SmartGuard is a customised Slither plugin designed to detect fraud patterns within DeFi smart‑contract code. Built during my BEng dissertation, it analyses Solidity contracts, flagging unlimited minting, token‑name impersonation and unprotected critical functions – the most common vectors exploited in recent DeFi ransomware attacks.

Approach

The tool parses the abstract syntax tree (AST) produced by Slither, then applies a set of deterministic rules that capture known DeFi attack signatures. I extended Slither with three detector modules:

1. Unrestricted Minting – searches for mint functions that can be called by anyone and modify a token balance without checks.
2. Token‑Name Impersonation – checks for duplicate or similar symbol and name fields that could mislead users.
3. Unprotected Controls – flags state‑changing functions declared public or external that lack an onlyOwner modifier.

The analysis pipeline runs locally on a curated dataset of 17 public contracts gathered from Etherscan. I then benchmarked performance against a baseline model that simply counted visible mint functions, measuring precision, recall and the F1 score.

Results

On the 17‑contract dataset SmartGuard achieved: • 100 % precision, recall and F1 (25 true positives, 0 false positives) – the first tool in this category to reach perfect harmonic balance. • 25 true positives across the dataset, including three high‑severity vulnerabilities that had been overlooked by static analysis services. • 0 false positives, a critical metric for developer trust.

The tool’s findings were independently corroborated by BlockSec – STRATOS‑2024‑001, with two of twelve HIGH‑severity audit points aligning perfectly with SmartGuard alerts. The research was subsequently presented at SIGiST 2026 in London, where the paper was accepted for oral presentation.

Tools

• Python 3.10.11 – primary language for the tool.
• Slither 0.11.5 – base static‑analysis framework.
• Solidity 0.8.0 – contracts analysed.
• solc‑select ‑ managed compiler versions.

Repo

https://github.com/CodeEvent/SmartGuard

Brief

COMP10068 Secure Programming at UWS had two components: remediating five noncompliant C++17 programs against the SEI CERT C++ Coding Standard, and building a Hangman game in Rust. The module was graded A2, First-class band (80-89%).

C++ remediation

Each program contained a specific SEI CERT violation. The protected main() function could not be modified.

• DCL50-CPP: Replaced C-style variadic arguments with a variadic template, restoring compile-time type safety.
• STR50-CPP: Added explicit length validation before a string read to prevent a buffer over-read.
• MEM51-CPP: Wrapped raw new/delete in std::unique_ptr to ensure automatic cleanup via RAII.
• MSC51-CPP: Replaced a predictable seed with std::random_device for non-deterministic seeding.
• ERR55-CPP: Removed a false noexcept specification from a function that could throw.

Rust Hangman

Built a complete Hangman implementation from a Hello World template. Used HashSet for O(1) deduplication of guessed letters, leveraged Rust ownership semantics to avoid shared mutable state, and followed idiomatic patterns throughout. The word list was loaded from an external fruits.txt file that could not be edited.

Results

• Grade: A2, First-class band (80-89%)
• Five SEI CERT rules remediated without modifying any protected main() function
• Rust Hangman built from scratch

Tools

C++17, g++, Rust, Cargo, SEI CERT C++ Coding Standard, std::unique_ptr, std::random_device, HashSet.

Brief

COMP10014 Network Security at the University of the West of Scotland covered five core areas of network defence through hands-on lab exercises. Each lab built on the previous one, progressing from attack techniques through detection, tunnelling, encryption, and authentication. The module was graded A2, First-class band (80-89%).

Approach

ARP poisoning and MITM

Using Ettercap to execute ARP poisoning against a target on the local network segment, intercepting HTTP traffic via tcpdump. Detection was handled by Arpwatch, which generated flip-flop alerts when MAC-to-IP bindings changed unexpectedly.

Snort IDS deployment

Deployed Snort with custom rule sets to detect specific attack signatures. Configured traffic mirroring via iptables TEE to redirect copies of live traffic to the Snort sensor, transitioning the deployment from a host-based IDS to a network-based IDS.

GRE tunnelling

Configured Generic Routing Encapsulation tunnels using the Linux kernel and OpenVSwitch. Analysed Layer 2 and Layer 3 encapsulation behaviour in Wireshark.

OpenVPN PKI

Deployed a full OpenVPN Public Key Infrastructure using EasyRSA. This included Certificate Authority creation, server and client certificate signing, Diffie-Hellman parameter generation, and secure credential transfer via SCP.

FreeRADIUS AAA

Configured FreeRADIUS 3.0 as an Authentication, Authorisation, and Accounting server. Set up client devices, user authentication entries, Attribute Value Pairs for access policies, and validated the configuration using radclient test queries.

Results

• Grade: A2, First-class band (80-89%)
• Five distinct lab areas completed with full documentation

Tools

Ettercap, tcpdump, Arpwatch, Snort IDS, iptables, OpenVSwitch, Wireshark, OpenVPN 2.4, EasyRSA, FreeRADIUS 3.0.

