The following is a chronological index of the recent projects I completed to keep current with hands-on cyber security, data, cloud technology, and software engineering skills.
Completed Projects
May 2020
- Structured Big Data Analysis. Using Python to analyze structured big data Bike Share data from three cities: Chicago, Washington, and New York
- Machine Learning to Transform Photos into 3D with Python AWS GPU instances to run PyTorch to create 3D images. CloudWatch implementation to control costs.
- Build a Multiplayer Online Game in Python Online game that can be played by up to 10 players. Client and Server architecture written totally in Python.
April 2020
- According to Facebook, I will Have a Dad-Bod on June 28, 2021 A data science project that uses python to predict future weight gain. Also, created an open source project Dad-Bod on GitHub.
- Part 2: My Future Self is Beating the Dad Bod I created another open source tool to send myself a daily text message tracking my progress to goal.
March 2020
- Using Data Science to Pick NCAA Tournament First Round Winners. Using correlation to find the variables that are most predictive of NCAA men’s basketball first round tournament wins.
- Building a Model to Pick NCAA First Round Winners. Part two of my previous post that builds a data science model to predict NCAA tournament winners.
May 2019
- Updated Conwell Quotes to v1.1 Meant to be used for legal, ethical, offensive security purposes. This update allows parameters to be passed to the error.php file to allow dynamic use of the shell.
April 2019
- I completed four Hack the Box penetration testing labs. The labs detailed here, Cartographer and Grammar, used SQL injection, PHP query string enumeration as well as cookie hijacking and PHP type juggling.
- Wrote an open source WordPress plugin, Conwell Quotes hides a malicious backdoor behind a legitimate WordPress plugin. Meant to be used for offensive security purposes, and can be combined with spear phishing.
March 2019
- Information Lifecycle Management (ILM) with S3 Glacier and Lifecycle Rules Automatically move old data into cheaper AWS storage option.
February 2019
- Maintaining Presence and Installing Backdoors MSFVenom to upload a misconfigured PHP file to gain shell access.
- Exfiltrating Data From MySQL and Postgres Continued experimentation with Metasploitable 2 – exfiltrating data this time.
- Got Root? Two More Exploits Using Metasploit gained root access to IRC and Java Servers.
- My First Metasploitable Vulnerability, Exploit, and Fix Gained root access using rsh-server running on port 513 with a misconfigured .rhosts file
- Install an Ethical Hacking Lab Installed and customized Kali and Metasploitable virtual machines to practice offensive security techniques.
December 2018
- Graphing Intel with Maltego Experimenting with Maltego to connect reconnaissance learnings in visual graphs.
- Generate Public/Private Key Pairs 2^521 operations will take a very, very long time to crack.
- Avoid Detection with Nmap Stealth Scan A less intrusive way of port scanning.
- File integrity with SHA-256. Published checksums for LogWatcher.
- Credential Stuffing with Cr3dOv3r After the Dunkin Donuts credential stuffing breach I went on the lookout for a tool to find leaked credentials.
November 2018
- I published my second open source software project on GitHub, LogWatcher. LogWatcher is a utility to perform very simple automated system monitoring and alerting. It is an ideal solution to use in conjunction with a web app that has a sound event logging architecture implemented. LogWatcher simply watches an error log file for any anomalous behavior. If someone attempts a log in, attempts to read the database, hack the URL, or any other adverse behavior that is landing in an error log file, LogWatcher can send an email alert to make you aware.
September 2018
- Backup WordPress to Amazon Web Services (AWS) S3 Fairly straight forward. The most time consuming portion was compressing my WordPress images.
- Install Ghost on Amazon Web Services (AWS) A more complicated and extended project that took me three tries to get right. This was my first few forays into AWS and I learned a lot.
- More Resource Discovery with ForzaBruta.py Added more analysis and filtering capabilities into the ForzaBruta.py Python resource discovery brute-forcing script.
May 2018
- Brute Force Resource Discovery with FuzzDB I discovered my “hidden” password manager using brute force guessing of common directory names.
- Information Gathering with DMitry Simple and non-invasive information gathering utility
- Brute Force WordPress Passwords with WPScan and Tor Same as last time, but this time using a SOCKs proxy to attempt the brute force with a false IP.
- Writing a Web Crawler with Scrapy Created a spider that can identify and export mass content
- Vulnerability Scanning WordPress with WPScan Includes enumerating usernames, bruteforcing passwords, fingerprinting plugins to identify exploits, scanning robots.txt for interesting content, and attempting to identify TimThumb weaknesses with images.
- Build an eCommerce Website Includes building an online shopping cart and learning to take payments online.
April 2018
- Setting Up a New Ubuntu Linux Server Includes creating a bootable USB drive, partitioning the hard drive, and configuring an SSH server to access remotely.
- Cracking My Own Password with John the Ripper Success in the sense that I learned how to use John. My root password is sufficiently complex that I could not crack it.
- Cracking Windows Administrator Password with OphCrack Used Kali Linux live boot and Ophcrack.
- Install Kali Linux on a Macbook I’ve enjoyed using this version of Linux that comes bundled with a variety of penetration testing tools.
March 2018
- Install My Own Password Manager (part 2) Includes acquiring and installing a certificate from a certificate authority and forwarding traffic to https. Also includes tinkering with robots.txt to dissuade web crawlers from indexing my password manager.
February 2018
- Install My Own Password Manager (part 1) I began the habit to really practice good digital hygiene by more intelligently managing my passwords.
November 2017
- Build a website Installed and customize WordPress.
- Install Linux on a Chromebook Experimented with Linux on a chromebook. Learned that my chromebook is really under-powered.
- Dual Boot GalliumOS on a Chromebook Start to experiment with getting more horsepower out of my Chromebook.
- Author my very own open source project! Plus learn to use Git and GitHub Learned the ins-and-outs of Git and contributed my first open source project — a configuration utility for the Terminal in MacOS and Linux.