I am currently attending my senior year (and first year of my master's) at North Dakota State University, the computer science course is heavily focused on Java, but also includes the use of languages such as C#, C, Typescript, and Python. My master's has a cybersecurity focus and I am currently employed as a cybersecurity research assistant.
I am disallowed from disclosing the specifics of what I am working on as part of my research assistantship. If you would like more information about this, feel free to reach out via email.
JES2 is a component of z/OS, an enterprise mainframe operating system developed by IBM. JES2's functionality within z/OS is to act as a core manager for batch jobs executed on the system, and as such, working with JES2 requires an all-encompassing understanding of the mainframe ecosystem. This internship allowed me to work with mainframes and many of their associated technologies, such as z/OS, z/VM, and ISPF. It also allowed me to work with several IBM languages, those being HLASM, JCL, and others internal to IBM. I had no experience with the style of computing that mainframes require before this internship, so it has been a wonderful opportunity to be given a solid familiarity with the system.
The NDSU Cybersecurity Student Association is a club dedicated to peer learning oriented towards cybersecurity. Club members participate in student lead lessons and compete in hacking competitions. The club also focuses on team programming and technology along with it.
For more information on the club, check out ndhack.club!
As a cybersecurity focused graduate assistant I am currently working with several other graduate students on developing a distributed, novel attack system. Due to the nature of the project I am not allowed to discuss details of what system it currently targets or in what respects it is novel. The system is being developed in C++ with elements also implemented in Lua, and because of its distributed nature we are also working with build systems on both Linux and Windows.
The Research Experience for Undergraduates is a program sponsored by the National Science Foundation to encourage research to be conducted by undergraduate students in a growing number of different fields. I participated in the NDSU hosted Cybersecurity REU and developed, conducted, and wrote about the use of machine learning in post attack forensic analysis. My project was specifically about the use of unsupervised learning on profiling users by Bash history. My paper Use of Bash History Novelty Detection for Identification of Similar Source Attack Generation was published at the 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom 2020) at the end of December 2020.
A Capture the Flag competition is a competition in where players are given a wide array of hacking challenges with the goal of having players use many different cybersecurity skills to solve problems to get an end "flag." An example of a basic challenge would be to use an SQLI vulnerability to leak a database that holds a specific string that is the final flag. Cyber Skyline's NCL CTF competition consisted of categories including cryptography, reverse engineering, log analysis, password cracking, web application exploitation, and several others. In the individual section of the competition, I placed 10th out of 6,475 players nationwide.
The National Cyber Summit Cyber Cup Challenge is a team-based CTF taking place live during the Annual National Cyber Summit conference. I was the team captain of a team consisting of 4 members. We worked as a team to solve cybersecurity problems in several different categories, with a strong focus on web application exploitation.
Digi-Key's Collegiate Computing Competition (DKC^3) is a programming competition that consists of three main events: short programming problems, long programming problems, and word problems. Each segment of the competition is time-constrained and as such teams must strategize which problems to pour resources into and which ones to ignore. The 2021 competition was my second time participating and our team placed 3rd out of the 15 college teams that were in attendance.
The National Collegiate Cyber Defense Competition (CCDC) is a college level cyber defense competition in which teams are given a mock business infrastructure purposely built with a large number of security vulnerabilities. These vulnerabilities must be found and fixed while a team of penetration testers attempts to breach the network and leak information. Technologies change every year, but Active Directory and Linux servers appear frequently. I have participated in this competition as both a team member (2019) and a team captain (2020).
The National Collegiate Penetration Testing Competition (CPTC) is a college-level cyber offense competition in which teams are presented a mock business infrastructure that they must perform a penetration test on and then create a report of findings. The competition enforces real-world penetration testing considerations, such as losing points for knocking services offline and receiving emails from a point of contact asking for test updates. The report filed at the end is entirely crafted by teams, without being given any sort of direction or template, requiring research into how penetration test reports are written in real-world penetration tests. I have participated as a team captain two years in a row, leading two different teams of 6 individuals each.
My primary development language is C++, I tend to use it largely with networking and hardware but have also used it with libraries such as OpenGL. Some specific projects created with C++ would include things like PSBB, an HTTP web server written from scratch using raw sockets, and an Arduino library for working with the HID5455 family of RFID scanners.
I have used Node.js and companion languages in many different applications, but the area of which I have done the most development is the creation of chat bots for social applications such as Discord, which is a voice and chat application platform with rich support for text and voice chat bots. An example of my work in this area can be seen in Tohru Bot, a music and moderation bot for general server use.
I have used python extensively in networking, web scraping, and general-purpose scripting. I also use it for automation of scripts for applications in daily use and penetration testing, an example of this being icecold, a website wordlist generator. I utilized the python machine learning library Scikit-Learn for the machine learning aspect of my paper Use of Novelty Detection on Bash History for Identification of Similar Source Generation in Post Attack Forensic Analysis.
I have participated in a large number of cybersecurity competitions, both in a team and individual settings. These have included more game-like hacking such as capture the flag competitions, but also more real-world such as the Collegiate Penetration Testing Competition, which is a team-based competition where a pentest is performed on a mock business's architecture and a final penetration testing report is written. My area of interest in penetration testing lies heavily in reverse engineering of both desktop binaries and the deobfuscation of web scripts.
I have used front end web development technologies frequently throughout my career as a developer, and I find myself very comfortable using them across a variety of applications. My strength within this area is bringing design ideas to life in the form of websites. Some websites I have created in the past include tohru.fun and insomniactf.com.
I have hosted and managed several low traffic websites for multiple years, all of which being hosted on Linux machines with Apache2 as a backend. An example of this can be seen at insomniactf.com.
I run Ubuntu Linux as my daily driver operating system, and have extensive experience using Linux in both development and in general daily tasks. Most of my experience with Linux is within the Debian family of distros, but I am confident in my ability to learn the ecosystem of new Linux distros rather quickly.
Being as Microsoft Windows is the most popular operating system on the market, I have used it for much of my computing career. I have experience with using Windows both as a daily driver and a development ecosystem, as I have a decent amount of experience using tools such as Powershell and Visual Studio.
I have utilized virtualization extensively for use in both development and cybersecurity, as virtual machines are incredibly beneficial for running things such as Kali Linux for penetration testing or Flare VM for reverse engineering purposes. I have experience with setting up and using desktop clients and bare metal server hypervisors.
MOV EAX, EAX