Josh Schiavone

Software Developer, Cyber Security Engineer, Consultant.

LinkedIn GitHub

Biography

Thanks for visiting - I'm an offsensive cyber security researcher and software developer from Toronto, Canada. This is my personal page that wraps up all of my major research projects, open source tools and publications. I have many years of experience in the cyber security industry and have worked with many different organizations and companies. I have a passion for software development, cyber security, mathematics and technology in general.


Projects


Espionage

A Network Packet and Traffic Interceptor For Linux. Spoof ARP & Wiretap A Network.

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so, all data sent by the target gets redirected through the attacker (MiTM). Espionage supports IPv4, TCP/UDP, ICMP, and HTTP.

View Project

Pantheon

Insecure Camera Parsing and Intelligence

Pantheon is a GUI application that allows users to display information regarding network cameras in various countries as well as a live-feed for non-protected cameras.

View Project Official Download (Windows) Official Download (MacOS)

K55

Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads.

The K55 payload injection tool is used for injecting x86_64 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace(). The shellcode spawned in the target process is 27 bytes and it executes /bin/sh (spawns a bash shell) within the target's address space.

View Project

Darkdump

Search The Deep Web Straight From Your Terminal.

Darkdump is a simple script written in Python3.11 in which it allows users to enter a search term (query) in the command line and darkdump will pull all the deep web sites relating to that query.

View Project

rrgen

A Header Only C++ Library for Storing Safe, Randomly Generated Data Into Modern Containers

This library was developed to combat insecure methods of storing random data into modern C++ containers. For example, old and clunky PRNGs. Thus, rrgen uses STL's distribution engines in order to efficiently and safely store a random number distribution into a given C++ container.

View Project

ThreadBoat

Program Uses Thread Execution Hijacking To Inject Native Shell-code Into a Standard Win32 Application.

I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software penetration testing. With Thread hijacking, it allows the hijacker.exe program to susepend a thread within the target.exe program allowing us to write shellcode to that target thread, and later be executed (via; WriteProcessMemory(), SetThreadContext(), ResumeThread(), CreateThread()).

View Project

ring3-kit

Hides Process From Task Manager Using NT API Hooking (NtQuerySystemInformation).

- Hook the API function NtQuerySystemInformation() with our own function that hides a process from task manager.
- Hooked function gets called instead.
- The DLL is injected into Taskmgr.exe so there is a virtual memory space available to execute our hooked code.

View Project

RouletteMM

Computational Statistics for American Roulette Betting Analysis.

RouletteMM is a computational engine designed for analyzing the game of roulette. This application utilizes the law of large numbers to provide visual insights into your expected winning percentage as you increase the number of spins. Additionally, RouletteMM calculates the payout and expected value for each simulation, allowing you to gain a deeper understanding of your betting strategies.

View Project

Publications and Articles


Programmatically Combatting Pseudorandom Number Generators With Uniform Integer Distributions: A Modern C++ Approach

Abstract: Pseudorandom Number Generators come as a great assistance to programmers. Although, they come with a great deal of security flaws as they do not truly generate a “random” sequence of numbers. The C++ Standard Template Library provides a solution to this problem as programmers can now implement more secure seed-able random number generators to provide a proper integer distribution of non-deterministic random values, to better support their programming practices.

View Publication

An Introduction To i386 Boot Loader Programming

Abstract: It seems like right when you turn on your PC, magic happens. It’s almost like regular users believe anything below high-level software programs is almost impossible to comprehend. However, that’s not the case and I believe it’s crucial for a programmer to understand the levels of computing from the hardware all the way up to everyday programs.

View Publication

Intercepting Network Traffic With The Espionage Packet Sniffer

Abstract: The practice of packet sniffing has been around since the late 1980s. It has been used widely throughout the cybersecurity community and it serves many purposes. First, I think we should cover what it really is. According to paessler.com, it is defined as the practice of gathering, collecting, and logging some or all packets that pass through a computer network, regardless of how the packet is addressed.

View Publication

Copyright (c) 2024 Joshua Alexander Schiavone