Introduction

Hello, World! My name is Justin Carter, and I am a dedicated and skilled Cybersecurity professional with experience in Information Security Architecture, Network Engineering, Application Penetration Testing, and large-scale Project and Risk Management.

In my professional career, I am constantly seeking to leverage my expertise in translating business objectives into robust security processes and technologies and am committed to aligning Information Security strategy with business goals and implementing best practices to safeguard critical assets.

In my personal life, I devote my time to multiple passion projects such as restoring old knives, performing in depth analysis and reverse-enginnering efforts on legacy systems and software, and creating and performing music of multiple genres.

Work

Below are a list of projects and professional works that I have contributed to and worked on over the years.

The Legend of Zelda: Twilight Princess Randomizer

The Twilight Princess Randomizer (abbreviated as TPR) is a modification to the popular 2006 Nintendo game: The Legend of Zelda: Twilight Princess. This mod seeks to breathe new life into the game by modifying where items can be found in the game while also featuring a variety of settings that allow the player to customize their adventure and choose how they wish to re-experience the world of Hyrule.
Website    Repository

The Legend of Zelda: Phantom Hourglass Randomizer

The Phantom Hourglass Randomizer (abbreviated as PHR) is a modification to the popular 2007 Nintendo game: The Legend of Zelda: Phantom Hourglass. This is a work in progress mod that seeks to modify the game in a similar fashion to other Zelda Randomizers by treading open waters (no pun intended) and learning more about the architecture of the Nintendo DS game console to bring this project to life.
Repository

Eternal Synergy Exploit

For the capstone project for my degree, I collaborated with a classmate to discover, develop, and patch a real-world vulnerability that existed in Windows 10 at the time that utilized a previously existing vulnerability. You can find a detailed explanation of the exploit and my journey from discovery to remediation here.

Eternal Synergy

Abstract: On April 14th, 2017, a hacker organization known as the "Shadow Brokers" released a data dump that contained large amounts of information regarding various topics that were supposedly sourced by the United States Government. Within this plethora of information was a group of exploits that were later alleged to have been created by the National Security Agency. This data leak, code-named "Lost In Translation" introduced a large number of exploits into the common world and has been the forefront of some of the biggest attacks that the world has seen (These include the WannaCry and EternalBlue exploits). This got me thinking: "What if someone were to try to expand on these exploits and make them their own?" and thus, EternalSynergy$v2 was born

Where To Start?
I had been looking into creating my own exploit for some time. It always seems like a staple for those in Cybersecurity to design and implement an exploit or countermeasure. For the sake of being able to demo the exploit for a college course project, I wanted to start with an existing exploit and work from there. Since I am more proficient with Windows-based operating systems than Mac or Linux, it seemed like the logical idea to take a look into the original EternalSynergy exploit and try to implement some characteristics that were seen in the EternalBlue exploit as well as some of my own ideas.

EternalBlue and EternalSynergy for Non-IT people:
Before we get too deep into this, I should probably explain what EternalBlue and EternalSynergy are and why they are so important.
EternalBlue is an exploit that causes a Computer running a vulnerable version of Windows to crash, causing a Blue Screen of Death (That's where the 'blue' from EternalBlue comes from.). The catch is that when the computer reboots, and the user logs in, the hacker uses the user's credentials to gain access to the system remotely. Using this exploit, a hacker can access and edit system files and depending on the user, gain administrative privilages on the victim system.

EternalSynergy is an exploit that runs on the same lines as EternalBlue, except there are some key differences. The first of these being that EternalSynergy can run on Windows 10. Another difference is that the hacker must provide some kind of credential to the system, or must be on the same network as the victim. This limits some of the dangers of EternalSynergy but it can still be very powerful if used properly. It cannot force the Blue Screen of Death due to Windows 10 load balancing and even if it did, the attacker would not be able to maintain the connection after a boot due to Windows' cache wiping on boot. This made the credential stealing harder.
Road-Mapping the Exploit:

I wanted to keep the Windows 10 availability of EternalSynergy, but also wanted to try to include the credential buffer (a buffer in this situation is an event that causes interruption to the user, allowing the hacker to sneak in) and legacy support (meaning that the exploit will work on Windows 10 and any windows system older than it) that came with EternalBlue. To do this, some research was needed to see how to provide a buffer to a Windows 10 system that could also keep the system alive. After some time, I learned that if probed properly, Windows 10 would logging out the user if the network becomes too stimulated by a specific type of traffic. This would be perfect if the target was always on an Active Directory on a corporate network, but I wanted this exploit to be more universal, so I kept looking. When looking deeper, I found that code could be ran to cause a user to re-authenticate if the system detects an intrusion via the network. This could be easy to trigger with a corrupted SMB node.

Completing the Code:
At this point, we have the base code we want to run, know what we want it to do, and how we want it to do it. The only thing left is to write the code. The writing of the code took about 4 weeks as I had other class projects.

How the Code Works: In Technical Terms
When a SMB message arrives on a Windows machine, it gets sorted into a number of categories. The first stage of this exploit is to send a specially crafted packet to take up time on the message system sorting algorithm by attempting to cause a buffer overflow. While it is occupied with the primary packet, a second message is sent that is crafted to exploit the confusion that the buffer overflow creates. Once the data leak has been compromised, the exploit can happen as this now allows for a remote arbitrary read and write primitive. This can be shortened to be known as a “Corrupt and Write”.

Summary
When it was all said and done, the exploit was reported to Microsoft and was patched in a Windows security update. This version of the exploit that was developed is still being used in a controlled environment for educational purposes and research.

Skills

Over the course of my career, I have developed a number of skills and have earned several certifications to demonstrate my understanding of various subjects.

Education:
  • Bachelor's of Science in Management Information Systems - Information Assurance with a Minor in Business Administration
  • Associate's of Science in Computer Science
Professional Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+
Technical Skills:
  • Compitent in the following programming languages:
    • C
    • C++
    • C#
    • Java
    • Javascript
    • PowerPC Assembly
    • ARM7 and ARM9 Assembly
    • HTML
    • CSS
    • ASP.NET
    • Go
    • Visual Basic

Contact

Feel free to reach out about what ever you need!