Social Alexa - Twitter integration with Amazon Alexa

View Source on Github

My friend Brandon and I developed an Amazon Alexa skill to allow for people to tweet to twitter through the echo or dot device. We utilized the twitter API along with a heroku app doing OAuth to allow us to securely authenticate users to our application and then allow them to tweet to twitter.


SABSides2017: Programs and Slides from my BSides talk


This is a collection of slides and programs that I worked on for a presentation at San Antonio BSides in 2017. The primary focus of this talk was to talk about the disparity of encryption and relative lack of tooling for encryption at the application layer for things dealing with socket communications. I also covered some of the issues in cryptography that happen and specific layers as well as a few toy examples and fixes that allow for a somewhat secure environment, provided there are still quite a few issues with the implementation and I would not recommend utilizing this within a production setting.

SXDK: Software Exploit Development Kit


A relatively simple GUI interface for developing eggs that allow for exploitation of various stack overflows with an exploitable stack. Note that the NX bit must be set on the machine in order for this type of attack to work. This is predominately for older systems tests and to allow for automation, through a back-end python script, of exploits.

usage: sxdk.py [-h] [-f NUM_OF_ADDRESSES] [-t TOTAL_SIZE]
               [-o OPERATING_SYSTEM] [-a ARCHITECTURE] [-s STARTING_ADDRESS]
               [-e ENDIANNESS] [-d OFFSET] [-n NAME_OF_FILE] [-r REMOTE]
               [-b BINARY]

Shell Exploitation Development Kit

optional arguments:
  -h, --help            show this help message and exit
  -f NUM_OF_ADDRESSES, --num_of_addresses NUM_OF_ADDRESSES
                        Number of addresses at the end of the egg.
  -t TOTAL_SIZE, --total_size TOTAL_SIZE
                        The total size of your egg.
  -o OPERATING_SYSTEM, --operating_system OPERATING_SYSTEM
                        The OS of your system. Ex. Linux/PPC, Linux/x86,
                        Linux/x86_64
  -a ARCHITECTURE, --architecture ARCHITECTURE
                        32 or 64 bit depending upon the machine.
  -s STARTING_ADDRESS, --starting_address STARTING_ADDRESS
                        The starting address for your system based upon your
                        stack.
  -e ENDIANNESS, --endianness ENDIANNESS
                        The endianness of your program. EX. little, big
  -d OFFSET, --offset OFFSET
                        The offset relative to the address. Utilized for
                        guessing multiple spaces.
  -n NAME_OF_FILE, --name_of_file NAME_OF_FILE
                        Name of the output file.
  -r REMOTE, --remote REMOTE
                        Connects and sends data to a remote endpoint. Format:
                        IPADDR:PORT
  -b BINARY, --binary BINARY
                        path to the binary that is to be exploited. Assumes
                        input through argv.

Sharpturn: CSAW 2015 Writeup


This is a writeup from a CTF competition that I competed in, CSAW 2015, and worked primarily on the git forensics challenge. The challenge involved a deep dive into some of the functionality of git as well as quite a few other steps. Overall it was really fun.

passwordgen: A small, probably inefficient, password generator.


A password generation binary that allows for several types of password files to be generated through various permutations and combinatorics. This can be useful for various problems, such as testing the security of passwords with the use of various password cracking tools like JohnTheRipper or hashcat.

Useage:

Each individual digit entered counts for one character. Each digit also correlates to a string of characters. I also recommend taking output to a file to save the generated permutations.

  • 2 - "abc..." all lowercase letters
  • 3 - "ABC..." all uppercase letters
  • 4 - "012..." all numbers
  • 5 - "[email protected]#..." all special characters
  • 6 - "[email protected]#" Every character list combined, note this is dangerous and will lead to massive file sizes / long times for outputs.

Examples:

./passwordgen 22222

//Generates all permutations of "abc.." and outputs them.

./passwordgen 666666 > example.txt

//Generates all 6 permutations of every possible character. Builds a fairly good list, but this file will get quite large.

 

Revolving - CSS - Animations


My first tutorial on how to create a revolving css animation, hopefully many more tutorials to come!   This project revolved around a learning experience I had with keyframes and animations. At first they seem quite daunting and a bit confusing. However after working with them for a while, keyframes and animations become easy to manage and add an interesting flare to a website. If you look into the Github repo and pull navigate through the code, you'll see a brief example utilizing some general css and html I wrote with a picture that I created for my current website. (My life-story section) Most of the design and flare for this project comes from the creative process of developing an image to use for your website, project, etc. For the most part, the effect is easy to emulate and I drew inspiration for this animation style from a website that would transition while scrolling (However, rather than using Z-index I setup an animation & keyframe.) I thought the premise was quite interesting and decided to make my own with some subtle changes.