I enjoy researching information security and participating in Capture the Flag events when I can find the time; this page collects my publicly-available work in this domain.

  • sticky elephant - A medium-interaction PostgreSQL honeypot. I presented this tool, along with a low-interaction PostgreSQL honeypot, with AJ Bahnken at B-Sides San Francisco 2018.
  • timing_attack - A CLI timing attack tool. I presented this tool at the 2017 BlackHat Arsenal.
  • crypto_toolchain A suite of tools for breaking crypto (and solving the Matasano challenges)
  • Camelflage - A rails application that is purposely vulnerable to SQL injection and timing attacks. Timing attack vulnerabilities can be configured by the attacking client to test toolchains.
  • SANS Holiday Hack 2015 Writeup - My writeup for the 2015 SANS Holiday Hack Challenge. I received an honorable mention for my work.
  • transform_tree - A tree of closures for performing sequential sets of transformationss on input objects. Originally written to help build rules for hashcat