about me
i'm otter, and i specialize in cybersecurity and fullstack programming
i began in the 7th grade (12yo) with cybersecurity after being inspired by NetworkChuck and some online friends who were majoring in cybersecurity, and it's been a slippery slope since then 🙃
i have multiple programming languages under my belt; python, lua, golang, C++, bash, javascript/nodejs
being in cybersecurity also means you have to learn stuff like server routing, OSI layers, (K)ASLR, memory management, cryptography, buffer overflows, protocols, fuzzing, NOP sleds, etc. so those are also under my belt aswell
P.S. a lot of my projects are cybersecurity related, but i don't post all of them :)
projects
pwnhyve
DIY flipper zero
a little offensive appliance that mimics some features from the flipper zero and more, under ~$50
- WiFi hacking - deauth attacks, AP scanning, KARMA attacks, captive portal, evil twin
- BLE hacking - using the bettercap suite, you can search for devices and write GATT characteristics
- USB emulation - KBM emulator for DuckyScript, aswell as mass storage to exfiltrate files
- Hak5's keystroke reflection - exfiltrate files by bit-banging CapsLock, ScrollLock, and NumLock
- RF hacking - replay attacks using a CC1101, aswell as FM radio hijacking
- GPIO playground - 2 channel 1.5mhz logic analyzer, compatible with sigrok, also a breadboard companion to test LEDs, servos, buzzers, distance sensors, etc.
GitHub page
qt-kunai
cheap, DIY DuckyUSB alternative
a badusb with a 0.96 inch OLED screen, supporting multiple payloads and mouse control, using a trinkey QT2040 (~$14 USD)
not much here...
technically could double as a FIDO key, since it's an RP2040
GitHub page
catwalk-c2
multi-function command and control center
CnC that supports dumb/TTY shells, plugins, remote file browsing and downloading, FW/IPS evasion, custom communication protocols, and more
- have multiple people control the same client at once
- make your own custom protocol/encryption or web-controlled plugins
- create stages using Jinja2 to run commands on a client with a couple of clicks
- remotely view a client's files, traverse their file system and download files to the C2
- view clients' information at a glance; PC hostname, whoami, MAC address
GitHub page
azamuku
multi-client, HTTP based reverse shell
azamuku is a reverse shell inspired by t3l3machus' hoaxshell that bypasses windows defender, AMSI, and even malwarebytes (as of 11/11/23).
its also expected to bypass firewalls that are meant to block hoaxshell's beaconing and post requests, even if that same firewall manually inspected each HTTP(S) packet
its also meant to trick sysadmins that are manually inspecting traffic, due to the alternating endpoints and commands being wrapped in normal HTML pages
GitHub page
argos
argos
an experimental and unreleased-to-the-public police detector that uses machine learning, computer vision,
and external plate searching APIs to look and log police cars on the road, logging
them on SABRE / highway radar, so you can go fast :)
-
cameras all over the car - rear, rear left & right, front left & right
-
uses RPi4 as brain, RPi02W for cameras and computer vision
-
connects to Uniden BLE scanners