Skip to content
View JGoyd's full-sized avatar
:atom:
Is this the matrix or a SOC 2 audit ?
:atom:
Is this the matrix or a SOC 2 audit ?
102 followers · 0 following

Achievements

Achievement: Pull SharkAchievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: Quickdraw

Achievements

Achievement: Pull SharkAchievement: Pair ExtraordinaireAchievement: Starstruckx2Achievement: Quickdraw

Block or report JGoyd

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
JGoyd/README.md

Joseph R. Goydish II

Public-interest technical record, evidence preservation, and signed activity ledger.

This profile indexes public records, signed ledger entries, submissions, receipts, hashes, and supporting artifacts that can be checked independently. The strongest current anchors are two CNVD/CNCERT certificate exhibits naming Joseph Goydish as contributor for Apple vulnerability records, plus a five-CVE CISA/NVD rescore trail tied to public vulnrichment filings.

Canonical Record

Browser landing page: https://jgoyd.github.io/JGoyd/

Anchor index: https://jgoyd.github.io/JGoyd/anchors/

GitHub's repository file view displays HTML source. Use the Pages links above for the rendered page.

Public Anchors

Anchor What the record shows Proof path
CNVD/CNCERT certificates Two Apple vulnerability certificate records name Joseph Goydish as contributor: CNVD-2025-06744 and CNVD-2025-07885 anchors/
CISA/NVD rescore trail Five Apple CVEs on public scoring-history trail: three CVSS 10.0 and two CVSS 9.8 anchors/cisa-nvd-vulnrichment-rescore/
CERT/CC chronology VINCE case timing predates relevant Apple advisories in the public chronology anchors/certcc-vince-chronology/

Public Technical Anchors

Record Date Contributor / filing Public status
CNVD-2025-06744, Apple iOS / iPadOS buffer overflow 2025-03-18 CNVD-YCGO-202503023656 names Joseph Goydish CNVD/CNCERT certificate exhibit
CNVD-2025-07885, Apple memory reuse 2025-04-22 CNVD-YCGO-202504012519 names Joseph Goydish CNVD/CNCERT certificate exhibit
CVE-2025-24085 2025-01-27 cisagov/vulnrichment#194 CVSS 10.0 public rescore trail
CVE-2025-24201 2025-03-11 cisagov/vulnrichment#194 CVSS 10.0 public rescore trail
CVE-2025-43300 2025-08-20 cisagov/vulnrichment#201 CVSS 10.0 public rescore trail
CVE-2025-31200 2025-04-16 cisagov/vulnrichment#200 CVSS 9.8 public rescore trail
CVE-2025-31201 2025-04-16 cisagov/vulnrichment#200 CVSS 9.8 public rescore trail

The record supports a narrow chronology: CERT/CC VINCE timing before relevant Apple advisories, followed later by public CISA/NVD scoring-history activity tied to public filings.

Signed Ledger

The ledger is the public index, not the whole archive. It records:

Evidence class What it can establish
Public anchors CNVD/CNCERT records, NVD/CISA records, public repositories, public advisories
Submission and receipt evidence Agency intake, reference numbers, ticket IDs, e-signed receipts, DKIM-valid messages
Local integrity evidence SHA-256 hashes, signed notes, detached signatures, archive references

Verify

OpenPGP fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
GitHub account:       https://github.com/JGoyd
Primary ledger:       Running-Ledger repository
Identity attestation: ./canonical/identity-attestation.txt.asc

gpg --keyserver hkps://keys.openpgp.org --recv-keys 4A041F506D894F5EE391743864878B56A2EB2D11
gpg --fingerprint --keyid-format long 4A041F506D894F5EE391743864878B56A2EB2D11
# Run this from a checked-out copy of the Running-Ledger repository:
gpg --verify running-ledger.txt.asc running-ledger.txt

A good signature verifies authorship of the ledger file. Each underlying claim still has to be checked against its cited public record, receipt, header, reference number, or hash.

Operating Line

  • Public records are separated from submission receipts.
  • Agency acknowledgement means receipt or intake, not adjudication.
  • DKIM/e-signed messages establish provenance of a message or receipt, not the truth of every submitted allegation.
  • Sensitive packet bodies, credentials, private keys, exploit code, and unpublished raw evidence are not published here.

Contact

Joseph R. Goydish II
Secure channel: esq.jg.legal@proton.me
PGP: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11

Pinned Loading

  1. iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 Public

    CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati…

    198 29

  2. Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Public

    Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) t…

    36 8

  3. ZombieHunter ZombieHunter Public

    Python 9 1

  4. BroadScope BroadScope Public

    2

  5. MapleDrop MapleDrop Public

    2

  6. A18-AON_Design A18-AON_Design Public

    Structural disclosure of the Apple A18 die trust topology flaw (AOP2 / Exclave bridge)

    3