Build a Smart Contract or Cloud Security Harness
Design, build, run, and benchmark a domain-specific harness — EVMbench-aligned smart contract audit or cloud posture + red team — with a publishable one-page results summary.
Same architecture, different domain. The C1 skeleton — scope middleware, memory, tools, evidence, triage, report — ports directly to smart contract or cloud security. What changes is the tool suite, the target, and the benchmark. The skills transfer.
Three modes define the harness. Smart contract: Detect / Patch / Exploit. Cloud: Detect / Remediate / Exploit. The mode determines the tool chain and the evidence shape. A harness that only detects is half a harness.
A real lab target is non-negotiable. Forked mainnet, Damn Vulnerable DeFi, or an isolated AWS account. A harness tested only on toy examples is a hypothesis. The lab target makes the benchmark falsifiable.
The one-page summary is the asset. The benchmark score and the client report distill into a single publishable page — LinkedIn post, GitHub README, Deepthreat.ai demonstration. The harness is the engine; the published score is the portfolio.