some quick scribbles, maybe refine later

things i had a hand in, usually team efforts


  • 2020 jul: (one member of a team that) ran a very well-received undergraduate CTF featuring a custom operating system, coherent theme, low-downtime infrastructure, machine learning and wasm challenge, pyyaml 0day, ctfd 173?day, $7,000 budget, featuring writeup prizes, crashing our server (either failed hard drive or broken hypervisor config), and more …

  • 2019 august - 2020 jan: connected Purdue and UIUC security clubs via a dance game club mutual friends to inform them of a 0-day discovered by a sigpwny freshman in their software. worked with them to jokingly “hack” them as part of beginning-of-year advertisement of sigpwny to new UIUC students (video).
    • they proceeded to secretly solve every challenge on our internal CTF over the course of a month, then drove over to UIUC to “do a collab meeting” bait-and-switch and revealed to us that they had (in good faith) “hacked” into our internal infrastructure and were now in first place.
    • now we’re good friends and work together often.
  • 2019 nov: negotiated a contract that ultimately fell through to teach security trainings in south america, which would’ve required leaving a 100 day build-your-own study abroad in japan on a two-week notice.

  • 2019 apr: gave a talk on building a high-functioning undergraduate security team that performed research, played CTF qualifying for national finals, taught weekly meetings, and focused on including newcomers. received $10,000 in my final year af university to buy and install a hypervisor server in a datacenter, and take 10 students to their first information security conference.

  • 2017 aug: performed research in an academic network measurement grop on consumer routers, finding 30+ CVE-worthy vulnerabilties before going to DEFCON for the first time and getting “scooped” by researchers from a private firm (they had started the same research six months before us).

  • 2017 jun: gave a talk on student privacy at my university, and a security hole that enabled anyone on campus to download records for current students including campus/home address, phone number, major, and year of entry to the university. thoroughly read FERPA privacy law and caused policy changes across campus IT departments to reduce access to this database.

dance games

  • chiefly responsible for the successful operation of three dance game national tournaments, overseeing the 10-year anniversary event and passing the torch after. tournament saw attendees from singapore, the UK, and across the USA. invited attendee/friend from russia who traveled from moscow to vladivostok in order to get a visa on a three month timescale in order to come to the tournament. oversaw logistics of a 50-person organizational team and 130 total attendees. developed software and hardware to solve tournament needs and increase the efficiency of the event.

  • went to the UK with a group of ~10 friends to participate in a tournament featuring custom visual gimmick content. met a friend from tyumen (basically siberia) who works for google in london. later worked with this friend to invite aforementioned friend from moscow.

  • went from ITG 8s (beginner) to ITG 13s (upper level of most players) in my first year of playing.

  • developed virtual reality ddr prototype “VR-DDR” in three days at a Purdue hackathon. befriended the Purdue ddr club by walking in to their meeting and showing off. they promptly came to the UIUC tournaments and beat me every time after.

  • accidentally destroyed a laptop while attempting to solve a 10-year-old bug in stepmania.