Regarding OWASP Code Sprint 2017

42 views
Skip to first unread message

rnikhil...@gmail.com

unread,
May 28, 2017, 4:34:11 AM5/28/17
to OWASP ZSC
Hi,

I am Nikhil. R, a fourth year undergrad at Birla Institute of Technology and Science (BITS), Pilani, India[0]. I am interested in Computer Science(Information Security) and would like to hone my knowledge in this field by gaining some research experience. I would like to participate in OWASP Code Sprint 2017 and work on the OWASP ZSC project in particular. 


I am very passionate about knowing how things work technically and scientifically since childhood and I used to take apart my home computer to get to know how individual components work and are put together. The same attitude has led me to software development and I love delving into the source code of all the programs I use in my day to day life including the operating system if possible. This has made me well versed in Linux and it’s internals. I have also written a syscall tracer for Linux(something like strace) which gives me the list of all systems calls in a formatted fashion without the unnecessary complexity you see while using programs like strace.


During my work on the port knocking implementation as a kernel module, I had to go through the entire code base of the netfilter projects to find the necessary hooks I needed to capture the encrypted packets for auth. I also learned a lot about cryptographic systems and its implementations while implementing my own authorization system for opening ports in the remote server. When extending PintOS, I started deeply appreciating the complexity inside an operating system while implementing my own virtual memory, page tables and OS level semaphores. I learnt how to debug large interconnected codebase, solve obscure race conditions etc. I hope I learn more about operating systems and it’s inner working during the internship. I have dabbled with Mixminion during my early years in college and even tried contributing a patch to it. Though it didn’t get accepted upstream this got me started in anonymous protocols. I have also been operating a tor node for around two years now.


While working on my Google Summer of Code[1] project with LabLua[2]. I integrated Elasticsearch(ES) with a web framework with a focus on modular design for implementing/integrating ES indexes into Sailor[3] as it’s own internal models. This introduced me to the beauty of open source community and I continue being an active member even now by working on the plugin system to integrate various third party plugins into the same framework. I am also participating in this year version of GSoc working on a HTTPS module. 


I am comfortable using programming languages such as C, Python, Lua, databases like MySQL, Redis, MongoDB, web frameworks like Django, Slim, Flask and even tools like OllyDbg and Nmap. For a more complete list of my skills you can go through my resume here[5].


Kindly revert back if you require any sort of additional information on my behalf.

Looking forth to a positive response.


Regards, 

Nikhil. R


[0]http://www.bits-pilani.ac.in/Pilani/index.aspx

[1]https://summerofcode.withgoogle.com/ 

[2]http://www.lua.inf.puc-rio.br/ 

[3]http://sailorproject.org/ 

[5]https://rnikhil275.github.io/projects/ 

rnikhil...@gmail.com

unread,
May 28, 2017, 4:38:01 AM5/28/17
to OWASP ZSC
I have a few questions regarding the entire process and would like to know more about the deliverables of the project before going ahead and writing a proposal. What are the modules that we are looking to add to the project ?  I have access to a macOS machine and I can probably work on writing shellcodes for the same. What kind of obfuscation modules are we looking to build ? 

Are Brian Beaudry & Patrik Patel still the mentors for the code sprint ? 

Ali Razmjoo

unread,
May 28, 2017, 7:22:10 AM5/28/17
to rnikhil...@gmail.com, OWASP ZSC
Hello Nikhil,

Please take a look at developer's document https://ali-razmjoo.gitbooks.io/owasp-zsc/content/English/developers.html
and also we had an old table which is not updated about features. http://zsc.z3r0d4y.com/table.html
we have osx x86 now (and also linux x86, windows x86), I think it's best to work on osx x64


--
You received this message because you are subscribed to the Google Groups "OWASP ZSC" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.
To post to this group, send email to owas...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/c0045b40-6178-4ab8-bfab-1e126e788258%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Ali Razmjoo

unread,
May 28, 2017, 7:31:04 AM5/28/17
to rnikhil...@gmail.com, OWASP ZSC
Please be noticed about OWASP Code Sprint 2017, BTW passionate developers are always welcomed.


