Difference between revisions of "Main Page"

From Teach The Net
Jump to: navigation, search
 
Line 5: Line 5:
 
== Current Projects ==
 
== Current Projects ==
  
=== (Present) HackThe.Company ===
+
=== HackThe.Company ===
* [https://hackthe.company HackThe.Company], open internet capture-the-flag challenges based on real life hacks that occurred
+
 
 +
The [https://hackthe.company current version] available online is an open internet, capture-the-flag set of challenges based on real life hacks that occurred, kind of similar to HackThisSite but with realistic scenarios. I won't be speaking to what the eventual project will be just yet, it's still very much a work in progress.
  
 
== Portfolio ==
 
== Portfolio ==

Latest revision as of 15:32, 4 January 2020

Welcome to Sean Kooyman's Wiki. See below for my projects, researches, portfolio, etc.

For job opportunities, message me at <any email address>@teachthe.net

Current Projects

HackThe.Company

The current version available online is an open internet, capture-the-flag set of challenges based on real life hacks that occurred, kind of similar to HackThisSite but with realistic scenarios. I won't be speaking to what the eventual project will be just yet, it's still very much a work in progress.

Portfolio

(2014-Present) TopOPPS [Job]

TopOPPS is a Sales Forecasting and Pipeline Management software solution, aimed to be a layer on top of a traditional CRM system (it integrates with Salesforce, NetSuite, Microsoft Dynamics, and Zoho). Its interfaces include a web application, a mobile web app (wrapped with Cordova to be in the App Store and Google Play), a Gmail Chrome Extension, an Outlook Add-in, and iframes/widgets in the various CRMs.

  • [Team of 5] The full web application was written in Python, utilizing the Django web framework, with a Postgres database (using both normal SQL tables, and also using it like a nosql database for unstructured custom field data which varied per client). We wrote business analytics software similar to Tableau, but serving a specific niche. We also wrote various forecasting algorithms, largely based on statistical history.
  • [Team of 2] We wrote the mobile application with basic features of the full web application. We wrote it as a web app so it did not require a special skillset, and the same devs maintaining the full web app could maintain the mobile app. The Cordova wrapper around the web app pretty much did not have to be updated for 5 years.
  • [Team of 2] We wrote a Chrome Extension to insert our widgets in Gmail and Google Calendar, using the InboxSDK javascript library. We also wrote an Outlook Add-in for Outlook Email/Calendar. Both used the same backend api within our app, supported interacting with live sales data embedded within your emails so you can rapidly update your CRM and see contextually relevant information, and included a custom email tracking and attachment tracking mechanism.

I led the dev team that built the product as a whole over several years and many, many iterations. I acted as a senior dev and a product manager. We had three backend devs, two frontend devs, and a dozen interns over the years. It's still ongoing.

(2017) TeachCraft.Net [Project]

I taught a class to 6th graders over the summer on learning to code, using Minecraft as the tool and Python as the language. It was an absolute blast. One of the core ideas was that it was easy to use Python with Minecraft in a solo environment using MCPI, but where the kids got really excited was using Python in a multiplayer Minecraft server. That required some hacking to setup, but the outcome was worth it.

To allow others to do the same thing, I made the website TeachCraft.net with everything I learned. It ran for a couple of years as a Minecraft hosting service (basically reselling OVH servers, configured and setup for these special minecraft that support python interactions and multiplayer). Over time I killed that part as it was more trouble to maintain that it was worth, and just left all the information (including lesson plans, code links, etc).

One of the main headaches that prevented this from catching was the upfront cost for classes using this, where every student had to purchase a Minecraft license. I intend on rewriting it using one of the free, open source Minecraft clones (maybe Minetest) at some point in the future, and adding more of a multiplayer combat vibe to it.

(2017) E-Reveal [Project]

Working with a couple Sales and Marketing companies, I learned how they discovered emails of prospects and realized it could be codified and improved upon. Moreover, it was important to me to make it so it worked really well for targetted, individual prospects, but could not work for mass spam.

And thus E-Reveal was born.

The idea was simple:

  • You install a chrome extension, and open up a LinkedIn profile you wish to contact.
  • The extension would extract the person's name from the page, as well as the company name that the target worked for.
  • The company name was converted to a domain name via Clearbit's free autocomplete api.
  • Several possible email addresses are created via permutations of the target's name, followed by their company domain (e.g. [email protected])
  • These email permutations are checked against several services to see if any are valid emails...
  • We detect if any are valid Google Apps for Business email addresses via this enumeration method.
  • We check DNS records with a reverse DNS lookup to detect if any domains have been registered with an email
  • We check Github's unauthenticated api for any commits made by an email
  • We check HaveIBeenPwned to see if an email has been dumped in any hacks
  • Any valid emails found are then inserted into the LinkedIn profile page you are viewing.
  • Importantly, all these checks are done straight from your browser, with the results immediately displayed on the LinkedIn profile (and never stored anywhere). This bypasses rate-limiting, as each individual user doing this is using their own browser/ip to perform these checks.

