(Selected) Academic Projects

I am unable to share the repositories for these assignments and projects due to Northeastern University's policies. However, I will provide descriptions of notable assignments and projects.

Network Security

Skills: Python, Linux (iptables), Nmap, Zmap, OpenVAS, cryptography.

VULNERABILITY SCANNING AND EXPLOITATION

  • Conducted network scanning using OpenVAS, discovering Sambacry, Heartbleed, Shellshock, along with 11 other CVEs.
  • Exploited a critical Shellshock vulnerability on a server to perform remote code execution on a webpage.
  • Simulated credential theft through Heartbleed memory leaks to gain unauthorized access.

FIREWALL RULES

  • Configured stateful IPv4/IPv6 firewall policies using iptables, implementing NAT, packet forwarding, and explicit ACCEPT/DROP policies under a default-deny model.
  • Validated network segmentation using Nmap and wget.

Systems Security

Skills: Burp Suite, Python, C, Metasploit, Ghidra, Linux, GDB, cryptography.

MEMORY CORRUPTION EXPLOITATION

  • Exploited a network socket buffer vulnerability, spawning a privileged shell via a ROP and return-to-libc chain.
  • Bypassed ASLR, NX, and Stack Canaries by leveraging static memory analysis in Ghidra and strategic address brute-forcing.

BUFFER OVERFLOW EXPLOITATION

  • Exploited stack-based buffer overflow on 2 distinct binaries to perform arbitrary code execution via a NOP sled.
  • Engineering custom shellcode using Metasploit to spawn a privileged shell.
  • Conducted static address analysis and memory offset calculations using GDB.

WEB APP SIDE CHANNEL ATTACKS

  • Executed a Resource Exhaustion DoS by identifying and abusing a catastrophic backtracking regex vulnerability.
  • Utilized algorithmic complexity side channel attack to leak a password and successfully steal the credentials of another user.

WEB APP DENIAL-OF-SERVICE ATTACKS

  • Engineered HTTP smuggling attacks using Burp Suite to exploit header discrepancies between front-end proxies and back-end servers.
  • Successfully performed a HTTP Method Override Cache Poisoned DoS by forcing the proxy server to cache an origin server error, making the site inaccessible.

LINUX BINARY ATTACKS

  • Exploited anti-patterns and insecure code (manipulating environment variables, abusing race conditions, command injection, etc) to performed arbitrary code execution across 5 Linux programs.

Network Fundamentals

Skills: Python, network protocols (TCP/IP, UDP, HTTP(S), BGP, DNS, TLS/SSL), socket programming.

CONTENT DELIVERY NETWORK

  • Designed and programmed DNS and replica HTTP cloud servers for a content delivery network. 
  • Reduced latency and optimized response times by integrating disk and memory caching and IP geolocation.

WEB CRAWLER

  • Developed a web crawler capable of traversing and indexing tens of thousands of pages.
  • Implemented secure communication through HTTPS by wrapping a TCP socket in TLS.

VIRTUAL BGP ROUTER

  • Engineered a functional BGP router capable of managing routing data, including path propagation and route announcements.
  • Developed a Forwarding Information Base with route aggregation and compression.

FTP CLIENT

  • Developed an FTP client from the socket level that supports: directory listing, making directories, file deletion, directory deletion, copying files to and from the FTP server, and moving files to and from the FTP server.

Computer Systems

Skills: Linux, x86 Assembly, C, Bash, FUSE, Git, multithreading.

UNIX FILE SYSTEM

  • A FUSE filesystem driver that can mount a disk image as a filesystem.

UNIX SHELL

  • Collaboratively developed a functional Unix shell that uses a tokenizer to parse CLI inputs from the user.
  • Implemented redirection, sequencing, piping, and grouping expressions along with several built-in commands.

Object-Oriented Design

Skills: Java (Swing, JUnit), OOP, SOLID.

STOCK PORTFOLIO APP

  • Architected a Java application using the Model-View-Controller pattern for independent testing.
  • Implemented OOP and SOLID best practices to create scalable and modular code.
  • Developed and designed a user-friendly GUI using Java Swing.
  • Verified behavior for every interaction with 635 JUnit tests.