Resume

Sign in

Computer Engineering Information Security

Location:
Charlottesville, Virginia, United States
Posted:
February 27, 2018

Contact this candidate

Updated May **, ****

Professional hacker, information security

researcher and scientist, philosopher,

entrepreneur, full-time husband.

+1-434-***-****

Phone Number

*** ******** **, ***********ille, VA 22901

Address

ac4mt6@r.postjobfree.com

Email

abiusx.com

Website

Computer Science

Information Security

Cryptography

Software Engineering

Computer Engineering

Game Development

Web Development

Consultation

DevOps

Humanities

Philosophy

Epistemology

Game Theory

Journalism

History

Project Management

Teaching

Hacking & APT

Cognitive Sciences

PHP-Emul

The PHP Emulator written in PHP.

TypedPHP

Typing library for PHP5 code.

PHPQt-ng

Qt Bindings for PHP

iframework

A lightweight PHP web and cli application

framework.

taintless

Automated attacks against taint-inference protected systems.

Abbas

Naderi Afooshteh

@AbiusX

Google Software Engineer [Intern]

Developing shared filesystem capability for Chrome OS containers, enabling native apps executed under Chrome OS containers to access user data.

Key Skills: Kernel Development, NFS, Virtualization, DevOps, Security, Jailing, Gentoo Build System, Git, Gerrit

APR 2017 - PRESENT

ZDResearch Co-founder and CIO

ZDResearch is a cyber security research and training firm, specializing in vulnerability detection, assessment, analysis and mitigation as well as advanced cyber security training. Key Skills: Management, Sales, Marketing, Advertisement, Training Workflow, Digital Rights Management, Web Application Security, Reverse Engineering, Exploit Development, Penetration Testing FEB 2013 - FEB 2015

Etebaran Informatics Founder and CIO

Etebaran informatics is a high-tech IT firm located in Tehran and Karaj, providing IT solutions ranging from web hosting services to enterprise software and security solutions. FEB 2011 - AUG 2013

OWASP Iran Chapter Leader

The Open Web Application Security Project (OWASP) is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. I have been leading several teams and projects at OWASP, as well as the Iran chapter. MAR 2007 - JAN 2016

Smart Systems Software Project Manager

Smart Systems develops enterprise solutions for Iran's critical infrastructure. I lead the one million man-hour enterprise solution that revolutionized Iran's customs and increased its revenue by 800%. APR 2011 - SEP 2012

Etebaran CIO

Etebaran is the parent company of Etebaran Informatics (although the two are separate entities now). Most of Etebaran's activities is focused on urban development. APR 2008 - SEP 2011

Iran Railways Head of Software Security

Leading the software security team of Iran's national railway company, with more than 15000 employees and 11000 endpoints.

JAN 2007 - JAN 2009

Iran Ministry of Culture Video Game Ratings

The national video game and software rating standard was developed in our team, and implemented throughout the country in this duration.

APR 2005 - OCT 2007

IRboost.com Founder

IRboost is an anti-filter privacy and performance enhancing technology providing Middle-Eastern countries with faster and less restrictive Internet access.

JUN 2011 - PRESENT

Hack Dat Kiwi Founder

Hack Dat Kiwi is a new CTF (Capture the Flag hacking competition) brand focusing on real-world quality competitions with reserved bragging rights.

JULY 2015 - PRESENT

Profile

Contanct

Skills/Interests

Open Source Projects

Employment

GRE: 1310 167 (Quantitative), 153 (Verbal), 3.0 (Writing) - 10/2010 TOEFL: 117 IBT Reading 30/30, Listening 30/30, Speaking 28/30, Writing 29/30 - 14 Jan 2012 IELTS: 8.0 Listenning 8, Reading 9, Writing 7, Speaking 7.5 - 19 Nov 2011 1. Taintless - Defeating Taint-Powered Protection Techniques Black Hat USA 2014 Conference 2. Trusting the PKI Federal Retirement Thrift Investment Board, October 2013 3. Modern Media Security 3rd International Digital Media Fair of Tehran, 2009 (OWASP Certified) 4. General Security in Cyberspace 3rd International Digital Media Fair of Tehran, 2009 5. General Security in Cyberspace 2nd International Digital Media Fair of Tehran, 2008 6. General Security in Cyberspace Iran's National TV, IRIB7, 3 Sessions 7. Participating in Open Source Communities 3rd International Digital Media Fair of Tehran, 2009 8. Software & Media Protection 3rd International Digital Media Fair of Tehran, 2009 9. Media Lock Methods 2nd International Digital Media Fair of Tehran, 2008 10. Western Games Pathology 3rd International Digital Media Fair of Tehran, 2009 11. Moodle Open Source LMS 3rd International Digital Media Fair of Tehran, 2009 12. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2007

13. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2008

14. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jan 2009

15. Analysis of University Ranking Methodologies Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007

16. Disk I/O In Visual Basic 6 Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007

17. HTML Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008

18. CSS Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008

19. GUI Programming Concept & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, April 2010

20. Version Control Systems Theory & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jun 2010

21. Secure Application Development Islamic Republic of Iran Railways, IT Branch, Nov 2007 22. CLASP Security Model Bandar Abbas, Smart Customs Program, Jul 2011 23. Epistemologic Information Security Tarbiat Moalem (Kharazmi) University, April 2012 jframework

Robust and secure PHP framework (since PHP 4.0).

