---
date: 2013-01-01T21:40:56-05:00
draft: false
title: "Who is this guy?"
url: "/about/"
comments: false
type: about
---

I am Parsia, I try to do application security most days. I am currently taking a
sabbatical and doing some contract work.

**2024-Present**: Senior Offensive Security Engineer at Microsoft. 

**2022-2024**: Sabbatical. Dev contract work for a static analysis tool that
automatically generates an OpenAPI spec from the backend source code. Some
security research, mainly static analysis and Rust. See
[Personal Semgrep Server in Rust][sem-server],
[semgrep-rs: Rust crate to interact with Semgrep][semgrep-rs], and
[some tree-sitter stuff][tree-sitter].

[sem-server]: https://github.com/parsiya/personal-semgrep-server
[semgrep-rs]: https://github.com/parsiya/semgrep-rs
[tree-sitter]: https://parsiya.net/categories/tree-sitter/

**2019-2022**: Senior Security Engineer at [Electronic Arts][ea-security]. I
worked on many internal and external product (mostly videogames) and services.
[Realistic video of me hacking videogames at work][game-testers-youtube].

[ea-security]: https://www.ea.com/security
[game-testers-youtube]: https://www.youtube.com/watch?v=BRWvfMLl4ho

**2013-2019**: Associate Consultant to Senior Security Consultant at
[Synopsys Software Integrity Group][sig-website] via the 2016 Cigital acquisition.

[sig-website]: https://www.synopsys.com/software-integrity.html

**Major Presentations**

* DEF CON 26 Main Track: Tineola Taking a Bite Out of Enterprise Blockchain
    * https://www.youtube.com/watch?v=xKYIde5jh_8
    * I guess I should add `DEF CON Speaker` to my LinkedIn title (lol).
* DEF CON 28 Appsec Village: localghost: Escaping Browser Sandbox Without 0-Days
    * https://www.youtube.com/watch?v=Cgl51ZcACLg&t=90

**Who is Hackerman?**

*Hackerman* is a character from the movie [Kung Fury][kungfury-youtube]. He is
the greatest hacker of all time and can hack people through time. He also hacks
with a Nintendo Power Glove like me.
[His cheesy hacking tutorial][hackerman-hacking-tutorial].

[kungfury-youtube]: https://www.youtube.com/watch?v=bS5P_LAqiVg
[hackerman-hacking-tutorial]: https://www.youtube.com/watch?v=KEkrWRHCDQU

{{< blockquote author="Anonymous Electronic Arts Vancouver Employee" >}}
"I trust this man, he has a power glove."
{{< /blockquote >}}

{{< imgcap title="I actually have a working Nintendo Power Glove." src="/images/power.jpg" >}}

**What is This Website?**

This website is my security research and notes. It doubles as my cheat sheet and
knowledge base along with [parsiya.io](https://parsiya.io). I look up pages or
send links to this website at least a few times every day. It's part of my
brand. You don't wanna be the other guy from Wham!

**What does "Don't be The Other Guy from Wham!" Mean?**

[Wham!][wham-link] was a popular UK music duo. Most people remember one of its
members, George Michael. No one remembers the other guy,
[Andrew Ridgeley][andrew-link]. Write a blog, don't be afraid to promote
yourself (if you have the time). It's worth it.

[wham-link]: https://en.wikipedia.org/wiki/Wham!
[andrew-link]: https://www.google.com/search?q=andrew+ridgeley

**Goals in Progress:**

- **Bug bounties**: I started the bug bounty game really late and mostly only
  work the occasional Windows desktop application.
    - My first and highest bounty to date: [$15,000 from PlayStation][psnow]
    - Hacker One profile: https://hackerone.com/parsiya
    - Bugcrowd profile (I have one bug there lol): https://bugcrowd.com/parsiya
    - If you have Windows desktop applications and especially videogames in your
      program, please invite me.
- **Go in security**: I have replaced Python with Go in my workflow.
    - https://github.com/parsiya/Hacking-with-Go
    - https://github.com/parsiya/Go-Security
    - https://github.com/parsiya/Parsia-Code
    - [https://parsiya.net/categories/go/](/categories/go/ "https://parsiya.net/categories/go/") 
- **Automation** (never done):
    - [https://parsiya.net/categories/automation/](/categories/automation/ "https://parsiya.net/categories/automation/") 
    - Borrowed Time: My project and note management app
        - https://github.com/parsiya/borrowedtime/
    - ESLinter: Burp extension to automatically extract and ESLint JavaScript
        - https://github.com/parsiya/eslinter

[psnow]: https://hackerone.com/reports/873614

**Done and Dusted:**

- Enterprise blockchain and [Hyperledger Fabric](https://www.hyperledger.org/projects/fabric) security:
    - **DEF CON 26 video**: https://www.youtube.com/watch?v=xKYIde5jh_8
    - My post on Synopsys' corporate blog: [Tineola: Taking a Bite out of Enterprise Blockchain](https://www.synopsys.com/blogs/software-security/tineola-enterprise-blockchain/ "Tineola: Taking a Bite out of Enterprise Blockchain")
    - Tineola the tool: https://github.com/tineola/tineola
    - Random posts as I learned: [https://parsiya.net/categories/blockchain/](/categories/blockchain/ "https://parsiya.net/categories/blockchain/")

**Gone to The Dogs:**

- In-memory fuzzing via binary instrumentation (aka traversing arbitrary
  assembly blobs over and over and over).
    - [https://parsiya.net/categories/winappdbg/](/categories/winappdbg/ "https://parsiya.net/categories/winappdbg/")