mirror of
https://github.com/JGoyd/JGoyd.git
synced 2026-06-25 13:10:00 +02:00
Joseph R. Goydish II
12 KiB
12 KiB
Phase 1 — Full Claim Inventory
Author: Joseph R. Goydish II
Sources parsed: github.com/JGoyd (97 repos), JGoyd/Running-Ledger, JGoyd/JGoyd private profile repo (anchor.txt, anchor2.txt), JGoyd/README.md profile repo, NVD CVE + CVE-History APIs, cisagov/vulnrichment issues #194/#200/#201, public press (BBC/Reuters on OLAF/Mandelson).
Verification status legend: A externally confirmed by neutral third party · B partially corroborated (name in reference chain, timing consistent) · C self-asserted, plausible but unverified publicly · D contradicted by public record or attribution belongs to others.
Discrepancies surfaced during inventory — fix these before publishing anything new:
- Two PGP fingerprints in circulation.
Running-Ledger/README.mdandrunning-ledger.txtdeclare4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11.JGoyd/JGoyd/anchor.txt,anchor2.txt, anddropsrepo description declare6DCB 4235 1237 A98B B474 0070 B36F FC36 1AE5 DAF6. Pick one canonical signing key, or publish a signed cross-attestation linking the two. Until then any external verifier will reject the chain.running-ledger.txt.ascis 0 bytes in the public repo — the canonical detached signature is empty. The ledger is effectively unsigned right now.- Lithuania receipt hash mismatch. Running-Ledger row lists SHA-256
603409F4…2BC17Dfor the Lithuania case01-1-03450-26, butanchor2.txtrecords the Lithuania receipt as2d1d18f3…995b31. The6034…hash is the Slovakia receipt hash from the row above. Reconcile.
Track B — Cybersecurity / Vulnerability Research
| ID | Claim Type | Subject | My Claimed Role (current public framing) | Date | External References Currently Visible | Verification | Notes |
|---|---|---|---|---|---|---|---|
| B-01 | CVE / CVSS reassessment | CVE-2025-24085 (CoreMedia UAF) | Implied "discoverer/analyst" via Glass-Cage repo | NVD pub 2025-01-27; rescore 2025-11-12 by ADP 134c704f-9b21-4f2e-91b3-4a467353bcc0 | NVD record cites github.com/JGoyd/Glass-Cage-… and cisagov/vulnrichment#194 as references; CISA ADP rescored to CVSS 10.0 hours after closing issue #194 |
A (for enrichment contribution); C (for original discoverer) | Apple's own credit line points elsewhere; JGoyd contribution is impact reassessment, not original discovery. Use precise role wording. |
| B-02 | CVE / CVSS reassessment | CVE-2025-24201 (WebKit OOB write) | Same as above | NVD pub 2025-03-11; rescore 2025-11-12 by ADP | NVD lists JGoyd repo + vulnrichment#194 as third-party advisory + issue tracking; CISA ADP added Secondary CVSS 10.0 | A enrichment; C discovery | Apple credits the original reporter in support.apple.com/en-us/122281; JGoyd is not on that credit. |
| B-03 | CVE / CVSS reassessment | CVE-2025-31200 (CoreAudio decode RCE) | "Chain reconstruction + impact reassessment" via iOS-Attack-Chain repo | NVD pub 2025-04-16; rescore 2025-11-24 by ADP | NVD CVE-History entry 2025-11-24T15:15:47.917Z shows ADP added both CVSS vector AND references to cisagov/vulnrichment#200 AND github.com/JGoyd/iOS-Attack-Chain-…/Remote%20Crypto%20Attack%20Chain%20.md in the same write |
A (strongest in the dataset) | This is the cleanest external anchor: a single ADP atomic action ties JGoyd's submission to the CVSS reassessment. |
| B-04 | CVE / CVSS reassessment | CVE-2025-31201 (PAC bypass) | Co-component of B-03 chain | NVD pub 2025-04-16; rescore 2025-11-24 by ADP | NVD lists JGoyd repo + vulnrichment#200 as ADP-sourced references | A enrichment; C discovery | Apple credit goes to original reporter; JGoyd contribution is chain analysis + CVSS. |
| B-05 | CVE / CVSS reassessment | CVE-2025-43300 (ImageIO OOB) | Chain context via vulnrichment#201 | NVD pub 2025-08-20; rescore 2025-11-26 | NVD references cisagov/vulnrichment#201 (ADP-sourced); JGoyd repo not (yet) listed on this CVE |
B | Weaker than B-03; only the vulnrichment issue is on NVD, not a JGoyd repo. The actual exploit PoC reference on NVD is b1n4r1b01/n-days, not JGoyd. |
