CryptoKnight is a tool I developed during my undergraduate at Abertay University. It is designed to aid in the analysis of crypto-ransomware; programs that lock down your computer by encrypting files and preventing access until a ransom has been paid. You might remember the attack on the NHS last year which used a particular instance known as WannaCry. My methodology (as previously introduced in preprint) leverages deep learning to process the application and evaluate the particular algorithms within it in a smarter and faster way. It was awarded the Honorary Fellows Prize for Innovation by Abertay University in 2017 and the code has since been open-sourced as of publication by MDPI.

I was approached to review the ‘Kali Linux Web Penetration Testing Cookbook’ by Packt Publishing in 2015. After thoroughly testing all content and investigating improvements, I was acknowledged as a reviewer when it was published in early 2016.

This literature review was composed as part of a module at the University of Edinburgh. Based on an older study by Rivest, the aim was to survey contemporary research areas linked to the intersection between these two fundamental areas of study.

Despite efforts to detect fictitious content, it is more prevalent than ever. Deep neural networks give practitioners the ability to realistically alter the content in digital media with veritable ease, but can these systems be used to combat illicit material? As part of a group project for Machine Learning Practical (MLP), we implemented a proof-of-concept classification tool to discriminate between real and fake images.

As part of a third year module at Abertay University I evaluated common packages that aim to combat network incursion and detect advanced persistent threats. By comparing their ability to prevent several evasion techniques, the results concluded that these setups occasionally faltered due to outdated rulesets.

The attack surface of a typical web application is often quite large, hence it can prove challenging for a security professional to locate and exploit certain vulnerabilities. I studied five different automated XSS tools to illustrate advanced tactics for web exploitation that simplified vulnerability location. The latter stage of the report proposed countermeasures based on the OWASP guidelines.

This paper outlined volume based, protocol and application layer attacks utilised by infamous hacktivists. The aim of the project was to demonstrate the ease of scripting and aid in the design of more resilient systems. It concluded that targeted HTTP flooding was by far the most effective technique. The project was presented at SecuriTay 5 and BerlinSides in 2016.

Each student was randomly assigned a vulnerable media application to track inherent security flaws and construct custom payloads. It was shown that GSPlayer (Windows XP) suffered from a buffer overflow vulnerability that was exploitable despite enabling Data Execution Prevention (DEP). The project utilised WinDbg, OllyDbg and Immunity Debugger to disassemble and analyse the subject binary.

Welcome to the first post from what will hopefully become a series on my adventures with Go! I’m really lucky to be able to experiment with some super awesome technologies which I will endeavour to write about more, so if you find this post helpful please let me know on twitter! If you’re new to Go, follow the getting started docs. You’ll also need to configure access to a Kubernetes cluster, or install Minikube - a single local node.

We’ve undergone a lot of infrastructure changes recently at work. We actually submitted the very first DLT framework into Helm’s stable charts over a year ago. This allows anyone with a Kubernetes cluster to deploy a custom blockchain courtesy of Burrow (our contribution to the Hyperledger Greenhouse). We’re a great believer in cloud first and open source technologies so not only is Kubernetes a great fit for what we do, but Helm extraordinarily simplifies the whole deployment process through Go templating.

CryptoKnight is a framework I recently released which follows the methodology described in my publication for synthesizing a scalable dataset of cryptographic primitives to feed a unique Convolutional Neural Network. In effect, this allows us to generate and model a substantial amount of data to quickly identify cryptographic algorithms (such as AES, RSA, RC4, or MD5) in reference binary executables. By safely learning this statistical representation, malware analysts can efficiently compare it against crypto-ransomware samples in a controlled environment.