Operation FishNet was a live‑forensic dig during the final semester of my degree. Two Windows machines seized in a cyber‑crime investigation needed a chain‑of‑custody compliant analysis that produced court‑ready evidence for an ACPO‑compliant report. My role was to extract, analyse and document every artifact while preserving evidence integrity.

Approach

The investigation workflow followed the ACPO‑2012 chain of custody checklist:

1. Acquisition – used FTK Imager 4.7.1 to capture both the physical E01 disk images and the live‑memory dumps (RAW).
2. Hash verification – calculated MD5 and SHA256 for each artefact, logged in a secure audit trail.
3. Analysis – employed Volatility 2.6 to enumerate processes (pslist), locate hidden malware (malfind), and network sockets (netscan). The DarkComet RAT was identified through its characteristic PID‑58 service and a distinct registry hive modification.
4. Evidence tabulation – each discoverable artefact was numbered, the provenance recorded in a PDF filing system, and duplicated onto secure storage.
5. Reporting – drafted the ACPO‑compliant report, aligning findings with the standard’s six pillars: chain of custody, provenance, authenticity, integrity and admissibility.

Results

The operation produced 50+ audit‑ready exhibits, including:

• DarkComet RAT – confirmed via hash and binary memory snapshot.
• Email evidence – verified through Thunderbird logs, matched to suspect communication.
• MD5 evidence – disallowed (genuine images) on Device 2 and recognised as legitimate on Device 1.

All findings were cross‑validated by the proprietary hyper‑visor forensic toolkit and presented in a court‑tolerant PDF suitable for the prosecutor’s office. The investigation itself was highlighted in the department’s annual best‑practice showcase.

Tools

• Autopsy 4.21.0 – forensic case management.
• FTK Imager 4.7.1 – evidence acquisition.
• Volatility 2.6 – memory live‑analysis.
• RegRipper 3.0 – registry history extraction.
• Registry Explorer – quick visualisation of suspect keys.

Repo

https://github.com/CodeEvent/Operation‑FishNet

I completed a structured two‑part OWASP pentest exercise using the official Mutillidae II, Juice Shop, and Security Shepherd labs. Part A assessed an intentionally insecure environment on Mutillidae II against the OWASP Top 10, while Part B targeted Juice Shop’s cloud‑native security features, exploiting its Two‑Factor Authentication via a SQL injection that accessed a TOTP secret.

Approach

Part A – Mutillidae II & Mutillidae II‑II

• Conducted a comprehensive vulnerability scan with Burp Suite Community 2025.2.4, mapping out broken access control, cryptographic weaknesses, and injection points.
• Leveraged the built‑in Mutillidae II user‑base to bypass authentication via SQL i, then moved laterally, capturing session cookies for takeover.

Part B – Juice Shop & Security Shepherd

• Utilised Burp Suite to locate a potential SQL i that might expose the TOTP key used for MFA. Following a successful exploit, I extracted the secret and seeded a 2FA bypass, achieving full control of a high‑privileged account.
• Conducted stored and reflected XSS testing through the Juice Shop comment outlets, confirming path‑controlled cookie theft.
• Employed CSS‑based NXDOMAIN image‑tag payloads within Security Shepherd to force a CSRF attack, confirming command‑execution via the built‑in “account deletion” endpoint.
• Integrated OSSEC HIDS (v3.7.0) to monitor file‑system changes resulting from exploitation, establishing a forensic trail.

Results

My final scores were:

• 45/50 on Mutillidae II – outstanding in access‑control and injection categories.
• 44/50 on Juice Shop – secured the majority of the high‑impact vulnerabilities, including a bypass of 2FA and XSS session hijacking.

The dissertation additionally documents an OSSEC deployment for continuous monitoring, illustrating the usefulness of real‑time alerts for threat hunting.

Tools

• Burp Suite Community 2025.2.4
• Kali Linux – full stegan‑analysis environment.
• OSSEC v3.7.0 – host‑based intrusion detection.
• Mutillidae II, Juice Shop, Security Shepherd – target frameworks.

Repo

https://github.com/CodeEvent/OWASP‑Pentest‑Suite

Brief

COMP08101 Programming for Cyber Security at the University of the West of Scotland focused on building practical security tools in Python. The module was graded A2, First-class band (80-89%).

Approach

HTTP brute force tool

Built a Python script to perform dictionary-based brute force attacks against HTTP authentication endpoints. The tool handled session management, response code parsing, and timing controls.

DNS enumeration pipeline

Developed a DNS enumeration pipeline that automated subdomain discovery through dictionary-based queries. The pipeline resolved DNS records, filtered live hosts, and produced structured output for further analysis.

Defensive scripting patterns

Covered input validation, safe handling of external data, error handling that avoids information leakage, and logging practices that support incident investigation.

Results

• Grade: A2, First-class band (80-89%)
• Working HTTP brute force and DNS enumeration tools

Tools

Python 3, requests, socket, dns.resolver, argparse.