| B-06 | CNVD certificate | CNVD-2025-06744 / CNVD-YCGO-202503023656 "Apple iOS/iPadOS buffer overflow" | "Certified reporter" | 2025-03-18 | None published; certificate held offline by author; SHA-256 anchored in ledger | C | Publish the CNVD certificate PDF (redacted) + agency confirmation header. Until then strictly self-asserted. |
| B-07 | CNVD certificate | CNVD-2025-07885 / CNVD-YCGO-202504012519 "Apple memory reuse" | "Certified reporter" | 2025-04-22 | None published | C | Same as B-06. |
| B-08 | MSRC case | MSRC #112639 — M365 cross-tenant MIME type-confusion | "Reporter, defensive advisory published" | 2026-04-08 | JGoyd/m365-mime-type-confusion repo (self-controlled) |
C | Strong candidate to upgrade to A as soon as the MSRC confirmation email is published with full headers. CVE assignment "pending" — track for status. |
| B-09 | NASA TLS misconfig disclosure | webhosting-external.jpl.nasa.gov cert chain |
"Discloser" | 2025-04-22 | None public | C | Probably has a NASA/JPL acknowledgement email — publish headers. |
| B-10 | DOE-417 / NNSA | Electric emergency report | "Filer" | 2025-12-25 | None public; anchor2.txt references DOE HQ EOC reply |
B | The "DOE-417" form is a regulatory filer-side report — publishing the EOC acknowledgement (headers + reply text, redacted) elevates this to A. |
| B-11 | Apple silicon / hardware research | Many repos (A16-FuseBypass, A17-Flaw, A18-AON_Design, A19-Runaway, dfu-hardware-gap-cs35l2, Apple-Silicon-A17-Flaw, Broadcom_Vuln, Project-Eclipse, NeuralNet, ams-failopen, ios-trust-collapse, iOS-Companion-Link-RCE, iOS-26.2-runningboard-vuln, iCloud-PCS-Corruption, Silent-ADP-Failure, ShadowShells, etc.) | Implied "discoverer" / "analyst" — language varies by repo | 2025-2026 | None of these claims have NVD/CVE entries naming JGoyd; many describe behaviors Apple has not publicly confirmed | C for all, with a few descending to D when the described phenomenon is contradicted or already attributed elsewhere | These are the highest-risk repos for skeptic pushback. Each one needs either a vendor acknowledgement, a CVE assignment, or an explicit "forensic observation, not a vendor-confirmed finding" framing. |
| B-12 | "iDrive-Exfil" / FBI IC3 | IC3 submission 067b3177c3524c80bce02cca08064d11 |
"Filer" | 2026 | IC3 confirmation page only (self-shown screenshot) | C | IC3 confirmation IDs are not externally queryable; only the email header proves it. |
| B-13 | Cloudflare abuse report | JGoyd/datalytic-shadow-collectors |
"Filer" | 2026-05-18 | Cloudflare abuse confirmation email (not yet published) | C |
Track A — Government / Law Enforcement / Regulatory Filings
| ID | Filing Venue | Subject | My Claimed Role | Date | External References Currently Visible | Verification | Notes |
|---|---|---|---|---|---|---|---|
| A-01 | SEC TCR | Submission #17780-976-067-126 |
"Filer" | 2026-05-06 | None public (TCR submissions are confidential by SEC policy) | C today; B once intake email headers published | SEC TCR receipts are DKIM-signed by sec.gov. Publishing the redacted receipt with headers gets you to B (filed-and-received, not adjudicated). Adjudication never goes public unless an enforcement action is brought. |
| A-02 | IRS Form 211 (IRC §7623(b)) | Southern Trust / Financial Trust / Epstein Estate | "Filer" | 2026-05-06 | None public | C → B with redacted IRS Whistleblower Office confirmation | IRS Form 211 acknowledgements are mailed paper-letter style with a claim number; if you have only email/CMS receipt, publish that; if you have paper, scan + hash + sign. |
| A-03 | DOJ / FARA Public | Karim Wade / Macky Sall / Epstein-funded lobby | "Filer" | 2026-05-05 | None public; FARA Unit confirmations come from fara.public@usdoj.gov |
C → B with email headers | |
| A-04 | OLAF | Ref #00Db00K8yP.!500Sk019RuGn — Mandelson / Carbyne concealment |
