio 256 bytes in : 64 GiB out. Confirmed at runtime against macOS 26.4.1 arm64e with all four limit-violation tests returning STATUS_SUCCESS. CVSS 3.1: 6.5. Apple confirmed and upgraded to “In progress” 25 April 2026; fix scheduled Fall 2026. Operator mitigations available now.

Full Disclosure · GitHub · Vendor ref: OE1105668888438

Status note: Published ahead of Apple’s scheduled fix release. ASB bounty consideration accordingly forfeited.
2026
Disclosure

MAILDROP-01: Apple Maildrop URLs Expose Unsigned Client-Controlled Parameters — Phishing-Grade Identity Spoofing on icloud.com

Apple Security Bounty · OE1950888220 · First filed 7 July 2023 · Published 13 May 2026
Apple’s Maildrop attachment service generates per-attachment URLs with three unsigned, client-controlled parameters: f= (filename), sz= (file size), and a template substitution that interpolates ${f} directly into the CDN download path. Any party with a valid Maildrop URL can rewrite the filename, size, and inferred file-type icon displayed on the icloud.com landing page — and the CDN will echo the fake name via Content-Disposition to the recipient’s browser. A phishing primitive hosted on an Apple domain. CVSS 3.1: 5.4 Medium. Reported 7 July 2023. Status: “Prioritised for review” as of 8 April 2026. Time since first report: 34 months. No remediation deployed at time of publication.

Full Disclosure · GitHub · Vendor ref: OE1950888220

Status note: Published after 34 months of vendor silence past the 90-day window, with no fix shipped at time of disclosure. ASB bounty consideration accordingly forfeited.
Papers

Two of these are listed in the External Links of Wikipedia articles I didn’t write — ICMP Tunnel and SQL injection. Felt good. Still does.

2026
Book · Free

macOS Security Research: A Complete Framework

Independent · Released free under CC BY-SA 4.0
A complete six-phase methodology distilled from 35 years of structured practice — Scope, Recon, Research Tracks, Red-Team, Submission, Archive. Eleven chapters covering vendor disclosure under the 90-day standard, the Darwin/XNU security landscape (with the FreeBSD/OpenBSD CVE cross-reference technique), the discipline of proof, and the human side of working with vendor security teams. Builds on the 2001 SANS ICMP work and follows PING as the through-line metaphor. Released April 2026 as a free gift to the community under copyleft. DOI: 10.5281/zenodo.19855016. ORCID: 0009-0008-4518-0064.

Download (HTML / EPUB / PDF) · 5-min TL;DR
2026
Paper

The Empirical Council: Adversarial LLM Review with Hallucination Detection in Solo Security Research

Independent Research · Whitby · 2026
A single-day case study of three filings, fifteen refutations, and the manpage that wasn’t. Documents a disciplined pre-filing methodology using four commodity LLMs (DeepSeek-R1, Grok-4, GPT-5, Gemini 3) as adversarial reviewers, with an explicit empirical-verification gate between LLM verdict and submission. Fifteen candidate findings were refuted before filing, eleven methodology rules were banked, and two LLMs were caught hallucinating identical fictitious text from an OpenBSD manual page. Includes verbatim replies from Theo de Raadt. DOI: 10.5281/zenodo.20167726. ORCID: 0009-0008-4518-0064.

HTML · GitHub Markdown

Prepared with Claude (Anthropic) as assistive technology. See Acknowledgements. Use of AI assistive technology is consistent with the principles of the Equality Act 2010 (Sections 6, 15, 20–21).
2026
Paper

Spectral Complexity Screening for Binary Security Analysis

Independent Research · Whitby · 2026
A Random Matrix Theory approach to automated vulnerability triage in compiled binaries. Applies Wigner spectral statistics, SAT phase-transition backbone analysis, and cyclomatic complexity gating to reduce a 335-binary macOS corpus to 12 candidates (96.4% reduction) for deeper analysis. Four-stage pipeline (C1 SAT backbone → C2 RMT spectral screen → C3 dataflow templates → C6 symbolic taint) with full theoretical grounding and empirical false-positive taxonomy. DOI: 10.5281/zenodo.19855615. ORCID: 0009-0008-4518-0064.

