Here are some of the projects I’ve worked on

• NCL Basic Tips

  The National Cyber League (NCL) is a fun (mostly) Jeopardy style capture the flag (CTF) competition that has two seasons every year: the Spring Season and the Fall Season. NCL is only for college students and is a great learning opportunity. At the time of this writing, I am in my last few weeks of school getting my BAS in Cybersecurity, so this Fall Season is my last time playing. I wrote this post as a way to give newer players some basic tips to help springboard your learning.

• OpenVPN Connection to Private Web Server

  I have a personal project writing a work of fiction and I recently decided to update how I keep my notes. I used to just use Google Keep Notes because I could easily write down ideas on my phone. But it makes for terrible review of my notes when I’m actually writing the story and building the fictional world. I wanted something with better organization, but also something I could share with my writing group, and only my writing group. I don’t want to share it with the rest of the world until it is ready for publication.

• New Video Invitation for the Cyberhawks Club

  As president of my school’s cybersecurity club, the Cyberhawks, I wanted to produce a video that we could use to advertise the club. I made one last year that was selfie-style and pretty cheesy. This year I wanted it to be much more professional. At first I was thinking of recording different club members doing cool things, but the script kept coming out really bad and I just had a bad feeling about the whole idea. Plus, COVID makes it not such a good idea to get together unnecessarily right now.

• Creating A Website with GitHub Pages and Jekyll

  If you want to create a website similar to this one, here is a guide for how to do it. With GitHub, you can create and host a website for free! Though you don’t have to use Jekyll, I have found it to be best option and doesn’t require a ton of HTML and CSS. Instead, Jekyll uses YAML and Markdown. Don’t worry if you don’t know either one, I don’t either, not really! I know just enough to get by in creating my website, then I look up anything I don’t know. (Google-Fu is a necessary skill to have for any developer!)

• LAMP Stack with Customized DVWA

  Currently, I’m working for both Pacific Northwest National Laboratory and Marcraft, an Educational Technologies Group company. For both jobs recently, I had the opportunity to set up multiple web servers in Linux. For one of these projects I also set up a whole LAMP stack and the Damn Vulnerable Web Application (DVWA), but I wanted to customize it with a new look. I also wanted to have a fake front end website that has a link for “employees” to login with, which would take them to the DVWA login page.

• Home Virtual Lab: Networking Virtual Machines Together on VirtualBox

  I was lucky enough to buy a couple of extra computers from an auction, but usually having extra computers and networking computers for experimenting and penetration testing just isn’t feasible for students. In my previous project, I gave instructions on how to install virtual machines in preparation to set up a virtual lab using Oracle VirtualBox. Here I’m going to explain how to actually allow them to talk to each other and to the Internet.

• Home Virtual Lab: Installing Virtual Machines on VirtualBox

  I was lucky enough to buy a couple of extra computers from an auction, but usually having extra computers and networking computers for experimenting and penetration testing just isn’t feasible for students. So, here are instructions on how to install virtual machines in preparation to set up a virtual lab using Oracle VirtualBox.

• Defending an IT/OT Network Against Remote Code Execution

  Abstract: Defending information and operational technology networks is of vital importance. As has been demonstrated in attacks such as the Colonial Pipeline incident, the Stuxnet attack on an Iranian nuclear facility, and the Russian attack on Ukraine’s power grid, vulnerable critical infrastructure and industrial systems are extremely costly, both in terms of money as well as in human life. In this project, I set up a physical testbed environment with built-in vulnerabilities to demonstrate a successful penetration from outside of a private network. I exploited an open logical port and weak passwords to gain access to a computer with control over an industrial process. Based on the results of this experiment, I proposed and implemented several solutions to harden the network against similar attacks.

• Physical Network Testing Environment

  My work at Marcraft has been setting up a physical testing environment for Industrial Control Systems (ICS) cyber security. Most of the time, when people set up a cyber security testing environment, it is a virtual one, either through virtualization software like VMware or VirtualBox. However, we wanted to be as realistic as possible, so we made sure to use real, physical devices and cables.