I’ve worked at Laboratory of Security Engineering for Future Computing at Arizona State University. for about one year under Dr. Shoshitaishvili. Since joining the lab, I’ve had experience in a multitude of projects from car hacking, to Symbolic Binary Analysis. Listed here you will find some of my favorite and most recent projects.
No’a is a modified version of American Fuzzy Lop (AFL) software, which is regarded as the Internet’s best open source fuzzing system. No’a attempts to make AFL’s seemingly random attempts at crashing a program more accurate by loading and creating input with a Neural Network implemented with Keras. Essentially, No’a is NN attempt and Fuzzing to make hacking automated under machine learning. Github Link: https://github.com/mahaloz/Noa
Pihulu is a nice self contained fuzzer created from the bones up by analyzing jump calls in a binary conditional tree, then applying simple techniques talked about in the AFL whitepaper. This project was a big inspiration for No’a. Github Link: https://github.com/mahaloz/Pihulu
Considering the high rate of automation in binary analysis and exploitation, the question spawns: what methods do have to preventing automated hacking. The Cyber Grand Challenge (CGC) hosted by DARPA, proved that we are on the brink of automation, but an effective method to halting executors may be Adversarial code injects. This started as project for a class taught by Dr. Shoshitaishvili, but quickly turned into its own testing framework. Github Link: https://github.com/mahaloz/Filler
As an offshoot from Filler, I worked very closely with the Patcherex framework to attempt automated patching to binaries in a adversarial matter against frameworks such as Pihulu that attempt to analyze a binary symbolically. Github Link: https://github.com/angr/patcherex
In 2017 I joined the pwndevils hacking team to dive into security headfirst. Since 2017, I’ve competed in over 20 CTFs, and become the captain of the undergraduate team for pwndevils. I’ve also been invited into Shellphish, with which I play most CTF’s now-a-days. This year, I compete in a CTF every weekend, which lasts 48 hours on average.
DEFCON Assistant Organizer
In 2018 I was an assistant organizer for the Official DEFCON CTF hosted in Nevada. This was an amazing honor to work so closely with the Order of the Overflow. I assisted in structural organization, LAN server setup, and a few challenge testing editing for the event. I may or may not be assisting again in 2019, we’ll see..
In am one of the organizers for the yearly CTF, iCTF hosted by University California at Santa Barbra, and Arizona State University. For this CTF I work mostly under Dr. Doupe of ASU. Event Link: https://ictf2018.net/
When competing in international CTF’s every weekend, you get a win (top 10) every now and then.
Ranking Site: https://ctftime.org/stats/
Hackover CTF: 1st
Teaser Dragon CTF: 1st
Tokyo Westerners CTF: 10th
White-Hat Grand Prix: 3rd
Hitcon CTF: 2nd
The Noob-Pwnder-Kit is a github project where I attempt to teach newbs how to pwn binaries in a not-so-complex way. Github Link: https://github.com/mahaloz/Noob-Pwner-Kit
I love to write about what I'm hacking! You can find research/ctf blog at: https://mahaloz.github.io/