My friend Brandon and I developed an Amazon Alexa skill to allow for people to tweet to twitter through the echo or dot device. We utilized the twitter API along with a heroku app doing OAuth to allow us to securely authenticate users to our application and then allow them to tweet to twitter.
This is a collection of slides and programs that I worked on for a presentation at San Antonio BSides in 2017. The primary focus of this talk was to talk about the disparity of encryption and relative lack of tooling for encryption at the application layer for things dealing with socket communications. I also covered some of the issues in cryptography that happen and specific layers as well as a few toy examples and fixes that allow for a somewhat secure environment, provided there are still quite a few issues with the implementation and I would not recommend utilizing this within a production setting.
A relatively simple GUI interface for developing eggs that allow for exploitation of various stack overflows with an exploitable stack. Note that the NX bit must be set on the machine in order for this type of attack to work. This is predominately for older systems tests and to allow for automation, through a back-end python script, of exploits.
usage: sxdk.py [-h] [-f NUM_OF_ADDRESSES] [-t TOTAL_SIZE] [-o OPERATING_SYSTEM] [-a ARCHITECTURE] [-s STARTING_ADDRESS] [-e ENDIANNESS] [-d OFFSET] [-n NAME_OF_FILE] [-r REMOTE] [-b BINARY] Shell Exploitation Development Kit optional arguments: -h, --help show this help message and exit -f NUM_OF_ADDRESSES, --num_of_addresses NUM_OF_ADDRESSES Number of addresses at the end of the egg. -t TOTAL_SIZE, --total_size TOTAL_SIZE The total size of your egg. -o OPERATING_SYSTEM, --operating_system OPERATING_SYSTEM The OS of your system. Ex. Linux/PPC, Linux/x86, Linux/x86_64 -a ARCHITECTURE, --architecture ARCHITECTURE 32 or 64 bit depending upon the machine. -s STARTING_ADDRESS, --starting_address STARTING_ADDRESS The starting address for your system based upon your stack. -e ENDIANNESS, --endianness ENDIANNESS The endianness of your program. EX. little, big -d OFFSET, --offset OFFSET The offset relative to the address. Utilized for guessing multiple spaces. -n NAME_OF_FILE, --name_of_file NAME_OF_FILE Name of the output file. -r REMOTE, --remote REMOTE Connects and sends data to a remote endpoint. Format: IPADDR:PORT -b BINARY, --binary BINARY path to the binary that is to be exploited. Assumes input through argv.
This is a writeup from a CTF competition that I competed in, CSAW 2015, and worked primarily on the git forensics challenge. The challenge involved a deep dive into some of the functionality of git as well as quite a few other steps. Overall it was really fun.
A password generation binary that allows for several types of password files to be generated through various permutations and combinatorics. This can be useful for various problems, such as testing the security of passwords with the use of various password cracking tools like JohnTheRipper or hashcat.
Each individual digit entered counts for one character. Each digit also correlates to a string of characters. I also recommend taking output to a file to save the generated permutations.
//Generates all permutations of "abc.." and outputs them.
./passwordgen 666666 > example.txt
//Generates all 6 permutations of every possible character. Builds a fairly good list, but this file will get quite large.
My first tutorial on how to create a revolving css animation, hopefully many more tutorials to come! This project revolved around a learning experience I had with keyframes and animations. At first they seem quite daunting and a bit confusing. However after working with them for a while, keyframes and animations become easy to manage and add an interesting flare to a website. If you look into the Github repo and pull navigate through the code, you'll see a brief example utilizing some general css and html I wrote with a picture that I created for my current website. (My life-story section) Most of the design and flare for this project comes from the creative process of developing an image to use for your website, project, etc. For the most part, the effect is easy to emulate and I drew inspiration for this animation style from a website that would transition while scrolling (However, rather than using Z-index I setup an animation & keyframe.) I thought the premise was quite interesting and decided to make my own with some subtle changes.