Below are a collection of the more interesting security investigations/issues I have worked on / discovered over the years (that have been made public) that did not scale out to be projects by themselves (like onionscan or evoting)
This flaw allowed any websites dropped into an Obsidian Canvas to add/delete/modify any file in the loaded vault. Creation of files is limited to .md files, but editing includes .canvas files. Because open and new URIs auto-open files in Obsidian this allows a single corrupted website to effectively chain spawn multiple malicious URI processes.
I recently disclosed several security and privacy vulnerabilities in Thunderbird. At worst these vulnerabilities can by exploited by an adversary with access to a collection of intercepted encrypted messages to trick Thunderbird into decrypting any given message and sending the resulting plaintext back to the adversary. This attack worked with Thunderbird default configuration, i.e. even when load remote resources are disabled
In 2017 I was contracted to conduct research into the security and privacy of connected toys for children.