Jack Hance

Developer / Hacker / Researcher

github | jack@hance.xyz

Education

Master's of Computer Science, North Dakota State University, Expected Spring 2023

I am currently attending my senior year (and first year of my master's) at North Dakota State University, the computer science course is heavily focused on Java, but also includes the use of languages such as C#, C, Typescript, and Python. My master's has a cybersecurity focus and I am currently employed as a cybersecurity research assistant.

I am disallowed from disclosing the specifics of what I am working on as part of my research assistantship. If you would like more information about this, feel free to reach out via email.

Experience

JES2 Development Intern, IBM, June 2020 to December 2020

JES2 is a component of z/OS, an enterprise mainframe operating system developed by IBM. JES2's functionality within z/OS is to act as a core manager for batch jobs executed on the system, and as such, working with JES2 requires an all-encompassing understanding of the mainframe ecosystem. This internship allowed me to work with mainframes and many of their associated technologies, such as z/OS, z/VM, and ISPF. It also allowed me to work with several IBM languages, those being HLASM, JCL, and others internal to IBM. I had no experience with the style of computing that mainframes require before this internship, so it has been a wonderful opportunity to be given a solid familiarity with the system.

Extracurricular

President, NDSU Cybersecurity Student Association, May 2020 to Present

The NDSU Cybersecurity Student Association is a club dedicated to peer learning oriented towards cybersecurity. Club members participate in student lead lessons and compete in hacking competitions. The club also focuses on team programming and technology along with it.

For more information on the club, check out ndhack.club!

Research

Gradute Assistant, North Dakota State University, August 2021 - Present

As a cybersecurity focused graduate assistant I am currently working with several other graduate students on developing a distributed, novel attack system. Due to the nature of the project I am not allowed to discuss details of what system it currently targets or in what respects it is novel. The system is being developed in C++ with elements also implemented in Lua, and because of its distributed nature we are also working with build systems on both Linux and Windows.

Cybersecurity Research Experience for Undergraduates, North Dakota State University, June 2019 - August 2019

The Research Experience for Undergraduates is a program sponsored by the National Science Foundation to encourage research to be conducted by undergraduate students in a growing number of different fields. I participated in the NDSU hosted Cybersecurity REU and developed, conducted, and wrote about the use of machine learning in post attack forensic analysis. My project was specifically about the use of unsupervised learning on profiling users by Bash history. My paper Use of Bash History Novelty Detection for Identification of Similar Source Attack Generation was published at the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2020) at the end of December 2020.

Achievements

Cyber Skyline’s NCL Regular Season Fall 2021 CTF Competition, Placed 10th of 6400+ players

A Capture the Flag competition is a competition in where players are given a wide array of hacking challenges with the goal of having players use many different cybersecurity skills to solve problems to get an end "flag." An example of a basic challenge would be to use an SQLI vulnerability to leak a database that holds a specific string that is the final flag. Cyber Skyline's NCL CTF competition consisted of categories including cryptography, reverse engineering, log analysis, password cracking, web application exploitation, and several others. In the individual section of the competition, I placed 10th out of 6,475 players nationwide.

2019 National Cyber Summit Cyber Cup Challenge, Placed 2nd out of 10+ college teams

The National Cyber Summit Cyber Cup Challenge is a team-based CTF taking place live during the Annual National Cyber Summit conference. I was the team captain of a team consisting of 4 members. We worked as a team to solve cybersecurity problems in several different categories, with a strong focus on web application exploitation.

Digi-Key Collegiate Computing Competition 2021, Placed 3rd out of 15 college teams

Digi-Key's Collegiate Computing Competition (DKC^3) is a programming competition that consists of three main events: short programming problems, long programming problems, and word problems. Each segment of the competition is time-constrained and as such teams must strategize which problems to pour resources into and which ones to ignore. The 2021 competition was my second time participating and our team placed 3rd out of the 15 college teams that were in attendance.

