Dan LaChance

Cybersecurity Student

Who am I?

A cybersecurity student at Rochester Institute of Technology

Also with a minor in computer engineering and a specialization in hardware and wireless security exploitation.

Personal Info

  • Email : daniel.g.lachance@gmail.com
  • Github : dlach1
  • LinkedIn : daniel-lachance-319068290

My Expertise

Hardware/Wireless Security

SDR Programming, Circuitry, x86 Assembly


Software Development

Python, C, Javascript, React.js, ASP.NET Core, Github


System Administration

AWS, Bash, SQL, VMWare, Docker, Wireshark


My Resume

My Activities

RITSEC Executive Board

Currently serving on the RITSEC executive board in the positon of tech lead. As tech lead I create weekly CTF challenges to supplement new members' learning from the education talks. Weekly demonstrations include topics such as Windows, Linux, reverse engineering, red teaming, and wireless security.

Cyber Defense Competitions

I have competed in three cyber defense competitions as a blue team member. These competitions include: IRSec, ISTS, and CCDC tryouts. My team placed first at IRSec, against 14 other blue teams, qualifying us to move onto ISTS, a collegiate purple team competition that pulls competitors from across the country.

Wireless Security IG Lead

I currently co-lead the wireless security interest group. This interest group exists to give students a foundational understanding of wireless protocols, while giving hands on experience. As leads, we give educational presentations, bring in alumni, and facilitate personal projects with club resources.

Reverse Engineering IG

Member of RITSEC's reverse engineering interest group. In the interest group, members learn x86 assembly, various types of malware analysis, and tools like Ghidra, IDA, and binja.

RITSEC CTF

Placed 3rd of RIT teams in RITSEC's yearly capture the flag competition on a team of 5. We solved challenges involving reverse engineering and open source intelligence.

Course Assistant

Working as a course assistant for CSEC-140 Introduction to Cybersecurity. As a CA, I grade assignments and facilitate student learning during class activities.

Research

QR Code Secret Data Scheme & Scanner

By: Dan LaChance & Greg Johnson

QR codes are an effective way of sharing information quickly and reliably, primarily because of their error correction capabilities. This error correction feature can be harnessed for secret data sharing by changing bits that the scanners will be able to correct. This secret data can compromise voting security by violating privacy by hiding voter identification in the ballot QR code, as outlined in VVSG 2.0 guidelines. Our team developed two proof of concept schemes, tested their effectiveness, and tested codes to analyze their number of errors. We concluded that any QR code with any errors should be treated with suspicion because an attacker may have tampered with it. In order to detect errors, it is important that every voting center use a tool to scan the number of errors in a code before extracting any data. Although many voting machines’ QR codes can withstand 25% error capacity, if human workers can not see what is causing a high amount of errors with their eyes, the code has most likely been tampered with. Common ink smudges and bad lighting will be recognizable to anybody but secret messages will not. It is important for voting centers to do so in order to better secure our elections.

Partial-Temporal Constraint in Constraint-Based Programming

By: Dan LaChance & Greg Johnson

Constraint Based Programming is a means of solving complex constraint satisfaction problems characterized by a tuple of variables, domains, and constraints that must be met in order to find a feasible solution. Our focus is on scheduling problems using constraint programming. One method for creating these constraints is temporal, a method that creates a schedule with strict ordering of all constraints; they must happen one after the other. In this study, we analyzed constraint based programming and how we can properly test and model less restrictive temporal constraints. Empirical study was done by producing a schedule for a FIRST robotics competition. In this competition, there are two repeated tasks: a five-minute competition that must be completed three times and a set of ten-minute practices, where all practices must be completed before the last competition. We used Google-OR Tools to effectively create two models that could be compared to each other. One model uses old temporal methods to create a solution, and the other uses a proposed relaxed temporal method to find a solution. Overall, the new, relaxed constraint was able to produce a shorter competition day because it was able to output solutions that made better use of the resources. Read More

RITSEC Talks

QR Code Research

By: Dan LaChance

QR codes have error correction algorithms allowing them to lose up to 30% of their face and still scan properly. This error correction allows an attacker to replace a portion of the face with his or her own data. Since the code will still scan properly, it effectively makes the data a secret.

In this research presentation I explain how I was able to create a secret data sharing scheme where 45% of the QR code face was replaced, and the code still scanned every time.

Additionally, I wrote a new scanner that would print out the number of errors the scanner had to correct for. This new scanner would allow people to more easily find when QR codes are hiding secret data and it could lead to better voting security as voting machines now use QR codes.

Watch
SDRs and Wireless Discord Bot

By: Dan LaChance

Software Defined Radios (SDRs) are tools used to listen to radio traffic. Radio traffic that includes EMS dispatch.

I used a Hack-RF software defined radio to listen to the band my local EMS transmits on. Using those radio waves, a raspberry pi was running a fast-fourier-transform plot and in 3 second intervals, it would check the strength of the signal on the EMS band. Once the signal reached a given threshold, the raspberry pi knew there was activity and alerted a discord bot. The bot would make a post with a timestamp, allowing me to go back and listen.

Watch
Trunked & Digital Radio

By: Dan LaChance

Informative talk to club members on new-era radio such as trunked and digital communication. I talked about the science behind different ways binary can be transmitted across radio waves and how trunking helps reduce the number of bands needed for communication. This entire talk was done with security in mind so I also explained how encryption is now used in P25 Phase II trunking systems.

Watch

NFC & RFID Communications

By: Dan LaChance

Informative presentation to club members on the science behind NFC/RFID communications and possible ways for exploitation as well as a live demonstration.

Watch