Jacobs Ladder

This project is a favorite of mine, and the one shown here was built for the “laboratory of the Scientists from Krypton that saved Superman from the exploding planet room thingy” of a past event.

The Jacob’s Ladder is a pair of vertical (or in extreme cases, horizontal) electrodes that are parallel to each other and connected to a source of High Voltage. The air between the bottom of the electrodes has a Dielectric Breakdown due to the high voltage potential and creates an Electrical Arc.

Read More

Nixie Millivolt Meter Clock

(another from the project archives)

I have been interested in the quirky sides of electronics for as long as I can remember, but I don’t know how Nixies evaded my eye for so long. Only during my first semester of college did I come across them. Such an awesome looking display, the 3D look to it and the glow of a tube-like device. Like many before me, I instantly decided that I needed to make a clock.

Read More

Calcium Carbide Cannon

I built a PVC cannon fueled by Acetylene gas back in high school (this is part of my old project archives migrating here). The gas was generated by Calcium Carbide. This cannon originally had electronic ignition but after several fires the igniter decided to “remove” itself from the cannon. This cannon also has an expansion chamber to get a better fuel/air ratio for larger amounts of fuel.

This is primarily a SALUTE cannon, not a launcher. While it can launch things, I made it to make a very loud noise for things like 4th of July or special occasions.

Read More

DEFCON for N00bs (v0.1)

The first revision of DEFCON for Noobs is up. Still very rough, early draft, and missing many things. However, I figured a living document is better and would do better with feedback.

Check it out


Red Team Entry Pack

Over the years I have acquired many tools and tricks used to gain entry to a target office. At DEFCON 23 I got a lot of questions regarding my custom pack, and the gear inside.

While I cannot share every detail (that would give away too many trade secrets), I have dissected the general pack here for your perusal.

Read More

Home Depot Key Code Randomization Failure


I found a massive Key Space Reduction Attack on locks sold by Home Depot. The flaw lies in their procurement process, rather than the locks themselves, and enables an adversary to reduce the possible key codes for locks based on the time of shipment, identified by the approximate time of install. For commercial settings where building permits indicate construction time lines, this can give a significant advantage to an attacker in that he may use an actual key and not leave a trace. The flaw is caused by the Home Depot’s processes, not their lock vendors who have urged them not to refuse randomization.

Read More

Google Dork Password for Nuclear Regulatory Commission


I found a spreadsheet containing a nuclear materials database credential on Google. The technique used was very simple, but I have to wonder why such a document misplacement was overlooked. Maybe people are afraid to tell them they just stumbled upon a nuclear system fearing they might get disappeared. Well, I decided to contact them and hilarity ensued. The database was relatively benign, but the saga went on for a little longer than it should. This also resulted in my first interview for a major publication, The Guardian.

Read More

Carry On Leaking: When Corporate Security Goes Really, Really Wrong

I had a nice time being interviewed by The Guardian regarding my disclosure of a password leaked from the Nuclear Regulatory Commission. While the NRC insists that this is a non-issue (and in the case of this protected system was the case), it exposes a deeper and more fundamental problem regarding how  systems are secured in the first place. First, the fact that this one file and nothing else in that directory was visible indicates Discretionary access controls rather than Role-based or mandatory. Furthermore, it shows that this type of problem can lie unsolved for years and affect more systems than people realize.

The Guardian: Carry On Leaking: When Corporate Security Goes Really, Really Wrong



The convention was fairly productive and wildly entertaining for me this year for a multitude of reasons. First, I did not go to a single talk. Instead, I decided to go the video and slide route so I could focus on the villages, interacting with others (who knew socializing could be fun), and getting into trouble. I acquired various tools, talked with several interesting people, helped empty a significant amount of alcohol from the various bars, and may have had my share of wireless mayhem in the 2.4 GHz spectrum.

More details and photos to come as I lazily update everything.