I enjoy researching information security and participating in Capture the Flag events when I can find the time; this page collects my publicly-available work in this domain.

  • sticky_elephant - A medium-interaction PostgreSQL honeypot.I presented this tool, along with a low-interaction PostgreSQL honeypot, with AJ Bahnken at B-Sides San Francisco 2018.
  • timing_attack - A CLI timing attack tool.I presented this tool at the 2017 BlackHat Arsenal.
  • crypto_toolchain - A suite of tools for breaking crypto (and solving the Matasano challenges)
  • Camelflage - A rails application that is purposely vulnerable to SQL injection and timing attacks.Timing attack vulnerabilities can be configured by the attacking client to test toolchains.
  • SANS Holiday Hack 2015 Writeup - My writeup for the SANS Holiday Hack Challenge. I received an honorable mention for my work.
  • transform_tree - A tree of closures for performing sequential sets of transformationss on input objects.Originally written to help build rules for hashcat