Computer Security Research
Some examples of my previous
research and reports
DISSERTATION - Secure Deletion of Data on Android Devices (PDF)
ACADEMIC PAPER - Secure Deletion of Data on Android Devices (PDF)
This project is an investigation into how secure deletion has been previously implemented on different storage media, and how this knowledge can be applied to mobile devices to allow a standard user to delete sensitive files from their device. This includes ensuring that a standard user who does not "root" their Android device can use the end product.
Exploit Exploration - Developing A Return Oriented Programming Exploit (PDF)
In this paper, the type of memory corruption exploit known as "Return Oriented Programming" (ROP) was investigated. In the process of investigation the different methods of executing a ROP exploit successfully were discovered. Also discussed were possible countermeasures to ROP exploits, such as DEP, ASLR, and compiler stack protection/stack guard facilities. Then in order to provide a full understanding of how a ROP exploit is developed, an exploit was developedusing the SetProcessDEPPolicy() method of ROP exploitation for the program "My MP3 player 3.02". This was shown in detail, step by step. After this was complete, suggestions were made as to how users, companies, and third party developers may be able to protect themselves and their users from ROP exploitation.
Exploit Exploration - Developing Exploits for Steinberg My MP3 Player 3.02 (PDF)
In this whitepaper, the vulnerable application "My MP3 Player 3.02" was investigated in order to illustrate how buffer overflow vulnerabilities work, and in doing so, demonstrate the method by which buffer overflow exploits are written. This was carried out on windows XP SP3, both without any kind of buffer overflow protection and also with the protection of "Data Execution Prevention" (DEP) turned on. This included regular buffer overflowing, explaining how the stack is constructed in memory, and then how DEP works and how it can be avoided using the "return to libc" attack method. Once the exploits had been constructed, a short discussion on how the developed exploit could be changed in order to avoid intrusion detection systems (IDSs) was carried out.
Dummy Web Application Hacking With Hack.me (PDF)
is a site which hosts multiple deliberately vulnerable web application, and is relatively newly created. This paper explores the web applications which are already hosted there, finding vulnerabilities in them and explaining how they work.
Reversing Assembly To Reconstruct Source Code (document)
Reversing Assembly To Reconstruct Source Code (poster)
In order to recognise higher-level programming constructs in assembly code, examples programs were written, compiled, decompiled, and analysed. Then a program was analysed like a reverse engineer, with no access to the source code. An attempt to reconstruct the source code was made, and the conclusion discusses what information was lost in the compilation process. Also covers the basis of how compilers work.
Dummy Company Penetration Test Report (document)
In order to practise penetration testing as if done for a real company, an example company network was set up. This report details the penetration testing results for this network.
Reverse Engineering & Anti-Debugging Methods (document)
Reverse Engineering & Anti-Debugging Methods (poster)
A report which was written to document research into the field of reverse engineering. This was written as an introduction to the basics of the field as a whole, and covers program memory structure, Ollydbg, and basic examples of reverse engineering and anti-debug protection.
Some examples of my
Abertay Ethical Hacking Society Website
After writing the first version of the website from scratch in php, and designing all the logos for the ethical hacking society at the University Of Abertay. the Website has now changed, but the basis of the logo is still the same as of 2015 (5 years)
Pr3fatum Ignis Blog
I wrote the site and its CMS from scratch in php, and occasionally use it as a personal blog.
'; echo '
'; echo '