The service ran for a couple years, had around 50k users, then I shut it down when I got a cease and desist letter from LinkedIn. The source code is still available, though.

(2015) PeerApps [Project]

I hopped into the Cryptocurrency craze to build one app I had an idea for. I chose the Peercoin blockchain, a fork of the Bitcoin blockchain that used proof of stake instead of proof of work. The project I made was named "Peerapps".

Using op_return transactions (essentially null transactions that allow you to embed about 80 bytes of information), I build a database layer on top of the blockchain that used key/value lookups. The key would be on peercoin transactions, which then pointed to values stored using parasitic storage on things like tinyurl or pastebin.

The underlying idea was allowing the construction of websites where the UI was distributed in things like chrome extensions or downloaded (e.g. Electron) apps, and the global database was powered by a layer on top of the blockchain so it could not be removed.

As a proof of concept, I built a simple market place for the buying/selling/trading of online gaming currencies (e.g. I'll trade you X currency of Game 1 for Y currency of Game 2), using Peercoin as the currency in the middle.

It all worked, but in truth could not get adoption. Centralized competitors like d2jsp hold all the marketshare and were 'good enough', so there was no need for a bullet-proof version of their service. I ceased development after building a PoC and being unable to generate any interest.

(2013) eGood [Job]

eGood was a loyalty rewards iPad / website system that gave a portion of each purchase made in participating stores to a charity of the store's choice, in addition to providing customer tracking (and loyalty rewards to the customers). Its interface was a mobile app, an iPad kiosk in each store, and a website.

  • [Team of 5] Rewrote app from custom PHP code to CakePHP framework
  • [Team of 2] Wrote a new 'fundraiser' feature to their core app, re-purposing their donation scheme to work for popular fundraisers that many eating places support for local sports teams / etc.
  • [Solo] Wrote a prototype iPad POS system from scratch, utilizing Cordova (then called Phonegap) to make a 'native' web application that could control the hardware peripherals with javascript (a receipt printer, a cash drawer, and a credit card swiper)
  • [Solo] Built and certified a credit card processing flow with Worldpay
  • [Solo] Wrote a pivot of the app to make it function in eCommerce for FoxyCart and Shopify webstores.

When I joined eGood, it was a few years old and struggling. I worked there for a year, assisted the existing dev team, and worked solo with one of the founders on a few high risk / high reward pivots. Unfortunately the founder I was working with got forced out, which cancelled my pivot projects, and I left shortly thereafter. The company died about a year later.

(2011-2012) Retail Management Solutions Automation [Job]

Retail Management Solutions Automation (RMSA) was a forecasting solution that aided retail stores in knowing exactly how much inventory to stock on its shelves, every month of the year, to maximize sales and minimize rotting merchandise (out of fashion clothes, having surplus swimware in the winter, etc).

  • [Solo] Reverse engineered a 40 year old planning/forecast system written in Cobol, and rewrote it in Python.
  • [Solo] Improved the forecasting system, accounting for one-time events within the forecasting algorithm, adding arbitrary levels of hierarchy, and building additional integrations to point-of-sale systems for data inputs to the algorithms.
  • [Team of 2] Replaced the printed copies of the results of the planning algorithm with a dynamic, filterable web application using the Django web framework, with Postgres and MongoDB databases.

RMSA ran the new software for several years, then successfully was bought by a larger company. The larger company may still be running the same software I wrote, though it's possible they rewrote part or all of it - I simply do not know.

(2011) Clipbox [Project]

I worked solo and wrote a simple, cross-platform Python application. wxPython was used to build the UI, and py2app and py2exe were used to build the binaries. The application added a shortcut (cmd+shift+c) that was a special 'copy' command. When pressed, it would execute a normal 'copy' command, but then upload the contents of your clipboard to a webserver and replace the contents of your clipboard with a url you could share with anyone - and at that url, they would download the previous contents of your clipboard. It was intended to be a simple shortcut to rapidly share files, images, etc.

After a bunch of usage, I realized the main killer feature was sharing screenshots - so I simplified it for just that use-case. You press a shortcut key, it automatically takes a screenshot and uploads it to the cloud and inserts the url in your clipboard, which you then share with someone. This was super successful, and every dev team I was on for the next several years had universal usage of this, though I never advertised it beyond that (so it was only used by myself and colleagues).

