Book

Vulnerabilities

qdPM 8.3 - view

Information Disclosure - CVE-2015-3881
Full Path Disclosure - CVE-2015-3882
Multiple Reflected & Persistant XSS - CVE-2015-3883
Arbitrary File upload - CVE-2015-3884

getSimpleCMS 3.3.4 - view

Sensitive Information Disclosure - CVE-2014-8722
Full Path Disclosure - CVE-2014-8723

Wonder CMS 2014 - view

Password Disclosure - CVE-2014-8701
Full Path Disclosure - CVE-2014-8702
Cross Site Scripting - CVE-2014-8703
Local File Include - CVE-2014-8704
Remote File Include - CVE-2014-8705

Pluck CMS 4.7.2 - view

Multiple Full Path Disclosure - CVE-2014-8706
Persistant XSS - CVE-2014-8707
PHP Code Execution - CVE-2014-8708

SimpleInvoices 2011.1 - view

Information Disclosure
Multiple XSS
SQL Injection
Cross Site Request Forgery

Invoice plane 1.4.6 - view

Username Enumeration
Directory Listing
Multiple XSS
PHP Object Injection

Android app insecure storage

App defender - Plaintext passwords - view
   Installs: 500,000 - 1,000,000
Gallery lock - Plaintext passwords - view
   Installs: 10,000,000 - 50,000,000
Handy diary - Unsalted MD5 - view
   Installs: 5,000,000 - 10,000,000
Safe gallery free - Unsalted MD5 - view
   Installs: 10,000,000 - 50,000,000
Secret notes - Plaintext passwords - view
   Installs: 50,000 - 100,000
Smart app lock - Plaintext passwords - view
   Installs: 10,000,000 - 50,000,000

Jobberbase 2.0 - view

Path Disclosure
Open Redirect
Multiple Reflected & Persistent XSS
Unrestricted File Upload
Race Condition
SQL Injection

Insecure File Permissions Priv Esc

Minecraft Launcher - view

Unquoted Service Path Priv Esc

Waves Audio Service - view
Fitbit Connect Service - view
Leap Motion Service - view
Wacom Tablet Service - view
Foxit Reader Update Service - view

Android App - Mirage Realms MMO
screenshot, whitepaper

Insecure Storage
Unencrypted Communications
Lack of Binary Protection

Hardware

Challenge Coin 01

After attending Defcon 26 I got really hooked with the electronic badge challenge (I didn't get very far) and it was a great way of meeting and chatting to other people also excited about it and hacking in general. People there were trading trinkets and electronics there was a sense of community and gifting economy. I also received a DC801 challenge coin, and still think it's an awesome thing. So I decided to give it a go my self. It's just a little coin with a puzzle / challenge on it, but has my URL and email on it so can use as a kind of business card type thing. Really it's just a fun trinket. If you have one: good luck solving it. The best way to get one is to meet me IRL.

The following people have solved it:

Bits and Electrons - https://www.youtube.com/channel/UCmZeF_rcjrJRnfmXUDALbmw

Development

Android App

Click for larger view Download: FridaLab.apk
An app to learn or practice using the reverse engineering program "Frida" against.

Fitbit App

Link: Fitbit App
A small metronome app for fitbit versa.

Website & Android App

Link: Website
Link: Play Store
A game to improve fitness, only move if required steps per day achieved.

Android App

Link: Hero2.0
Create an android app to enhance fighting fantasy books
Technologies: Java, Photoshop, Android Studio

Website

Click for larger view Link: Regis Holistic
Create a website to help a local business promote themselves
Technologies: HTML5, CSS3, PHP, MySQL, HTML5 Boilerplate, Photoshop, jQuery

Website

Click for larger view Link: CSTutoringCenter
A website to publish the my solutions for the website cstutoringcenter.com
Technologies: HTML5, CSS3, PHP, HTML5 Boilerplate, Photoshop

Challenges

project euler Link: Project Euler
A website to publish the my solutions for the website projecteuler.net
Technologies: HTML5, CSS3, PHP, HTML5 Boilerplate

Website

Click for larger view Link: Arions Photography
Website for a local photographer
Technologies: HTML5, CSS3, PHP, MySQL, jQuery, Photoshop

Redesign

Click for larger view Link: SecurityCast
Re-design a website for a security radio station
Technologies: HTML5, CSS3, skeleton

Website

Click for larger view Link: Untold Kismet
Website for a minecraft community
Technologies: HTML5, CSS3, PHP, MySQL, JavaScript (jQuery), image manipulation, JSON

Template

Click for larger view Demo: RossTemplate06
A free website template, just for kicks
Technologies: HTML5, CSS3, Notepad, Photoshop, Boilerplate, Skeleton
Downloads: ZIP, RAR

