Major Projects

Root the Box

Root the Box is a computer hacking Capture-the-Flag game run in the Phoenix, AZ area. Participants connect to an internal network which houses vulnerable boxes and attempt to gain access before other teams are able to. They may also participate in challenges - small victories which are largely unrelated to the boxes - for points. The event is entirely student-run. While the event was originally sponsored entirely by the UAT club [Buffer]Overflow, it has since acquired several local computer security-related companies as sponsors.

More information regarding Root the Box available at the official site.

Hack the Badge (ToorCon 13)

At ToorCon 13, several team members used the badges to create a sort of tag game. When an individual with a custom firmware flashed to their badge pressed the button, the badge sent out a pulse that all other flashed badges received. When a flashed badge received such a pulse, it was frozen from firing for several seconds. This competition was completed in approximately 36 hours.

Complete project available here. Team code exists entirely in the toorcon.c file.


Theia conceptualizes a full-fledged security system with centralization and a modular design. It utilizes modules, or independent components, which do the bidding of the central computer, or Helios. These modules consist of sensor-, action-, and authentication-types. Sensor-type modules check a condition and return a True or False to Helios, which then makes a decision and instructs action-type modules to perform their tasks as necessary based on the settings provided in Helios, and the state of any authentication modules.

Complete Theia system with design document available here*.

Project Remora

Project Remora is a Social Engineering project intended to explore and expand the understanding of human interaction while safely discovering and raising awareness of social vulnerabilities. Team members approach strangers with the intention of finding the level of vulnerability the subject is willing to submit to. This is accomplished by the request of a cell phone, followed by one for a ride in the subject's vehicle.

Full report, including detailed methodology and findings, available here.

Computer Security

Applied Exploits and Hacking, Final Project

The purpose of this lab is to take on the set of De-Ice hacking challenges. The challenges are a popular series of disc images designed to challenge hackers of all skill levels to break into machines set up as typically vulnerable corporate servers.

Full report available here*.

Applied Exploits and Hacking, Nmap Lab

This lab demonstrated the use and merit of the Nmap tool.

Lab report available here*.

Covert Channels, Final Presentation

This presentation documents a potential new form of Covert Channel - hiding information in playlists.

Available here.

Demonstration on Stack-Based Buffer Overflows

Available here*.

Network Administration

Network Security Monitoring, Final Presentation

This presentation focuses primarily on the network layout featured on the second slide. It also contains a cost/benefit analysis of the components selected.

Available here.

Presentation on Policies and Solutions

Given several policies, our team prepared solutions for how we would achieve the restrictions.

Available here.

Business Continuity

Business Continuity/Disaster Recovery, Final Project

This project was the documentation of a disaster recovery plan for a fictional company. It includes mitigation, emergency response procedures, and other considerations.

Full report available here.


Assembly PDP8 Emulator

This is an emulator for the PDP-8 computer, written in MASM Assembly.

Code available here. The Kip Irvine libraries for x86 MASM assembly required for compilation.

*Due to the nature of Google Document's web display, many features of some documents do not display correctly. For best viewing, download documents and display them in Microsoft Office 2007 or later products.