160: Greg

July 1, 2025

97 min episode · 2 min read

Episode

97 min

Read time

2 min

AI-Generated Summary

Published Jan 1, 2026

Key Takeaways

✓Early vulnerability discovery: Manual fuzzing involves opening files in hex editors, modifying values outside normal parameters (like changing font size from 1638 to 9999), then testing in debuggers like Ollie to identify crashes that enable arbitrary code execution through memory manipulation and pointer control.
✓Layer two network attacks: ARP poisoning, DHCP spoofing, and man-in-the-middle attacks remain effective penetration testing methods decades later. These techniques capture plain-text credentials during login downgrades from HTTPS to HTTP, providing initial access to employee accounts containing building codes, badge IDs, and onboarding documentation.
✓Physical security bypass methodology: Clone RFID badges using Proxmark devices placed behind legitimate readers, map camera locations via Bluetooth signal strength measurements, exploit default passwords in legacy Access camera systems (firmware from 2005), then manipulate brightness/contrast values to 255 or zero programmatically to create blackout effects during infiltration.
✓Social engineering through observation: Walking building perimeters during tours reveals critical intelligence: balcony access points near trees, server room locations relative to entry points, and high-value assets like art collections. Combining this reconnaissance with stolen credentials and cloned badges enables after-hours access without triggering human security responses.
✓Microsoft Office zero-day hunting: Attach debuggers to applications, modify document files at binary level in hex editors, then test for crashes with controlled data pointers. However, verify exploits work without debuggers attached, as Microsoft implemented debug-only code paths specifically to catch security researchers using this exact methodology.

What It Covers

Greg Glenerys shares his journey from teenage hacker arrested at 14 for creating grade-changing malware to professional penetration tester, including discovering zero-day vulnerabilities in Microsoft Office 2007 and executing elaborate physical security breaches at major tech companies and venture capital firms.

Key Questions Answered

•Early vulnerability discovery: Manual fuzzing involves opening files in hex editors, modifying values outside normal parameters (like changing font size from 1638 to 9999), then testing in debuggers like Ollie to identify crashes that enable arbitrary code execution through memory manipulation and pointer control.
•Layer two network attacks: ARP poisoning, DHCP spoofing, and man-in-the-middle attacks remain effective penetration testing methods decades later. These techniques capture plain-text credentials during login downgrades from HTTPS to HTTP, providing initial access to employee accounts containing building codes, badge IDs, and onboarding documentation.
•Physical security bypass methodology: Clone RFID badges using Proxmark devices placed behind legitimate readers, map camera locations via Bluetooth signal strength measurements, exploit default passwords in legacy Access camera systems (firmware from 2005), then manipulate brightness/contrast values to 255 or zero programmatically to create blackout effects during infiltration.
•Social engineering through observation: Walking building perimeters during tours reveals critical intelligence: balcony access points near trees, server room locations relative to entry points, and high-value assets like art collections. Combining this reconnaissance with stolen credentials and cloned badges enables after-hours access without triggering human security responses.
•Microsoft Office zero-day hunting: Attach debuggers to applications, modify document files at binary level in hex editors, then test for crashes with controlled data pointers. However, verify exploits work without debuggers attached, as Microsoft implemented debug-only code paths specifically to catch security researchers using this exact methodology.

Notable Moment

After three days of continuous work with his entire team sleeping under desks to find a vulnerability and save the company's reputation, Greg discovered a legacy integer overflow in Microsoft Visio that bypassed SafeInt protections, forcing a Microsoft developer to return from vacation to address the critical security flaw.

Know someone who'd find this useful?