Updated July 27 2017
This is my security portfolio. For my general programming portfolio consisting of personal projects and major schoolwork, see here.
As part of a job application process, I performed a packet capture analysis of the file in this challenge. When it was given to me, I did not know it was part of a public challenge.
I learned to use several new tools, as the packet capture contains malware samples in many languages. I produced this report and created these files in the course of my work. The zip file uses the password "infected" as it contains malware samples that will be quarantined and deleted by antivirus. The zip also contains source code which I deobfuscated and annotated.
I wrote a blog post here which analyses a popup advertisement script I found on a shady website. My goal was to investigate an iOS bug which was allegedly fixed, but still affects the Brave web browser app. This particular script seems innocent on that charge, but there was still some interesting reverse enineering to be done on it.
In early 2016, I applied for an internship at NCC Group, and as part of the selection process, I performed a security assessment of a vulnerable web application. Without using any automated tools, I found bugs of various severity and wrote them up in a professional document. This was a great experience for me, and I encourage all companies to have a similar stage in their hiring process.
|Wireshark||Burp Suite||nmap||Radare2||.Net Reflector||JPEXS Flash Decoder|
|Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288) by Francisco Falcon|
|Reckon you've seen some stupid security things? Here, hold my beer... by Troy Hunt|
|DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis by zero sum|
|Booby Trap a Shortcut With a Backdoor by Felix|
|The command-line, for cybersec by Robert Graham|
|Flexidie by Leopardboy and the Decepticons|