Professional Portfolio

Updated July 27 2017

This is my security portfolio. For my general programming portfolio consisting of personal projects and major schoolwork, see here.


Security

CVEs

CVE-2019-3490 in Novell Netstorage

In late 2018 while performing an external penetration test for a client, I discovered a reflected cross-site scripting vulnerability in the web interface to Novell Netstorage. This vulnerability was responsibly disclosed through the CERT Coordination Center.


Tool Releases

Git-Scrapers

Git-Scrapers is an open source tool which collects open source intelligence on developers using metadata stored in git repositories. The tool uses the GitHub and StackOverflow API to collect information. I wrote the tool in Ruby (originally in Python/Perl) as an introduction to the language.

Vampire

Vampire is a Cobalt Strike aggressor script which communicates with Bloodhound through Neo4j API calls. The script partially automates marking users as "owned" in Bloodhound. This functionality is useful because Bloodhound leverages Neo4j to use graphs to visualize the Active Directory environment. By marking users as "owned", you are able to follow your attack path through the graph.


Misc

Conference Trainings Attended

Packet Capture Analysis and Incident Report

As part of a job application process, I performed a packet capture analysis of the file in this challenge. When it was given to me, I did not know it was part of a public challenge.

I learned to use several new tools, as the packet capture contains malware samples in many languages. I produced this report and created these files in the course of my work. The zip file uses the password "infected" as it contains malware samples that will be quarantined and deleted by antivirus. The zip also contains source code which I deobfuscated and annotated.


Popunder Script Reverse Engineering

I wrote a blog post here which analyses a popup advertisement script I found on a shady website. My goal was to investigate an iOS bug which was allegedly fixed, but still affects the Brave web browser app. This particular script seems innocent on that charge, but there was still some interesting reverse enineering to be done on it.


Technical Write-up

In early 2016, I applied for an internship at NCC Group, and as part of the selection process, I performed a security assessment of a vulnerable web application. Without using any automated tools, I found bugs of various severity and wrote them up in a professional document. This was a great experience for me, and I encourage all companies to have a similar stage in their hiring process.


Tools I've used

Burp Suite Pro Cobalt Strike Bloodhound nmap Nessus Wireshark

Bug Bounty Accounts

Total bugs reported: 0

https://hackerone.com/phurd https://bugcrowd.com/phurd

Books I've Enjoyed


Blog Posts I've Enjoyed

Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288) by Francisco Falcon
Reckon you've seen some stupid security things? Here, hold my beer... by Troy Hunt
DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis by zero sum
Booby Trap a Shortcut With a Backdoor by Felix
The command-line, for cybersec by Robert Graham
Flexidie by Leopardboy and the Decepticons

Conference Videos I've Enjoyed