19/05/2024
This project took place in our second year of computer science studies, working alongside two classmates.
The goal was to study the ways that companies implemented the Bluetooth Low Energy protocol to find vulnerabilities.
This document serves as the final report on our project.
Bluetooth Vulnerabilities
02/05/2024
This project implements a homemade Web Application Firewall (WAF) using Flask as a reverse proxy. The WAF is designed to protect an intentionally designed vulnerable Flask web server from common web security threats such as SQL injection and Cross-Site Scripting (XSS). It intercepts incoming requests, checks them for security vulnerabilities, and forwards them to the web server if they are deemed safe.
The project contains features such as:
Intentionally Vulnerable Web Server Reverse Proxy Content Security Policy (CSP) SQL Injection Protection HTTP Verb Checking Anti-Bot Protection HTTPS Connection You can find the full explanation, as well as the setup and usage instructions here.
17/03/2024
Project Harvester is a program created to control Linux systems remotely by uploading videos to Youtube.
The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command. The QR codes in the videos use AES-encrypted values.
Once the command has been executed, the output is exfiltrated over ICMP to our host server.
You can find the full explanation here.
20/02/2024
This project took place in our first year of computer science studies, working alongside two classmates.
Each of us had our own smaller tasks, which we combined to create a larger project.
My part involved setting up and launching an email phishing campaign. I used Mailcow for the mail server setup, Evilginx2 to replicate real login pages, and Gophish to carry out the attack.
This document serves as the final report on our project, containing instructions, explanations of our work, and guidelines for replication.