Skip to content



Video games are truly intriguing pieces of software. They are built with cutting edge technology and employ some of the most wild and innovative logic, all while being artistically expressive and generally entertaining. Read More

For the past week, I have been slowly and steadily enjoying a new CTF website, TargetPractice. I finally completed their Android crypto/reverse-engineering challenge, Dead Drop, and wanted to share my workflow and experience with this fun exercise. Read Write-Up

In this quickstart guide, we will be learning about the role of object deserialization in security. Deserialization is featured in most major languages and when implemented improperly, either by the language itself or by the application being written, can be a fruitful attack surface. CVE-2017-5941 is an example of flawed implementation of deserialization in the node.js JavaScript framework. Read More


For this project, I have compared the effectiveness of various feature sets from League of Legends (LoL) game data in classification tasks. Data for individual LoL matches were scraped from the North American match history servers. A decision tree, k-nearest-neighbors model, and multi-layer perceptron neural network were each configured and tested on their ability to identify player ranks when presented with game data. I used 13 different feature sets with each classifier and compared the results. The neural network always outperformed the other two models and the best feature set was the creep score intervals, gold earned intervals, and vision ward placement/destruction. The worst feature set was the losing team’s KDA by itself.

Read Paper

In this guide, we will take a look at a few exploits that target remote keyless entry (RKE) systems in modern vehicles. We will learn the theory behind the generic rolljam attack and also implement a specific attack on Subaru vehicles. Read Guide

"What's the wifi password?" is today's "Where is the bathroom?": the first question asked by guests of an unfamiliar location. I myself have asked this of many friends and this past week had noticed a security weakness in their routers. For those using NETGEAR brand routers, there is a simple pattern within the default WPA2 passwords that increases viability of WPA2 hash cracking. Read Guide

ReDroid started as an apktool wrapper and became a simple workspace tool for Android disassembly projects. It automates disassembly and reassembly of apps via Smali, allows for branching, and automates the signing and installing of recompiled apk files There's still a lot of work to do, and I will continue to update occasionally while I continue my DHS assignment. ...continue reading "ReDroid v0.7 Release"

In this guide we will observe one of Java's most dangerous vulnerabilities, CVE-2012-1723. We will analyze the conditions of the vulnerability and work through an example of practical exploitation through a drive-by attack. Read Guide