Security
Headlines
HeadlinesLatestCVEs

Headline

A Ride on the Wild Side with Hacking Heavyweight Sick Codes

Beverage of Choice: Krating Daeng (Thai Red Bull) Industry Influencer he Admires: Casey John Ellis What did you want to be when you grew up? A physician and nearly did Hobbies (Present & Past): Motorcycling & Australian Football Bucket List: Continuing to discover new software Fun Fact: He currently has 2,000 tabs open “People keep … A Ride on the Wild Side with Hacking Heavyweight Sick Codes Read More »

msrc-blog
#vulnerability#web#ios#android#mac#microsoft#git#zero_day#docker

Beverage of Choice: _Krating Daeng (_Thai Red Bull)

Industry Influencer he Admires: Casey John Ellis

What did you want to be when you grew up? A physician and nearly did

Hobbies (Present & Past): Motorcycling & Australian Football

Bucket List: Continuing to discover new software

Fun Fact: He currently has 2,000 tabs open

“People keep saying to me, ‘nah this is impossible…’. Then I’ll go do it anyway and be like alright, it’s actually possible.”

Roaring through the streets of Thailand helmetless on his motorcycle wearing nothing but shorts and sandals is the perfect depiction of the controlled chaos that is Sick Codes. Sick is an electric factory; his energy is unmatched and won’t go unnoticed. A man who is defined by living life on the edge, thinking outside of the box and some mighty impressive hacking!

It all began in Australia where he grew up. In the 3rd grade he got his hands on the classroom computer and proceeded to install the original Soldier of Fortune and other adult rated games, hiding them within thousands of folders to evade deletion. His inability to follow the rules got him banned from using the class computer, and such bans became a trend for Sick.

Fast forward to high school where he was up against a lifetime ban from eBay. Unphased and agitated, he stood up his own online stores and carried about his business, on his own. A rude awakening came his way in the form of “some nation state cyber army” carding at checkout on his stores, having one of his hundreds of sites defaced as a result. This would be the beginning of Sick’s security trajectory. For him, the silver lining of getting hacked was a fire that ignited in him, a burning desire to uncover how things happen the way they do. This curiosity was now permanently engrained in his being, always reading between the lines, inspecting all software he uses, and rejecting the notion that something is impossible. The curiosity was so strong, Sick now devotes significant time discovering zero-day vulnerabilities in many software projects, including several Microsoft Azure Open-Source projects.

If you’ve met the man, you would never expect he wanted to pursue a relatively tame career path as an aspiring medical professional. However, unpredictable by nature, Sick seeks out excitement and prefers to live on the edge, or slightly over it. Roughly 10 years ago Sick left his home country for the rest of the World. He says he’s been to around 40 countries now, and his time in Sur America was his favorite, but also the furthest thing from tame, more like a blur of hedonism mixed with getting really, really good at code, computers, and attacking both of those. While wild, it was also formidable for his hacking career having committed 10-18 hours a day, sometimes up to 30 hours straight, racking up vulnerabilities and beginning to master the art of “cyber-warfare”. Apart from offensive cyber security, he was also able to learn Spanish.

Wishing to remain anonymous and seemingly never in one place, it was about time his work put him on the map. Sick said the turning point in his career was when the acting secretary for Homeland Security gave him a ‘shout out’ for discovering large security holes in the Android TV manufacturer, TCL. The vulnerabilities he discovered in 2020 on the Android Smart TVs made him a mainstay, wreaking havoc in the field of security research.

Sick admittedly was not exactly an angel growing up, however he has now, “changed his ways” for the better. He now only performs good faith security research and is an approachable ethical hacker that provides resources for those who, like him, are also acting “in good faith”. Moreover, Sick helps co-maintain a Repositor_y of Legal Threats Against Security Researchers on GitHub_ with the goal of educating organizations on the benefits (and harsh realities) of ethical hacking, while helping researchers stay on the right side of the law. While a bit of a rebel, people respect his work and he’s built a vast community to show for it.

Sick has what he describes as an innate obligation to show others the ropes, having once been reliant on free software. Now he is a stern advocate for free software and a well-rounded coder, with very large GitHub following, and throughout the security research community. His Docker-OSX open-source project on GitHub has nearly 25,000 stars, over 400,000 downloads, and he personally maintains another 20+ packages, with thousands of contributions, and counting. His influence continues on Twitter and Discord where he keeps other researchers on the edge of their seats awaiting his next major breakthrough and thousands of followers in the loop about his package updates, project developments, feedback, and support.

Not listening to others when told how to be or what to do, Sick embodies the mindset of a hacker. With some style points and a devilish grin on his face he is motivated to expose anything that isn’t right in the research space, targeting the most highly used products and industries. If your local McDonalds soft-serve machine is out of service, you may have a bone to pick with Sick. Microsoft made his hit list as well, and he is quickly moving up the MSRC 2022 Most Valuable Researcher (MVR) Azure Leaderboard with at least five valid vulnerability reports submitted in the past year, and achieving Top 10 positions for Azure Cloud security, which he says he is very proud of. The contributions don’t actually stop there, with dozens of newsworthy findings showcased on his website, and plenty more to come knowing Sick.

Speaking of… Sick stole the show at this year’s DefCon with his viral tractor hack. In his most notable exploit and demo yet, he broke into a widely used agricultural touch screen terminal, gaining root access, and eventually crafting a crude jailbreak that went absolutely viral. To top that off, he reconfigured the console to run a modified tractor-themed version of the 90’s shooter game Doom. His passion is pushing computers to their limits, and there’s no denying that going against the grain was the right path for Sick. While the tables have turned, some things just never change.

msrc-blog: Latest News

Securing AI and Cloud with the Zero Day Quest