things i had a hand in, often team efforts

security:

  • 2021 aug: ran the CTF again, $10k budget, >60 challenges, >20 authors. 34.6/35 rating.
    • worked with 7 people to design and develop a challenge adversarially attacking an ML image classifier, full details here.

  • 2021 jul: helped an incoming student get into the LLVM research group @ UIUC

  • 2021 may: found a telegram bug and taught an undergraduate how to write a PoC and report it for €300. (tweet)

  • 2021 apr: researched chrome extension security. tweet with slides, toy extension

  • 2020 jul: (one member of a team that) ran a very well-received undergraduate CTF featuring a custom operating system, coherent theme, low-downtime infrastructure, machine learning and wasm challenge, pyyaml 0day, ctfd 173?day, $7,000 budget, featuring writeup prizes, crashing our server (either failed hard drive or broken hypervisor config), and more …

  • 2019 august - 2020 jan: connected Purdue and UIUC security clubs via a dance game club mutual friends to inform them of an 0-day discovered by a sigpwny freshman in their software. worked with them to jokingly “hack” them as part of beginning-of-year advertisement of sigpwny to new UIUC students (video).
    • they proceeded to secretly solve every challenge on our internal CTF over the course of a month, then drove over to UIUC to “do a collab meeting” bait-and-switch and revealed to us that they had (in good faith) “hacked” into our internal infrastructure and were now in first place.
    • now we’re good friends and work together often.

  • 2019 nov: negotiated a contract to teach security trainings in south america, which would’ve required leaving a 100 day build-your-own study abroad in japan on a two-week notice.

  • 2019 apr: gave a talk on building a high-performing undergraduate security team that performed research, played CTF qualifying for national finals, taught weekly meetings, and focused on including newcomers. received $10,000 in my final year af university to buy and install a hypervisor server in a datacenter, and take 10 students to their first information security conference.

  • 2017 aug: did academic research on consumer routers, finding 30+ CVE-worthy vulnerabilties before going to DEFCON for the first time and getting “scooped” by researchers from a private firm that had started the same project six months before us.

  • 2017 jun: gave a talk on student privacy at my university, and a security hole that enabled anyone on campus to download records for current students including campus/home address, phone number, major, and year of entry to the university. thoroughly read FERPA privacy law and caused policy changes across campus IT departments to reduce access to this database.

dance games

  • chiefly responsible for the successful operation of three dance game national tournaments, overseeing the 10-year anniversary event and passing the torch after. tournament saw attendees from singapore, the UK, russia, and across the USA. invited attendee/friend who traveled 4000mi / 6500km in order to get a visa on a three month timescale in order to come to the tournament. oversaw logistics of a 50-person organizational team and 130 total attendees. developed software and hardware to solve tournament needs and increase the efficiency of the event.
    • youtube channel containing event videos has ~2,000,000 views / 4,000 subscribers

  • went to the UK with a group of ~10 friends to participate in a tournament featuring custom visual gimmick content. met a friend from who works for google in london. later worked with this friend to do visa logistics for aforementioned 6500km trip.

  • went from ITG 8s (beginner) to ITG 13s (upper level of most players) in my first year of playing.

  • developed virtual reality ddr prototype “VR-DDR” in three days at a Purdue hackathon. befriended the Purdue ddr club by walking in to their meeting and showing off. they promptly came to the UIUC tournaments and beat me every time after.

  • accidentally destroyed a laptop while attempting to solve a 10-year-old bug in stepmania.