Harrison Mitchell - Adversary Simulation Specialist

All Tools Blog Posts Whitepapers

PurpleOps

Free open-source web app for planning, executing and reporting Purple Team engagements

Munging OpenStreetMap Data

(Google|Apple) Maps let you easily search for places, but any complex queries and correlations were out of the question, until I met Overpass Turbo + OpenStreetMap

Chromium Full Disk Read / Write Vulnerability

Providing websites direct access to the filesystem bypasses many browser sandbox and trust boundaries, surely it's implemented securely... right...?

Taking the DNS for a Walk; NSEC3 Prevalence and Recoverability

How effective is NSEC3 in reducing information disclosure?

Zone Dumping via DNSSEC

Using a "security feature" of DNSSEC signed zones to replicate traditional AXFR DNS zone transferring thanks to NSEC and NSEC3 walking

In Defence of Service NSW's Digital Licence

How controls both physical and digital cannot stop spoofed licences, only training can; and trust in the digital age

The Quite Ok Image Format

My investigation into, and implementation of QOI - a nifty little lossless image codec comparable to PNG in size, but superior in speed

Spoofing @GOV.AU Emails

How an identified email misconfiguration allowed spoofing of emails from a federal Australian Government department

Australian Business Email (In)security

What percentage of Australian businesses are protected from easily-executed email spoofing attacks that cost firms over $81 million annually? Let's investigate...

Archy

A hierarchical wiki software themed around Windows 95. Edit and renders raw markdown, but provides quality of life features such as pasting images inline

Clipboards Have Multiple Personalties

Clipboards are more than a text buffer, they're almost full databases. Why not peel back the layers of the clipboard in this post?

Banish www.

Website with "www." are needlessly making a big mistake

Alphabetize Video

Take a video, and put it in alphabetical order; be it a Taylor Swift song, or the entire Star Wars franchise

Obscure Tube

Makes a montage consisting of 1.5s clips from youtube based on the provided topic. However, the videos are only included if they were released within the last 24 hours and have less than 50 views...

Bucket Sift

Generates metadata about public S3 bucket files without needing S3 command line tools or credentials. Useful for bug bounties!

Flawed Facebook Passwords

How it came to be that Facebook chose to make your password 94x weaker than it need be. Also has a recipe for hash browns four ways!

Face Averaging

The how and why generating the average face of a nation's population is harder than it sounds

Faster Lectures

Using a conglomerate of cutting edge technology, trim down the length of time university lectures take to digest. Reach improvments of anywhere between 10-15x

Link Manipulation Phishing

Tricks browsers and users to get them to click on a misleading link. Even the cautious aren't protected...

USB: Ubiquity, Mice, Toasters

The fundamentals of the USB interface, and the support for toasters

Why Bluetooth needs Adderall

How bouncing around like crazy makes your audio cleaner

Digitize Printed Photos

Do you have photos that you only have printed and not saved in digital form? This tool helps digitize your physical library into a digital one to preserve your memories forever

Encryption

The basis of the internet and why it's no excuse to check your banking information on a public network, even if it's salty

Cryptocurrencies

The future of currency, contracts and trust, or at least as it's viewed from 2019

str(img)

Converts an image into a line of text that, when opened looks like a corrupted file, unless you know how to decode it

Visible Hidden Messages

Encodes messages in plain sight. Store secret data in messages that you send to friends

Top 10 Baby Names

Shows the shifting leaderboard of the ten most popular baby names in NSW by year from the 1950s-

Extract Lecture Slides

Turns a recorded lecture into a PDF with slides shown in the video. Useful for when lecture slides aren't released alongside the video

Monte Carlo Pi

Estimates pi based off calculating the difference between random raindrops landing on a square and circle with an equal diameter

Traffic Camera Timelapse

Create a timelapse of all NSW traffic cameras provided from the RMS with views ranging from Pacific Highway to the Sydney Harbour Bridge, an easy way too see Sydney's real-time congestion at a glance

Speed Camera Geocoding

Plots all NSW speed cameras on a map by deobfuscating English descriptions of speed camera locations

Daily Sydney Temperature

A graphical representation of every single recorded daily temperature of Sydney since 1860

Video Object Recognition

Using YOLO9000, classify objects in a video for use with computers that aren't compatible with CUDA by processing individual frames rather than a single video file

Sydney Traffic

Displays the state of Sydney's traffic with a grid of public NSW traffic CCTV cameras

Sydney At A Glance

See every public transport vehicle in NSW moving live around a map with real time information on occupancy, traffic, whether the service caters for the disabled, what the next stop is etc...

Framed Movies

Get the average colour of every frame in a video and create a lovely colour timeline