HTML · PDF · GitHub Markdown

Prepared with Claude (Anthropic) as assistive technology. See Acknowledgements. Use of AI assistive technology is consistent with the principles of the Equality Act 2010 (Sections 6, 15, 20–21).
2026
Disclosure

OSPFD-001: OpenBSD ospfd — Missing minimum-length check on embedded lsa.len

OpenBSD · bugs@openbsd.org · 18 May 2026 (reported); fixed in -current 19 May 2026
Length-prefixed binary parser in recv_ls_update() validated that the wire data was long enough to hold the declared lsa.len bytes, but did not first check that lsa.len was at least sizeof(struct lsa). An OSPFv2 broadcast-domain attacker could send a crafted LS Update packet with an artificially small lsa.len, causing the daemon to operate on an undersized LSA structure and potentially corrupt routing-table state. Fixed by Claudio Jeker (cjeker@) in commit 8b667af, the day after the report.

Full Disclosure · Commit 8b667af

Status note: Reported 18 May 2026; fixed in OpenBSD -current within 24 hours by Claudio Jeker.
2026
Disclosure

OSPF6D-001: OpenBSD ospf6d — Incorrect length arithmetic in lsa_check() allows oversized LSA to reach lsa_get_prefix()

OpenBSD · bugs@openbsd.org · 18 May 2026 (reported); fixed in -current 19 May 2026
Missing parentheses in a length calculation inside lsa_check() for LSA_TYPE_INTER_A_PREFIX passed a too-large length to lsa_get_prefix(). Pre-auth network-reachable, on the same OSPFv3 broadcast domain. A textbook operator-precedence error in a network parser. Fixed by Claudio Jeker in commit 8d24b51, acknowledged in the commit message: “Reported by Stuart Thomas OK tb@ deraadt@”.

Full Disclosure · Commit 8d24b51

Status note: Reported 18 May 2026; fixed in OpenBSD -current within 24 hours by Claudio Jeker.
2026
Disclosure

SNMPD-001: OpenBSD snmpd / libagentx — uint32 overflow in ax_pdutostring() padding guard

OpenBSD · bugs@openbsd.org · 18 May 2026 (reported); fixed in -current 21 May 2026
Integer overflow in an AgentX bounds check — an attacker-supplied aos_slen = 0xFFFFFFFF wraps the (aos_slen + 3) & ~3U padding guard to zero, bypassing the bounds check. Crash only; AgentX socket must be admin-enabled and the caller must have permission, so exploitability is genuinely limited. Critically: the bug was introduced and corrected entirely within the OpenBSD development tree. No release version was ever vulnerable. Fixed by Martijn van Duren (martijn@) on the day of disclosure.

Full Disclosure · Commit 19a7e1e

Status note: Published for completeness and as evidence of audit methodology, not as a warning to system administrators running stable releases — no released OpenBSD shipped the vulnerable code.
2026

OpenBSD Kernel: ELF Exec Pinsyscall Table Corruption

OpenBSD · Reported to Theo de Raadt
A binary without a PT_LOAD exec segment would read a pinsyscall table and damage it. Fix: fail the execve with EINVAL. Committed by deraadt, reviewed by guenther.   Commit
2026

OpenBSD Kernel: Unveil Override Behaviour & Documentation Fix

OpenBSD · Question to Theo de Raadt
Before unveil is disabled, it allows overriding settings on any vnode. Dead code removed, misleading manual page wording corrected. Committed by deraadt, reviewed by beck.   Commit
2004

NHS Approved Cryptographic Algorithms — Good Practice Guidelines

NHS Connecting for Health (Co-author)
National standard for the NHS, sourced from NIST SP publications. Referenced in academic literature and healthcare infrastructure documentation. Still in use.
2006

Security Analysis: ActivCard Contactless Smart Card Air-Gap

Author
Independent security research in NFC/RFID architecture and contactless payment systems. Available on request.
2005
Updated 2026

Why SQL Injection Won't Go Away

GIAC GSEC · SANS Institute
Cited in Wikipedia: SQL Injection.   Markdown · PDF · GitHub
2005
Updated 2026

ICMP Crafting and Related Issues

GIAC GSEC · SANS Institute
Cited in Wikipedia: ICMP Tunnelling.   Markdown · PDF · GitHub
Open Source

Tools I’ve built and shipped.

2026

NTAG 424 DNA SDK for macOS

Swift · C · AGPL v3 · Zero Dependencies
The first native macOS SDK for NXP NTAG 424 DNA NFC authentication. Full EV2First mutual authentication, Secure Dynamic Messaging (SDM), AES-128-CMAC verification, and complete key management. 2,145 lines. Built on CryptoTokenKit — no third-party dependencies.