Competitions

National Collegiate Cyber Defense Competition, Particiated 2019 and 2020

The National Collegiate Cyber Defense Competition (CCDC) is a college level cyber defense competition in which teams are given a mock business infrastructure purposely built with a large number of security vulnerabilities. These vulnerabilities must be found and fixed while a team of penetration testers attempts to breach the network and leak information. Technologies change every year, but Active Directory and Linux servers appear frequently. I have participated in this competition as both a team member (2019) and a team captain (2020).

National Collegiate Penetration Testing Competition, Participated 2019 and 2020

The National Collegiate Penetration Testing Competition (CPTC) is a college-level cyber offense competition in which teams are presented a mock business infrastructure that they must perform a penetration test on and then create a report of findings. The competition enforces real-world penetration testing considerations, such as losing points for knocking services offline and receiving emails from a point of contact asking for test updates. The report filed at the end is entirely crafted by teams, without being given any sort of direction or template, requiring research into how penetration test reports are written in real-world penetration tests. I have participated as a team captain two years in a row, leading two different teams of 6 individuals each.

Technologies

C++, 4 years experience (2017)

My primary development language is C++, I tend to use it largely with networking and hardware but have also used it with libraries such as OpenGL. Some specific projects created with C++ would include things like PSBB, an HTTP web server written from scratch using raw sockets, and an Arduino library for working with the HID5455 family of RFID scanners.

  • Hardware
  • Networking
  • Graphics

Javascript/Node.js, 5 years experience (2016)

I have used Node.js and companion languages in many different applications, but the area of which I have done the most development is the creation of chat bots for social applications such as Discord, which is a voice and chat application platform with rich support for text and voice chat bots. An example of my work in this area can be seen in Tohru Bot, a music and moderation bot for general server use.

  • Chat Bots
  • Networking
  • Back End Web Development

Python, 4 years experience (2017)

I have used python extensively in networking, web scraping, and general-purpose scripting. I also use it for automation of scripts for applications in daily use and penetration testing, an example of this being icecold, a website wordlist generator. I utilized the python machine learning library Scikit-Learn for the machine learning aspect of my paper Use of Novelty Detection on Bash History for Identification of Similar Source Generation in Post Attack Forensic Analysis.

  • Machine Learning
  • Networking
  • Automation

Penetration Testing, 3 years experience (2018)

I have participated in a large number of cybersecurity competitions, both in a team and individual settings. These have included more game-like hacking such as capture the flag competitions, but also more real-world such as the Collegiate Penetration Testing Competition, which is a team-based competition where a pentest is performed on a mock business's architecture and a final penetration testing report is written. My area of interest in penetration testing lies heavily in reverse engineering of both desktop binaries and the deobfuscation of web scripts.

  • Web Application Exploitation
  • Reverse Engineering
  • Cryptanalysis

HTML5/CSS3/Javascript, 6 years experience (2015)

I have used front end web development technologies frequently throughout my career as a developer, and I find myself very comfortable using them across a variety of applications. My strength within this area is bringing design ideas to life in the form of websites. Some websites I have created in the past include tohru.fun and insomniactf.com.

  • Interfaces
  • User Experience
  • Animations

Apache2/Linux Remote Management, 5 years experience (2016)

I have hosted and managed several low traffic websites for multiple years, all of which being hosted on Linux machines with Apache2 as a backend. An example of this can be seen at insomniactf.com.

  • Server Management
  • Linux Proficiency
  • Web Server Security

Operating Systems

Linux, 5 years experience (2016)

I run Ubuntu Linux as my daily driver operating system, and have extensive experience using Linux in both development and in general daily tasks. Most of my experience with Linux is within the Debian family of distros, but I am confident in my ability to learn the ecosystem of new Linux distros rather quickly.

Windows, 10 years experience (2011)

Being as Microsoft Windows is the most popular operating system on the market, I have used it for much of my computing career. I have experience with using Windows both as a daily driver and a development ecosystem, as I have a decent amount of experience using tools such as Powershell and Visual Studio.

Other Technology

Virtualization

I have utilized virtualization extensively for use in both development and cybersecurity, as virtual machines are incredibly beneficial for running things such as Kali Linux for penetration testing or Flare VM for reverse engineering purposes. I have experience with setting up and using desktop clients and bare metal server hypervisors.

MOV EAX, EAX