Twitter
Complete Project List
Here is a list of the projects I've completed, what I'm working on, and what's to come.
What I've done
-
CrackStation - Online Hash Cracker (Lookup Table)
An online hash cracking lookup table, that supports many hash algorithms: MD5, SHA1, SHA256, SHA512, RipeMD160
-
Why are web applications so vulnerable to attack?
An analysis of the data flow in web applications, and why attacks like SQL injection are so hard to prevent.
-
Salted Password Hashing - Doing it Right
A clear explanation of the proper way to store hashes in a database.
-
HelloWorld! Secure & Light CMS System
An open source, lightweight and secure CMS system in PHP. The very same CMS that this website is using.
-
PUP Confusion
A technique for bypassing antivirus detection.
-
File System Events Disclose NTFS Protected Folder Contents
Using the .NET framework's FileSystemWatcher class, it's possible to monitor a folder and it's sub-folders for file creations, modifications, and deletions. The Windows API fails to take NTFS permissions into account when raising these events. By logging these events, it is possible to obtain a partial list of files inside a private folder. This also extends to folders shared over the network.
-
Secure, Encrypted, Anonymous Pastebin
Programmers need a secure way to quickly send code snippets to friends over IM. After noticing that pastebin.com publishes everything you "paste" to the internet, I had to make my own secure version of the service.
-
PDFCleaner
Almost weekly we hear about a new exploit for Adobe Reader, the most used program to view PDF files. PDF files have become a major security problem. I decided to fix this by creating a service that lets you "sanitize" a PDF file. PDFCleaner lets you upload any PDF, and gives you the same PDF without any exploits that may have been attached to the original. PDFCleaner is better than antivirus software, because it even works with unknown exploits.
-
Checksum Calculator
There aren't many trustworthy online hash calculators that support multiple algorithms. The highest ranking md5 hash calculator on google is running on the same server as a hash cracking service, which I find very suspicious. I made my own so that I can be 100% sure that the data I hash isn't getting added to a hash cracking database.
-
GPU MD5+Salt Cracker
Parallel computation is many times faster on a GPU than a CPU. There is lots of code out there for brute forcing plain MD5 hashes using Nvidia's CUDA technology. To get a feel for GPU computing, I wrote a CUDA program that can crack salted MD5 hashes.
-
Password Generator
There are some great websites for generating secure passwords, like GRC's Ultra High Security Password Generator, but I TNO (Trust No One). I made my own offline password generator because I didn't want to trust anyone else's servers with creating my passwords.
-
Online HTML Sanitize Tool (htmlspecialchars)
This tool will take your text and convert all the special characters to their proper HTML codes, so you can paste text with special characters or HTML code onto your website.
-
EOTP - Encrypting One Time Passwords
One time passwords that provide the server with a static encryption key.
-
TRENT - Trusted Random Entropy Generator
TRENT is a service that allows online contests and drawings to be done securely. TRENT allows both the contest organizer and the contestants to trust the results. The organizer knows the random numbers were created using a secure CSPRNG and the contestants know that the organizer did not have any influence over the random numbers.
What I'm working on right now
-
University
-
Secure User Account System for PHP
I'm writing a secure user account system for PHP - with a bunch of crypto built in - so that myself and other developers have a secure "starting point" for their websites.
What I plan to do
-
Password Bolt
-
CryptoHost / BitCannon
A secure temporary file upload and transfer service/program.
