Social Alexa - Twitter integration with Amazon Alexa
My friend Brandon and I developed an Amazon Alexa skill to allow for people to tweet to twitter through the echo or dot device. We utilized the twitter API along with a heroku app doing OAuth to allow us to securely authenticate users to our application and then allow them to tweet to twitter.
SABSides2017: Programs and Slides from my BSides talk
This is a collection of slides and programs that I worked on for a presentation at San Antonio BSides in 2017. The primary focus of this talk was to talk about the disparity of encryption and relative lack of tooling for encryption at the application layer for things dealing with socket communications. I also covered some of the issues in cryptography that happen and specific layers as well as a few toy examples and fixes that allow for a somewhat secure environment, provided there are still quite a few issues with the implementation and I would not recommend utilizing this within a production setting.
SXDK: Software Exploit Development Kit
A relatively simple GUI interface for developing eggs that allow for exploitation of various stack overflows with an exploitable stack. Note that the NX bit must be set on the machine in order for this type of attack to work. This is predominately for older systems tests and to allow for automation, through a back-end python script, of exploits.
usage: sxdk.py [-h] [-f NUM_OF_ADDRESSES] [-t TOTAL_SIZE]
[-o OPERATING_SYSTEM] [-a ARCHITECTURE] [-s STARTING_ADDRESS]
[-e ENDIANNESS] [-d OFFSET] [-n NAME_OF_FILE] [-r REMOTE]
[-b BINARY]
Shell Exploitation Development Kit
optional arguments:
-h, --help show this help message and exit
-f NUM_OF_ADDRESSES, --num_of_addresses NUM_OF_ADDRESSES
Number of addresses at the end of the egg.
-t TOTAL_SIZE, --total_size TOTAL_SIZE
The total size of your egg.
-o OPERATING_SYSTEM, --operating_system OPERATING_SYSTEM
The OS of your system. Ex. Linux/PPC, Linux/x86,
Linux/x86_64
-a ARCHITECTURE, --architecture ARCHITECTURE
32 or 64 bit depending upon the machine.
-s STARTING_ADDRESS, --starting_address STARTING_ADDRESS
The starting address for your system based upon your
stack.
-e ENDIANNESS, --endianness ENDIANNESS
The endianness of your program. EX. little, big
-d OFFSET, --offset OFFSET
The offset relative to the address. Utilized for
guessing multiple spaces.
-n NAME_OF_FILE, --name_of_file NAME_OF_FILE
Name of the output file.
-r REMOTE, --remote REMOTE
Connects and sends data to a remote endpoint. Format:
IPADDR:PORT
-b BINARY, --binary BINARY
path to the binary that is to be exploited. Assumes
input through argv.
Sharpturn: CSAW 2015 Writeup
This is a writeup from a CTF competition that I competed in, CSAW 2015, and worked primarily on the git forensics challenge. The challenge involved a deep dive into some of the functionality of git as well as quite a few other steps. Overall it was really fun.
passwordgen: A small, probably inefficient, password generator.
A password generation binary that allows for several types of password files to be generated through various permutations and combinatorics. This can be useful for various problems, such as testing the security of passwords with the use of various password cracking tools like JohnTheRipper or hashcat.
Useage:
Each individual digit entered counts for one character. Each digit also correlates to a string of characters. I also recommend taking output to a file to save the generated permutations.
- 2 - "abc..." all lowercase letters
- 3 - "ABC..." all uppercase letters
- 4 - "012..." all numbers
- 5 - "!@#..." all special characters
- 6 - "abcABC!@#" Every character list combined, note this is dangerous and will lead to massive file sizes / long times for outputs.
Examples:
./passwordgen 22222
//Generates all permutations of "abc.." and outputs them.
./passwordgen 666666 > example.txt
//Generates all 6 permutations of every possible character. Builds a fairly good list, but this file will get quite large.
Revolving - CSS - Animations
My first tutorial on how to create a revolving css animation, hopefully many more tutorials to come! This project revolved around a learning experience I had with keyframes and animations. At first they seem quite daunting and a bit confusing. However after working with them for a while, keyframes and animations become easy to manage and add an interesting flare to a website. If you look into the Github repo and pull navigate through the code, you'll see a brief example utilizing some general css and html I wrote with a picture that I created for my current website. (My life-story section) Most of the design and flare for this project comes from the creative process of developing an image to use for your website, project, etc. For the most part, the effect is easy to emulate and I drew inspiration for this animation style from a website that would transition while scrolling (However, rather than using Z-index I setup an animation & keyframe.) I thought the premise was quite interesting and decided to make my own with some subtle changes.
