I am a full stack software engineer. am a penetration tester. want to make a difference on this planet with technology.

I am a twenty something year old with a passion for software development and security.

Software Development

My passion for software development came at a young age. Building things was fun. From stacking cups, to legos, to making websites, to building fully scalable enterprise applications, there is no feeling more gratifying than building something out of nothing. We are extremely fortunate to live in a time where it seems as though there are no limits to technology.

Security

My passion for security came after discovering vulnerabilities in an application I was tasked with re-writing. It was an eye opening experience to know that by slightly modifying my input parameters, I could read any result from the database. This taught me the importance of properly building software and how fragile software can really be.

Today

Today my full-time responsibilites are two-fold. I am a full stack software engineer \ OSCP certified pentester who emphasizes the importance of building software in a secure manner. I believe in security through technical testing. You cannot prove the security of a system or application without a realistic attack.

Projects

SafeWalk

SafeWalk is a proof of concept application built for Temple University's Future of Computing competition. Philadelphia is notoriously known for it's high crime rate, especially in the north and around Temple University. Ryan Bradbury and I analyzed crime data obtained from OpenData Philly and created a routing algorithm which accounted for historical crimes. The user could provide a location of where they are, and where they want to walk too and the application would display the shortest path as well as the safest path based on crimes that have occured in the past.


Tech Notes

We first ranked the severity of the crime data we had acquired. From this ranking we then applied scores to routes or intersections which was a multiplier for distance. Each route has a value, the shortest path will always be the length of that path. For example if you have a road that is 500 ft, that would be the actual distance. For our application, imagine that a large number of crimes had been commit on that road, our application would then see that as 1200 ft and therefore pick a different path that is shorter\safer. The data was processed using a MySQL database with the pgRouting extension. SQL Server was our first database choice but had many limitating factors when it came to storing routes and coordinates. The UI utilized the open street maps framework and was built as a windows application using C#.


Improvement Opportunities

Work with the city of Philadelphia to make this a fully functioning application that is easy to use. Additionally add custom routes to account for certain crimes. This can also be enhanced to provide insight as to what are the safest areas to park in Philadelphia. Build a RESTful API that can be consumed by any client that can issue HTTP requests.

Temple University Accreditation Management System

AMS was built for Temple University's Vice Provost to aid in managing accreditations at Temple University. AMS was built during a year long capstone project in which I acted as the technical lead largely for development and implementation. See link for more details


Tech Notes

AMS was built on a .NET stack. SQL Server database on an IIS web server with Visual Basic as the server side code. (Not by choice, the majority of the team knew Visual Basic so this is what we went with). We did utilize webforms with a bootstrap template to hide the fact that we were using webforms :) In addition there was some custom JavaScript for a calendar view and drag and drop file upload functionality.

BYOD Secure
BYOD Secure

BYOD Secure was a proof of concept Android application which allowed a user to use their mobile phone as an additional factor of authentication through NFC. Ryan Bradbury and I worked on BYOD Secure together. The primary use case for the application was to protect the data on a company issued tablet device. The tablet device would remain locked until the user touched their phone to the tablet device. The phone was already paired with the tablet and would therefore unlock the tablet


Tech Notes

BYOD Secure was built as an Android application using Java. Both the tablet and phone contained a shared secret. When the devices were touched together to trigger NFC, the application on the tablet (could work vice versa) validated the secret and unlocked the tablet. We hit a bunch of roadblocks and went down several rabbit holes because what we were trying to do needed to be done at the system level and I have a bricked Nexus 7 to prove it...

Improvement Opportunities

The most valuable use case I saw for this application was an additional layer of security for company specific applications through MDM (Mobile Device Management) Software. Let's imagine I worked at LargeCorp Inc. and we had our own mini app store with applications that had direct links to our internal network, sensitive data and anything else you wouldn't a hacker to get a hold of. Anytime a user with a tablet tries to access a company application through the MDM, they would be prompted to swipe their cell phone as an additional layer of authentication. Therefore, if the tablet device was stolen, access to internal company data is thwarted.

Scanning

If you have identified nmap scans originating from this IP address, the scanning performed is strictly for research and/or bug bounty purposes. All scans originating from this IP address are SYN scans and do not complete a full TCP handshake. Additionally, scanning speed is set to be as polite as possible while only targeting the following ports: 80, 443, 8080, 8000, 8001, 8443. If we are scanning you and you would like us to stop, please reach out and we will gladly add you to our do not scan list.