Raphael Mudge

Hi, welcome to my sorta slice on the internet. This is a personal homepage, with a little about me and my projects.

About Me

I'm a sometimes computer programmer and a sometimes entrepreneur. I like to learn and am just curious in-general. I'm learning acoustic guitar (slowly). I make a mean cappucino. And, I like to run and exercise too. No planks though. I don't like those. Recently, I rescued my old Guardians of the Galaxy comic book collection (Valentino-era and before) and have taken to expanding and refreshing it. I like retro video games too, but really... these are just video games to me. They weren't retro the first time I played many of them. I've watched nearly every episode of The Twilight Zone. I live in Washington, DC.

Where I learned things?

I have a BSc and MSc in Computer Science. 5/5 stars, would major in again.

I also attended the inaugral USAF Advanced Course in Engineering Cyber Security "boot camp", a summer program originally for military cadets interested in information assurance careers. This program sparked my professional interest in cyber security and encouraged me to vector my career in that direction. The program also pushed a problem solving method I still use today.

And, while they don't count as formal education per se, I'm thankful to the knowledge I've gleaned from various books. Some of my favorites:

More? I sat down with Fr. Robert Ballecer, SJ and Shannon Morse on Coding 101, episode 29 in 2014. :) Long time ago. This interview was probably my favorite (of all time) and it focused heavily on career, inspirations, how I learned things, and tips for aspiring programmers.

The Hacker Ethic

My professional values draw from the hacker ethic. The hacker ethic is a playful, creative, and can-do approach to solving problems. Hacker culture is the shared beliefs that inform how people, who subscribe to the hacker ethic, interact with eachother. Hacker culture celebrates cleverness, values the pursuit of knowledge, respects intellectual freedom, and rewards sharing knowledge. Here are a few resources on this:

Early Projects

jIRCii - IRC Client

When I was in high school (late-90s), I started to develop an IRC client jIRC. It later evolved into jIRCii. This is the project where I cut my teeth architecting a software application. I put special emphasis on this, because these lessons didn't come easy. I rewrote jIRCii about three times, each rewrite necessitated by the codebase becoming too complex to add features without breaking things. I carried these lessons forward to future projects. It was also through jIRCii that I learned a lot of lessons about building a scriptable application and maintaining a (developer) community around that application.

Sleep - Scripting Language

Related to jIRCii is the Sleep Scripting Language. Sleep is an embeddable (and extensible) general purpose scripting language for Java applications. I wrote the first version of Sleep during an inspired weekend in 2002, while I was an undergraduate. I like programming in Sleep and still use it for my one-off scripts to this day. Sleep is part of most of my projects.

Feedback Army

Feedback Army was a usability testing web service circa 2008, that I created after reading a thread on Hacker News asking how to solicit feedback for websites. Feedback Army used Amazon's Mechnical Turk service to source website feedback reviews for its customers. This was my first business and it was a vehicle to experiment with and learn a lot of fundamentals of running an internet business. I retired the service in 2016.

Natural Language Processing

In 2008, I started development of what would become the After the Deadline spelling and grammar checking software service. My vision (admittedly, found later into my effort) was to bring machine learning-powered proofreading tools to web applications. After the Deadline was acquired by Matt Mullenweg's Automattic in 2009. Automattic opted to make After the Deadline open source after this acquisition (something I wholeheartedly supported and was excited about). The project was the spelling and grammar checker for WordPress.com blogs and also the popular JetPack plugin. After the Deadline was retired in 2019. Not a bad run.

Red Teaming

I spent a decade (2010-2021) focused on red teaming. I advocated for new security testing practices, researched hacking tradecraft, and developed software for red team security tests.

My foray into this work was the open source Armitage project [code], released late 2010. Armitage was a scriptable red team collaboration tool built on top of the Metasploit Framework. Its purpose was to facilitate (and explore best practices for) red team collaboration at the cyber defense exercises I provided volunteer red team support for (e.g., the National Collegiate Cyber Defense Competition).

In 2012, I launched the Cobalt Strike security testing product and started to sell licenses for it under the banner of Strategic Cyber LLC. When I brought Cobalt Strike to market in 2012, the commercial market for red teaming tools didn't exist. The practice of red teaming was embryonic and existed in few places. I believed red team security tests, informed by adversary practices, were needed. I created Cobalt Strike to support these testing ideas and spur interest in the practice area.

Strategic Cyber LLC was acquired by HelpSystems in 2020 and I transitioned about a year after the acquisition. For context, HelpSystems is the parent company of Core Security (Core Impact). It's a good home for Cobalt Strike. They embrace the quirkiness of the brand. To see what they're up to, check out the latest on the Cobalt Strike blog.


My email address is rsmudge at gmail dot com.