Deadlines
Program announcement: April 3, 2017
Deadline for Student Applications: April 17, 2017
Proposal Evaluations: from: April 18 thru April 24 2017
Successful proposals announcement:: April 25, 2017
Coding Period Starts: April 28, 2017
Mid-term evaluations: Submitted from May 22 thru May 26 2017
Coding period ends: June 19, 2017
Final evaluations:June 26, 2017



rnikhil...@gmail.com

unread,
May 28, 2017, 10:05:00 AM5/28/17
to OWASP ZSC
Hi Mr. Ali Razmjoo, 

Regarding the deadlines you just posted, they are different on the OWASP code sprint 2017 website which says that the deadline for student proposals is on June 15th 2017. These are the dates as mentioned on the website:

Program announcement: May 15, 2017

Deadline for Student Applications: June 15, 2017

Proposal Evaluations: from: June 15 thru June 23 2017

Successful proposals announcement:: June 26, 2017

Bonding Period Announcement: June 26, 2017 - July 1, 2017

Coding Period Starts: July 3, 2017

Mid-term evaluations: Submitted from :July 31, 2017 thru August 4, 2017

Coding Period Re-starts: August 7, 2017

Coding period ends: September 1, 2017

Final evaluations:September 4, 2017 thru September 8, 2017


Even the edit history of the Code Sprint 2017  page seems in accordance with these deadlines.  Maybe your deadlines are the updated ones or they are wrong ? Either way, this only affects the pace of the work I would be doing. Code sprint or not, I intend to get involved with the project. 


I had already gone through that documentation and my local dev environment is also set up. I tested a few shellcodes on both macOS and linux (inside a vagrant env) too. 


I can work on 64bit macOS/linux shellcodes, try to mimic the modules already offered. This can be main focus of the project working on writing an opcoder and a few related modules. The doc here is quite comprehensive and I really like the depth of the explanation. 

The interactive shell I played with also seems to be buggy on both linux and macOS. I couldn't exit the interface from a few places, couldn't go "back" from a few places and got stuck, tab completion not working for some instances etc. Fixing a few things there can also be added to the deliverables of the project. 

Are you any new encoding that are planned to be added ? 

Finally, I can work on the main documentation and try to make it better and correct mistakes which I noticed when I perused through it. 


Since the duration of the code sprint is only 8 weeks, after thorough discussion I can draw up a proposal with more details and a timeline for implementation. 


Regards,

Nikhil. R

To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+...@googlegroups.com.

To post to this group, send email to owas...@googlegroups.com.

Ali Razmjoo

unread,
May 29, 2017, 9:35:34 AM5/29/17
to rnikhil...@gmail.com, OWASP ZSC
Hello,

You are right, Maybe I had old information, to be sure, I will ask my friend from OWASP and let you know.
BTW you can apply/register if there is any form.


To unsubscribe from this group and stop receiving emails from it, send an email to owasp-zsc+unsubscribe@googlegroups.com.

To post to this group, send email to owas...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/owasp-zsc/8b795b11-3eb5-4603-8638-1ac34928092f%40googlegroups.com.

rnikhil...@gmail.com

unread,
May 29, 2017, 9:44:23 AM5/29/17
to OWASP ZSC
Sure. Is there any format for the proposal that should be followed ? I would like to discuss further on what type of shellcodes, obfuscation modules to include and relevant details. Once I get the format, I shall share a google doc where you can comment and we can collaboratively work on the document. 
Also, Who are the official mentors for the project ? 

Nikhil R

unread,
Jun 11, 2017, 3:30:04 AM6/11/17
to OWASP ZSC
Hi,

Based on the discussion, I used the format used for OWASP GSoc for making the proposal. I submitted the proposal in this web form as an address to the Google Doc which I already shared with you guys. Please let me know if there any other steps involved in the registration process for the code sprint.

Regards,
Nikhil. R
Reply all
Reply to author
Forward
0 new messages