Professional Portfolio

Updated July 27 2017

This is my security portfolio. For my general programming portfolio consisting of personal projects and major schoolwork, see here.


Security

Packet Capture Analysis and Incident Report

As part of a job application process, I performed a packet capture analysis of the file in this challenge. When it was given to me, I did not know it was part of a public challenge.

I learned to use several new tools, as the packet capture contains malware samples in many languages. I produced this report and created these files in the course of my work. The zip file uses the password "infected" as it contains malware samples that will be quarantined and deleted by antivirus. The zip also contains source code which I deobfuscated and annotated.


Popunder Script Reverse Engineering

I wrote a blog post here which analyses a popup advertisement script I found on a shady website. My goal was to investigate an iOS bug which was allegedly fixed, but still affects the Brave web browser app. This particular script seems innocent on that charge, but there was still some interesting reverse enineering to be done on it.


Technical Write-up

In early 2016, I applied for an internship at NCC Group, and as part of the selection process, I performed a security assessment of a vulnerable web application. Without using any automated tools, I found bugs of various severity and wrote them up in a professional document. This was a great experience for me, and I encourage all companies to have a similar stage in their hiring process.


Tools I've used

Wireshark Burp Suite nmap Radare2 .Net Reflector JPEXS Flash Decoder

Crowdsource Security Testing Accounts

Total bugs reported: 0

https://hackerone.com/phurd https://bugcrowd.com/phurd

Books I've Enjoyed


Blog Posts I've Enjoyed

Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288) by Francisco Falcon
Reckon you've seen some stupid security things? Here, hold my beer... by Troy Hunt
DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis by zero sum
Booby Trap a Shortcut With a Backdoor by Felix
The command-line, for cybersec by Robert Graham
Flexidie by Leopardboy and the Decepticons

Conference Videos I've Enjoyed


Check out this awesome thing I tweeted

@darksim905 #SignalDoesntNotifyYou pic.twitter.com/0SUGYrEBS6

— Patrick (@phurd_) March 17, 2017