Home > Projects
[ Projects ]
This section contains various projects (serious and whimsical) that I've worked on over the years. Because I've been focusing on the content for the Photography section, most of what would go here is not online yet.
Electronics and Electrical Engineering
|The Less-Than-Ideal Transformer
|The first electrical device I've made myself instead of buying from a parts store.
|Raspberry Pi Messenger Bag Display
|Some digital artwork that I made for Def Con 27 in 2019.
|RF Signal Degrader
|A very basic device for simulating poor reception via the coaxial RF connector on analogue televisions.
|My 2017 Halloween costume - Destiny, from Neil Gaiman's Sandman stories.
|A Halloween costume I made in 2004.
|Representing data using Florence Nightingale's polar area graph and similar radial charts.
|Robust Machine Readable Codes
|RMR ("Armour") codes are a prop-detailing side project that I took to the logical conclusion.
|Summon the Lulz
|A repurposing of my Destiny costume to hopefully get some laughs.
Music and Audio
|Statistical Audio Synthesis
|A side project based on my experiences working with statistical image processing.
Reverse-Engineering and Security
|HTTP Proxies and Loopback Addresses
|An interesting quirk / possible security issue (depending on configuration) that exists in most (all?) HTTP proxy servers.
|Multipurpose Man-in-the-Middle VM
|A basic how-to guide describing how to build a "Swiss army knife" VirtualBox VM that can be used to intercept traffic using tools like Mallory, OWASP ZAP, Burp Suite, XMPPPeek, socat, and other tools.
|Mimikatz 2.0 - Golden Ticket Walkthrough
|A step-by-step example of using the Kerberos "golden ticket" functionality introduced in Mimikatz 2.0.
|Mimikatz 2.0 - Silver Ticket Walkthrough
|Several step-by-step examples of using the Kerberos "silver ticket" functionality introduced in Mimikatz 2.0.
|Mimikatz 2.0 - Brute-Forcing Service Account Passwords
|A proof-of-concept of using the Kerberos "silver ticket" functionality introduced in Mimikatz 2.0 to check passwords for service accounts used for "kerberized" IIS web applications without triggering an account lockout.
|Motorola Is Listening
|If you have a Motorola Android device, there is a good chance it is silently sending a great deal of your personal information (including email addresses and passwords) to Motorola.
|Discoveries I've made while reverse-engineering Housemarque's spectacular creepy science fiction game.
|SonicCare® Lock Picks
|An experimental tool I improvised out of a high-speed vibrating toothbrush.
|Yield-Focused Vulnerability Score (YFVS)
|An experimental vulnerability scoring model intended to nudge penetration-testing and other information security fields towards a better system than the ones that are ubiquitous today.
|YFVS - Example Comparison
|Detailed walkthroughs of the scoring process, as well as a variety of examples compared to the same vulnerabilities as scored with CVSS.
|YFVS - Scoring Formula Details
|A detailed breakdown of the scoring formula.
|YFVS Sidebar 1: Shortcomings of Existing Systems
|A side discussion on why I feel existing systems are inadequate.
|YFVS Sidebar 2: Likelihood Ratings
|A side discussion on why I feel that (in most cases) using a "likelihood" rating is a very bad idea.