"Filer" | 2026-05-04 | Topic publicly confirmed: OLAF did open an investigation into Mandelson (BBC, Reuters, 2026-02-26 / 2026-04-24). User's submission is post-investigation-opening — frame as supplemental disclosure, not as cause. | B (topic exists publicly, user's specific submission verifiable only via OLAF intake email) | Strong candidate flagship Track-A case: agency reference number + publicly confirmed parallel investigation. |
| A-05 | Singapore CPIB | Tracking ID 69f824dfe5ef7daf3b78ccee |
"Filer" | 2026-05-04 | None public | C → B with CPIB form receipt email/PDF (DKIM cpib.gov.sg if email) |
|
| A-06 | FCA UK | Bank of China (UK) Limited — Case Ref #212278528 |
"Filer, advisory acknowledged" | 2026-05-11 | None public | C → B with FCA acknowledgement (DKIM fca.org.uk) |
|
| A-07 | Japan ISA | ICRRA Art. 70-1 visa-fraud referral re: Epstein/Joi Ito/Loftwork | "Filer" | 2026-05-13 | None public | C → B with ISA confirmation email | Note jurisdictional sensitivity. |
| A-08 | Slovakia genpro.gov.sk | "Potvrdenka po úplnom overení" — Tracking 260428070422263 |
"Filer, verified" | 2026-04-28 | genpro.gov.sk electronic-services portal issues machine-signed PDF receipts (Pouzivatelska_prirucka_ESGPSR_v3_27.pdf) |
B | The receipt PDF itself is a strong artifact — it's PAdES/CAdES-signed by the prosecutor's office. Publish the redacted PDF + the embedded signature → verifiable in any PAdES verifier; that gets you to A. |
| A-09 | Lithuania Panevėžio OTNK skyrius | Pre-trial investigation 01-1-03450-26; doc reg. IBPS-S-248320-26 |
"Submitted info accepted into case file" | 2026-04-30 | None public; receipt held offline | B-equivalent if the receipt PDF is e-signed by the prosecutor's IBPS system | Strongest Track-A flagship candidate. A government prosecutor confirming material entered a numbered criminal case file is the gold standard for the "agency-controlled anchor" framing in the task description — provided the receipt is e-signed. Hash mismatch (see top of doc) must be fixed before publishing. |
| A-10 | Taiwan NCC | Decision ref 通傳基礎決字第11500091980號 — Taiwan Mobile relay-mesh complaint forwarded |
"Filer; complaint forwarded" | 2026-03-24 | None public, but NCC decision letters use a public docket numbering scheme | B | Strong: NCC letterhead, formal decision number. Verifiability: photograph/scan of letter + hash; ideally OCR + cross-check the doc number with NCC public docket if available. |
| A-11 | Massachusetts AGO | MIT Media Lab governance complaint | "Filer" | 2026-05-05 | None public | C | AGO complaints rarely produce a strong public anchor unless docketed. |
| A-12 | NASA disclosure (Track-B-adjacent, agency-side) | TLS cert chain for webhosting-external.jpl.nasa.gov |
"Discloser" | 2025-04-22 | None public | C | Cross-listed at B-09. |
Summary counts
- Track B: 5 CVEs in NVD where CISA ADP cited JGoyd-controlled URLs (B-01..B-05). Of those, B-03 (CVE-2025-31200) has the cleanest atomic external anchor (single ADP write attaches both the new CVSS vector and the JGoyd repo URL).
- Track B: 2 CNVD certificates held offline (B-06, B-07) — currently C-tier.
- Track B: 1 MSRC case (B-08) — high value, pending publication of headers + any CVE assignment.
- Track B: 1 NASA, 1 DOE-417, 1 FBI IC3 — each requires email-header proof to upgrade.
- Track B: ~15 hardware/iOS-research repos at C — these are the highest-risk for skeptic challenge unless reframed as "forensic observations, not vendor-confirmed findings."
- Track A: 12 filings. Flagship is A-09 Lithuania (criminal case file number) backed by A-08 Slovakia (e-signed receipt) and A-04 OLAF (publicly confirmed parallel investigation).
Repos that are NOT claims but supporting infrastructure
JGoyd/JGoyd(private) — PGP key + anchor.txt + anchor2.txt + OpenTimestamps.otsfiles. This is the closest thing to an existing canonical profile. Move its content to a public canonical page; keep the OTS files alongside.JGoyd/drops(private) — described as "Bitcoin-anchored declarations". Inventory the BTC tx IDs and publish them with OpenTimestamps proofs.JGoyd/Running-Ledger— replace with rebuilt schema (Phase 6).