GitHub · Live Platform
2026

Metis — binary vulnerability triage toolchain

Python · angr · Z3 · MIT-style · macOS / Linux / Windows
A five-stage research pipeline for triaging compiled binaries: backbone-fraction path prioritisation by SAT constraint hardness (C1), Random-Matrix-Theory spectral anomaly screening on the call graph (C2), SSA dataflow template matching (C3), symbolic taint with PoC synthesis via angr and Z3 (C6), and on-device validation under subprocess, LLDB or DTrace (C7). The cheap stages prune the working set so the expensive stages finish.

Project page · GitHub
2026

Poppy — XPC observability & fault injection for macOS arm64e

Python · DTrace · Frida · Objective-C · MIT · macOS
Frida instrumentation and DTrace probes paired into a unified JSONL trace pipeline for analysing XPC daemon behaviour on Apple Silicon — where Pointer Authentication has made static call graphs unreliable. Ships XPC handler tracing, entitlement-check monitoring, controlled fault injection, anomaly detection, coverage diffing and entitlement mapping.

Project page · GitHub
2026

Penfold — OpenBSD-shaped vulnerability hunting toolkit

Python · libclang + NumPy/SciPy + NetworkX · BSD-2-Clause · OpenBSD / Linux
Five-stage Python pipeline extracted from a 13-day OpenBSD vulnerability-research campaign: recon (Marchenko-Pastur spectral ranking on call graphs), verify (OpenBSD canary-aware stack-frame analysis on shipped binaries), disclose (pre-send hallucination filter, ten verifiers, the same one from The Calculator Discipline), harness (*_verify.c skeleton generator + BSD-side network primitives), orchestrator (state-file pipeline driver). Walked-back ranking experiments ship alongside survivors with per-tool post-mortems.

Project page · GitHub
Background

Where I’ve worked, what I hold.

Industry

Consultant Engineer & Security Practitioner
PwC · Oracle · Deloitte · NHS · TfL · LSE · Sony PlayStation · Reuters · PAREXEL · Worldwide Clinical Trials · Aegon · BSkyB / Sky Bet · Harrods · Boots / Walgreens · William Hill · Learndirect
Data Privacy & DPO Consultant
DPO Interim Ltd · 2020–2023
Now
Independent research · pro bono only · written enquiries

Certifications

CIPP/E
IAPP
GIAC GSEC
SANS Institute
CiSMP (Distinction)
BCS
CCNA
Cisco
C-GDPR-P
IT Governance
PRINCE2
AXELOS

Specialised Training

AI Ethics & Responsible AI
Alan Turing Institute / Linux Foundation
Ethical Hacking & Penetration Testing
Practical Red Team
Smart Card & NFC Security
Gemalto / NXP
Cryptographic Key Management
Thales HSM

Education

Professional Certificate in Management
Open University (Level 6)
ICT
Open University (Level 5)
Certificate in Legal Studies
Open University (Level 4)

Programs

Anthropic Cyber Verification Program
Approved April 2026 · dual-use security research
Policy

How I disclose — and why.

What I aim for. Around 90 days from filing to public disclosure — the coordination window Google Project Zero established in 2014 and most of the industry now follows. Long enough for a careful fix. Short enough to keep the conversation moving.

What this is not. A service-level commitment. I work pro bono, at the pace my health and capacity allow. Some of my filings have moved faster than 90 days. Some have moved slower. I try to be honest about which is which, and to keep the affected vendor informed throughout.

When a vendor stays engaged. I extend the window if there is a good reason and a credible new date. Most vendors I have worked with are professional people doing difficult work; if they need more time, they get it.

When a vendor goes quiet. I publish anyway. Calmly, with the timeline shown, the vendor reference quoted, and the patch status as I last understood it. Silence is not a veto. The point of the 90-day norm is that it is one-sided in exactly this case.

What I never do. Give zero-days to anyone. Sit on a finding indefinitely waiting for a patch that is not coming. Let a vendor decide when my research goes public.

For vendor bug-bounty programmes I follow the programme’s own disclosure terms and CVE coordination process. For everything else, the above is the practice.

This site uses no cookies or tracking. Server logs only. Privacy Notice