Ideas

Project ideas that I may never get to for a variety of reasons. But, I still consider cool nonetheless.

Tabletop Exercises, Briefs, & Documentation

The bread and butter of our bureaucracy environment, in my opinion. Constantly conducting exercises of differing circumstances, and reacting to real world technological advancements and security concerns. I just wanted to put this here so I never forget. I think the ability to develop these Tabletop exercises is important because I consider it out-of-the-box as it doesn't have to relate to an ongoing situation, which is the best part. The ability to react and understand developments and ongoings in the world, and how they relate to our environment is important. I think this is a great way to develop skills and knowledge in a controlled environment.

Basic Steam (Game) Digital Rights Management (DRM)

"Mutation Engine" for Polymorhpic Virus Software

The Engine would be dependent on the language which you are using, or making an abstraction system to create a common system with the various characteristics which exist in all languages. The reason I bring up an abstract system is because languages have varying keywords, but the concepts are the same. For example, a variable in C# and Java are the same, but declared differently. This could be further expanded upon by rewriting the code in a different language, or even a different paradigm (i.e., functional vs. object-oriented). The idea is to create a system that can take a set of rules and mutate the code to create a new version of the code. The idea is to create a system that can take a set of rules and mutate the code to create a new version of the code. This would be used to create polymorphic virus software that can change its code to avoid detection by antivirus software. The rules could be based on the syntax of the language, or they could be based on the semantics of the language.

(1) List of keywords
(2) List of functions, type, and name
(3) List of variables, type, and name
(4) List of classes, type, and name
(...) Absolutely so many things you could track and mutate.

The basic premise could be this. Detetct all function names, maintain an array of all unique function names to then just be replaced. Do the same with variables of all types. For each variable, could it be implemented in a different way (i.e., boolean for 1,0 int). For each if/else logic could it be replaced with a switch. So on, and so fourth the idea is clear. The idea is controlled drastic destruction and reconstruction: think of the show Destroy-Build-Destory on Cartoon Network.

Basic Web Crawler/Scraper

Because why not? I'm not too keen on this because I haven't had a direct use case, but obviously it could prove useful to have. I consider it like this:
A web crawler is a program that automatically traverses the web, following links and indexing content. A web scraper is a program that extracts data from web pages. The idea is to create a basic web crawler/scraper that can be used to extract data from websites.

While this idea could start with data extraction, web-based vulnerabilities could also be assessed as it is just any other bot reaching out to a web server. One of the important things to note in regards to Web Crawlers is the robots.txt file considerations and if disregarded ways to circumvent detection and blocking.

DLL Injection

The idea is to create a program that can inject a DLL into another process. This could be used for various purposes, such as debugging, reverse engineering, or even malware development.

Kernel-Driver Development: Manipulation of Executable Memory in Real-time

This has been really postponed as Microsoft announced Windows would attempt to move away from kernel drives and public access to the WinAPI, by exploring ways to limit direct access to the Windows kernel for software such as security vendors and anti-cheat systems. But, now that I'm thinking about it, they own all these game studios with kernel-level anti-cheat software, and yet they still have yet to do anything.

Game Bots

zzzzzzzzzzzzzz............................
GUI Based Macros (visual detection), DLL injection, Debugger (not really practical), client replacement, manipulation of exposed APIs

Local Security

Most likely would be Windows first, but monitoring and detection of abnormal changes, implementing behavior-based controls.