I like to make things that break things if that makes sense so my dream job would be researching and making exploits ,tools,security tools,malwares for red teams for use in pentests etc . But i am ok with any job that lets my inner researcher out . So anyway here are the things I made
A 3d game : I was working with an Indie game startup . They are making a 3d game . I worked with them for like 8 months . Here is the first level . I left the company cause they were getting lazy . This level is made by me . I did everything here from modelling the objects to making shaders . I used unity
Face-R : If you own a newer Samsung phone you might now that they have an app called Secure folder . So Face-R does the exact same thing but instead of a pattern it requires your face . The facial recognition algorithm is bit custom .It uses common recognition techniques with a method that i developed along with an SVM classifier . It has an accuracy of 92 % . It works with poor light conditions as i made an algorithm to increase the light while processing the image . It is built with electron js . Here is the app
Enlighten : Its an algorithm that makes low light photos more visible . Here is a demo
Project Something : Its a big project . My dream is to make an AI like JARVIS and achieve that level of automation . Well lets say i started getting results . I started to modify linux and some softwares like sudo . Every linux I run has a facial recognition powered sudo . Next step is to make a somewhat “OK” AI and integrate it natively with linux . Here is a demo
Malware Research : I once worked as a freelance malware analyst . I got that job due to luck and i did a damm good job . I analysed one malware a day for 30 days . I also tried learning about malwares by making them . No i never used my malwares on anyone . I wrote malwares in assembly,C etc . Infact i mostly write about malwares on my blog here . I wrote about some techniques that i think is cool
My experience as a hacker
- Hackthebox :I used to be very active here and rooted around 20 boxes in three months . Then i moved on to something else
- Defcon RedTeam CTF: Me and my team scored 40th rank here. I did the malware analysis challanges . Not too bad but not good either
3. Bug Bounty : Lets address the elephant in the room . If you are not hunting bugs on bugcrowd or H1 and posting your bounties some companies wont think that you can hack . So i tried to do the same . I never got any rewards . All of them were duplicates . I found bugs in takeaway,lime,linkedin . All of them are android apps . The Linkedin bug was not a duplicate . I just did not get any payment . I wrote about it on my blog . I recently found an Arbitary Code Execution bug somewhere . I am trying to figure out more about it . I will surely write a blog about it
4. Android App pentesting : I pentested and found bugs in two android apps . More on that here .https://ciph3r.medium.com/how-i-could-have-downloaded-data-of-11000-people-2f047c7107df
5.Hacking Discord :I found this bug a while ago . This bug requires initial access . Its great for post exploitation . Discord keeps a sqlite database called installer.db . The database has sha256 hashes of
every file that discord uses but it turns out that the integrity of some files are never checked allowing an attacker to modify some js files that discord uses . This attack needs certain amount of access .An attacker that has a shell or some sort of access will be able to modify the files . The attacker can modify the js files to download and execute a malware every time the user starts discord . Since discord runs on boot by default the user does not even have to start discord giving the attacker persistence . It can give an attacker persistence without using any common methods like modifying registry or messing with the startup folders . Access is required . This bug if exploited correctly will prove to be a very important tool for post exploitation . More on that here . https://ciph3r.medium.com/hacking-discord-to-get-code-execution-87b190398f29
4: Freelancer : I developed security tools,backend APIS for companies etc for companies . I used node js ,python,C etc . I also worked as a android app pentester twice . I tested two apps . Found some interesting bugs . Its on my blog if you want to check out you can
