About

This site is a place where I share my thoughts and discoveries, mostly technology-related, but not limited to.

Work

I work at Trail of Bits where I enjoy solving hard security problems.

Posts

• hxp 39C3 CTF: slop writeup - January 6, 2026
• Hacking Blind Revisited - January 31, 2021

External

• Fuzzing between the lines in popular barcode software (blog.trailofbits.com) - October 31, 2024
• Enhancing trust for SGX enclaves (blog.trailofbits.com) - January 26, 2024

Vulnerability Disclosures

Selected vulnerabilities I found and reported.

• Coder - OIDC authentication allows email with partially matching domain to register
  Details: GHSA-7cc2-r658-7xpf | CVE-2024-27918

• Western Digital G-Technology ArmorLock NVMe SSD - Insecure Key Storage Vulnerability
  Details: WDC-21003 | CVE-2021-28653

Other Publications

• Application Security Weekly Podcast #336 - Fuzzing

• Echidna: effective, usable, and fast fuzzing for smart contracts
  Gustavo Grieco, Will Song, Artur Cygan, Josselin Feist, Alex Groce
  ISSTA 2020: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis

• Paged Out! #2
  Page 15 - “Ad-hoc workspaces with nix-shell” - https://pagedout.institute

Connect

Places on the Internet where you can find me:

• Twitter: arturcygan
• GitHub: arcz