Website

Click for larger view Link: Adrenalin
Re-design and develop a website to expand a local companies business
Technologies: HTML5, CSS3, PHP, MySQL, HTML5 Boilerplate, Photoshop, For more info read their humans.txt file

Website

Click for larger view Link: CheckAttacks
Create a website to act as an IDS for clients websites
Technologies: HTML5, CSS3, PHP, MySQL, HTML5 Boilerplate, Photoshop, For more info read their humans.txt file

Website

Click for larger view Create a website for a guild of the online game "Anarchy Online" including various bespoke PHP applications
Technologies: XHTML, CSS, PHP, JavaScript, image manipulation, Notepad, Photoshop, Nvu

Template

Click for larger view Demo: RossTemplate04
A free website template, designed to look like a filmstrip
Technologies: HTML5, CSS3, Notepad, Photoshop
Downloads: ZIP, RAR

Template

Click for larger view Demo: RossTemplate03
A free website template
Technologies: XHTML, CSS, Notepad, Photoshop
Downloads: ZIP, RAR

Template

Click for larger view Demo: RossTemplate02
A free website template
Technologies: XHTML, CSS, JavaScript, Notepad, Photoshop, Dreamweaver
Downloads: ZIP, RAR

Template

Click for larger view Demo: RossTemplate01
A free website template
Technologies: XHTML, CSS, Notepad, Photoshop
Downloads: ZIP, RAR

PHP script

Click for larger view Link: Bot
Code a basic IRC bot. as a challenge & for fun. To be easily expandable with easy to understand code.
Technologies: PHP, Notepad

Website

Click for larger view Create a basic website for a developing business to reach potential clients
Technologies: HTML, CSS, PHP, image manipulation

Website

Click for larger view Link: UKMessy
Re-design a website for a gaming community
Technologies: HTML5, CSS3, PHP, MySQL, ClanSphere CMS, Photoshop

Website

Click for larger view A website I coded for a team project. unfortunatly the team has since disbanded and the site is no-longer online.
Technologies: HTML, CSS, PHP, JavaScript, image manipulation.

Website

Click for larger view Link: BRYC.co.uk
Remake a website from a previous design, modify, update and maintain
(no longer my responsibility)
Technologies: XHTML, CSS, PHP, JavaScript, image manipulation

PHP script

Click for larger view Link: HBH timed
PHP Program to complete timed challenges 1 - 5 on the website www.hellboundhackers.org
Technologies: PHP, Notepad

Perl script

Click for larger view Created a perl script to make obtaining WEP protected passwords as simple as possible using the aircrack-ng suite of tools.
Technologies: Perl, Gedit, Ubuntu

PHP script

Click for larger view Link: Light Bulb Challenge
PHP Programming challenge about toggeling lights.
Technologies: PHP, Notepad

Website

Click for larger view Create a online store for a company to expand and reach potential clients in other countries - Used ZenCart
Technologies: XHTML, CSS, PHP, MySQL, JavaScript, image manipulation, Notepad, Photoshop

Whitepaper

Click for rar Link: Whitepaper
three whitepapers that I wrote for: CMS Made Simple 1.0.2, CMSimple 2.6 & JAF CMS 4.0 RC1
Technologies: PHP, vulnerability identification & patching, HTML, javascript, Notepad

PHP script

Click for larger view Link: Concorde2 php ical file
PHP script to create an automatic updating ical file for the venue "concorde2"
for google calendar click "add by URL" under other calendars and use the URL "http://rossmarkham.com/portfolio/concorde2.php"
Technologies: PHP, Notepad

Plugin

Click for larger view Demo: Shoutbox
A free PHP flatfile ajax shoutbox with administration area, includes smilies and word filters plus various other features.
Technologies: PHP, JavaScript, XHTML, CSS, Notepad
Downloads:RAR

Plugin

Click for larger view Link: BeEF Download: beef_update_modules
Create a plugin to allow a BeEF to update the modules from a remote location, check which ones you have and allow one click installs
Technologies:PHP, cURL, JavaScript, HTML, Notepad
Notes:This is no longer working.

Website

Click for larger view Link: IceMaidenDiaries
Create a blog website for maximum exposure.
Technologies: PHP, MySQL, HTML5 Boilerplate, Photoshop, Wordpress

Website

Click for larger view Create a basic website for a developing business to reach potential clients
Technologies: XHTML, CSS, PHP, image manipulation, Notepad, Photoshop

Demo page

Click for larger view Demo: HealthManagement
as a part of an interview test I recived a fireworks file at 9am and had until 5pm to create a concept. This is how it turned out.
Technologies: XHTML, CSS, JavaScript, Notepad++, Photoshop, Fireworks

Template

Click for larger view Demo: RossTemplate05
A free website template, poker themed
Technologies: HTML5, CSS3, Notepad, Photoshop
Downloads: ZIP, RAR