It's been quite a while since I posted something to the blog. Sometimes life gets a bit to hectic and writing posts gets sent to the back-burner, nevertheless this was a full year, filled with ups, downs, and turn-around. Let's check out some positive highlights:
- Finally graduated with my Masters Degree in Computer Science! My thesis consisted on implementing a Post-Quantum Lattice-Based Authenticated Key Exchange (AKE) based on the works of Del Pino, Lyubashevsky, Pointcheval (2017). This was by far one of the biggest challenges I've undertaken in recent memory. I jumped in head-first to my Masters Degree just to prove to myself I could do it, soon enough I'd realized I was in completely uncharted territories. I spent days and nights catching up and furthering my understanding of Post-Quantum Cryptography. There were plenty of false-starts and lots of hurdles, but I managed to finish my thesis. Heck, I even finished it a month and a half before the expected deadlines.
- Developed a tool called EagleEye as part of the Mobile Computing class in UCSB. The program is intended to help non-technical users troubleshoot their wireless networks. This was a project I had shelved for quite some time, as I had always wanted to mess around with Scapy and do some Python Networking. If you are interested in reading a bit more in-depth definitely check out the post I did about it.
- As I delved deeper into all the fancy Post-Quantum Crypto goodness, I started looking into SuperSingular Isogenies as a possible area of study for my Thesis. Although I ultimately did not choose to go this route, I did end up writing an exploratory paper on them, "Introduction to Supersingular Isogenies" for my Elliptic Curve Cryptography class at UCSB. It's supposed to serve as an easy and concise introduction to the subject. It does require some previous knowledge into Super Singular
- As part of an Advanced Neural Network class in UCSB, I learned how to code using TensorFlow to build my own Neural Network Models. My main research paper for this class focused in attempting to merge LSTM and CNN models. I found some interesting results when building these models. I Have yet to write a post on this or release the paper in Academia, but you can view the code over at Github.
- I was invited to the Cyber Physical Education Workshop in ParisTech. This was the first time this conference was being held. It essentially focused on Cyber-Physical systems such as Cars, SCADA devices, and IoT devices. As a side note, the trip was an opportunity to visit some good friends in Paris and have some fun experiences 🙂
- After Paris, I went immediately to DEFCON 2017. This year was a bit of a different experience. For one, I was extremely burnt out and only stayed for two of the three days, but this time I dedicated my time to things I believed would be more useful for me as opposed to trying to see everything. I spent a lot of time on the IoT/SCADA village, and saw a couple of talks dedicated to programs/techniques I would probably end up using later during pen-tests.
- Became a full-time employee at Novacoast's Attack Team. Honestly, probably one of the coolest highlights of this year. We are a team of security professionals that do everything from pen-testing just about anything (infrastructure, web apps, mobile apps, IoT products, firmware, wireless setups, ...) , security code reviews, DDoS testing, and so much more. Honestly, from a purely personal view, this is an extremely fun group to work with because of the breadth of projects we undertake, the sheer talent that everyone on the team has, and their willingness to share. The past year and a half working with them has taught me so much on Computer Sec, it's ridiculous (in a great way!).
- Helped build the Internal Novacoast CTF challenges; This was my first time getting involved with any CTF and I realized how fun these can be. I have the intention to join a few more CTFs as both challenge builder and player.
- I recently discovered Udemy and have already finished a couple of interesting courses on pentesting IoT, Advanced Wireshark, and Exploit Development. While I'm not going to claim that these are super in-depth (as actual classes) I definitely recommend them to anyone interested as a soft introduction, after that I'd have to read and research most of these subjects on my own. But, hey, since they are so cheap, I just like to imagine I'm sitting at a coffee shop with someone who knows a ton and inviting them to a coffee in exchange for 3h-6h of light intro.
- Won 1st place at the SB OWASP CTF! Also snagged the "most creative hack" award by doing a little social engineering and some creative hacking outside the box.
2017 has been an intense year filled with transitions and opening doors. Let's see what new things come with 2018...