Eventually numerous competitors popped up that did the same thing, and then people transitioned to Slack where you could embed screenshots, and its usage ceased.

(2010) Noah Transportation [Job]

Noah Transportation was a company that hired a fleet of drivers (independent contractors) to transport utility vehicles (primarily bucket trucks) across the country for clients such as PG&E, Southern California Edison, and Global Rental.

  • [Solo] Created a custom PHP web app which tracked the orders, drivers, locations, etc (essentially all the logistics aspect of the company)
  • [Solo] Wrote an invoice system in the PHP web app and integrated it to Quickbooks
  • [Solo] Made integrations within the PHP web app to both fax and email services to facilitate driver/customer communication
  • [Solo] Put together a slick digital whiteboard system, cloning Noah's office whiteboard use-cases, that allowed them to support working from home/remote.

The company remained using the app for 10 years until 2020, then shut down due to a change in California's laws regarding independent contractors (which affected their drivers).

(2010) QuickFTP [Project]

Working on a team of 3, we published an iPhone application that allowed FTP/SFTP access to edit code files / etc on the fly, from your phone. It did this via a native iPhone UI, which just connected to an api I built in PHP that allowed for FTP/SFTP commands to be executed. It earned around $3k in sales.

Competitions

(2017) Whenhub Hackathon (3rd place, $500)

  • I stumbled upon this hackathon, and had a simple idea I could knock out in an hour or so (utilizing Python/Django) of mimicking the 'deploy to Heroku' button on Github repos, but building it for the Whenhub service instead. Working solo, I submitted it, and came back a few days later to find it had netted me 3rd place and $500.

(2015) Globalhack 5 (2nd place, $15k)

  • I worked with a team of friends, and we just knocked it out of the park. We built a web, phone call, and sms solution (utilizing Python, Django, and Twilio) to navigate the STL municipal court system. We were super proud of our solution - it earned us second place, along with a $15k cash prize.

(2015) Pethack (1st place, $10k)

  • I worked solo and utilized Ionic Creator to rapidly create a web based mobile app, with ability to use the phone's camera (via Cordova apis) to scan barcodes on pet food items and recommend the best foods for your pet. In the end, I got first place and received the $10k prize.

(2015) Globalhack 4 (1st place, $30k)

  • I brought an 11 year old friend I was teaching to program to the competition, and teamed up with some colleagues from my work. We were a team of five, but only had two professional developers (including myself). We wrote a new type of ad for the competition that utilized a digital hangman game, embedded in 3rd party websites as a contextually relevant advertising widget. We nabbed first place and won $30k of prize money.

(2014) Globalhack 2 (1st place, $50k)

  • I joined a random team of people who came to the event without a team. On our team of six, we had only two developers (including myself), and one guy who knew some html/css. We wrote a simple Python/Django application, using the Natural Language Toolkit to parse news articles and build an ontology, which we then displayed in a d3.js graph. We pushed forward to first place and won $50k of prize money.

(2014) OGSYSTEMS’ VIPER LABS - V1P3RTH0N CTF (2nd place, ~$100)

  • In this CTF, I came in and completed all the web application hacking exercises, then left the competition (I didn't have interest in working on the other challenges, such as reversing binary files). I was surprised to find an email a few days later asking for my address as I came in second place with the challenges I'd completed and won around $100 worth of gear.

(2014) Globalhack 1 (Unofficial 2nd place, $10k)

  • The task was to look at attributes of won/lost sales opportunities and build up a forecasting model that, when fed a current/open sales opportunity, could determine it's likelihood of being won/lost. In a team of two, we wrote this rapidly in Python, and threw up a basic user interface served up with the Bottle web framework.
  • While my team technically didn't win, the event organizer was interested enough in the learning algorithm we wrote that they offered $10k to buy the source code off my team of two - we accepted.

(2012) Symantec's Cyber Readiness Challenge - CTF (4th place, ~$400)

  • The competition was all about breaking into various web servers and then pivoting, leveraging the access you gained to dig deeper.
  • In overall points, I came in fourth. However, I won $200 for being the first person to find a flag, then a Parrot AR Drone worth around $200 for being the first/only one to penetrate to level 3.

(2010) US Cyber Challenge, Cyber Quests CTF (1st place, $0)

  • I tied for first place in the online CTF competition, which made me eligible to go to their summer camp
  • At the summer camp, my team of two won first place in the CTF competition, no prize money, just bragging rights. In the competition I found a way to upload a php shell by bypassing certain protections on a file upload form.

Education

(2008-2011) BS Computer Science: California State University, San Bernardino

(2011) GIAC Web Application Penetration Tester (GWAPT) certification

Research

Older Stuff