L3D

3D L-System for generating 3D trees and bushes

from simple rules

WP-SQL-SINK

Extract sinks and fragments from PHP applications

(e.g. Wordpress).

CLPatchmatch

OpenCL (realtime) implementation of patch match

image processing algorithm (Python and C)

CLSeamCarving

OpenCL (realtime) implementation of seam carving

image resizing algorithm

OWASP RBAC

Secure role based access control libraries.

OWASP PHP Security Project

OWASP WebGoat PHP

A deliberately insecure web application developed

using PHP to teach web application security

Facebook Mass Friend Removal Script

Allows people with lots of friends to filter their lists, something that facebook does not allow.

OWASP PureCaptcha

Single-file dependency-free CAPTCHA library.

WP-SQLI-LAB

Wordpress SQL Injection Lab, for testing and

automating sql injection research on Wordpress.

PyQtX

Binary distributions of PyQt for MacOS

WB-Tree

A C++/SCM B+ Tree implementation

Qt2DGraphiX

2D Game Engine on top of Qt Framework

QtCap

Network and packet sniffing utility.

VisualCrypto

MicroPiper

A duplex piping utility for Windows 98

APEngine

A Turbo C++ game engine used in several student

projects

SBCE Online Judge

Automated C++ programming environment for

teaching computer programming.

IRUnfilter

OWASP Code Review Guide 2

The open source cloud computing infrastructure, one of the most active open source projects I've ever seen. OpenStack

The open source cloud computing infrastructure, one of the most active open source projects I've ever seen. SQLCipher

open source encrypted SQLite database, very mature. Darwin

High level open source kernel of Mac OS X.

XNU-dev

Open source fork of Darwin for x86 IBM-PC.

OWASP WebGoat

Open source educational security application.

OWASP ESAPI

Enterprise security API framework.

OWASP ASVS

Application security verification standard.

University of Virginia

Computer Science - PhD

PhD Proposal (8/28/2015): Defeating Injection Attacks on Web Applications using Practical Threat Modeling and Hybrid Taint Inference

Advisor: Jack Davidson

Chair: John Knight

Committee: David Evans, R Sekar, Barry Horowitz

2013 - PRESENT

Carnegie Mellon University

Information Security - Master of Science

2013 - 2013

Sharif University of Technology

Computer Software Engineering - Master of Science

2012 - 2013

National University of Iran

Computer Software Engineering - Bachelor of Engineering 2006 - 2011

Allmeh Helli Highschool

Mathematics and Physics

2002 - 2006

Allmeh Helli Middle School

Mathematics and Physics

1999 - 2002

Open Source

Participation

Education

Talks & Workshops

Teaching Experience

1. Graduate Defense Against the Dark Arts University of Virginia, Computer Science Department, Spring 2017, 4 Sessions

2. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2006, 10 Sessions

3. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2006, 10 Sessions

4. Information Security & Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 10 Sessions

5. Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 25 Sessions

6. 3D Game Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, 10 Sessions

7. Cryptography & Information Security Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 7 Sessions

8. Web Development & Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 8 Sessions

9. Modern Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 3 Sessions

10. Operating System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, 16 Sessions

11. Database System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 16 Sessions

12. APT Security & Hacking Private Contractor, Fall 2011, 10 Sessions 13. CEH Private Contractor, Spring 2011, 20 Sessions 14. Operating Systems Labs Sharif University of Technology, Computer Engineering Department, Spring 2013

1. Abbas Naderi-Afooshteh, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, Jason D. Hiser, Jack W. Davidson Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks, The Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015. 2. Javad Zandi, Abbas Naderi-Afooshteh LRBAC: Flexible function-level hierarchical role based access control for Linux, 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), 2015.

3. Sajjad Arshad, Abbas Naderi, Comparison of Routing Protocols in Mobile Ad-Hoc Wireless Networks, 3rd World Conference on Information Technology (WCIT), 2012. 4. DNS Hijacking via DNS Rebinding Won $2000 innovative article of the year award, took 6 months to develop and demonstrate.

5. Secure Web Application Development Framework My BS thesis describing web techonologies from a security perspective and providing a framework to approach and use them in a means of minimizing security risks.

1. Fast & Flexible NIST Level 2 Role Based Access Control jrbac, the de-facto RBAC standard in theory. 2. OWASP ASVS Persian Native Persian version of application security verification standard. 3. Qt Quick Tutorial

4. Iran Rankings in the World

5. Untouched Usages of XOR

6. Birthday Paradox in Breadth

7. Feminism in Western Games

8. Turbo C++ 2D Game Development

9. Index of Conincidences

10. An Introduction to Cryptography (Book)

11. University Rankings Criteria (2009)

12. Application Security Checklist

13. Web Security Checklist

14. Linux Practical Tutorial I mostly used this to kick start my students on Linux world, so that they could do their assignments and projects.

15. Operating System Labs Manuscript Co-oped with another Operating Systems lab teacher, this manual is a kick-start for operating systems concepts and practice. From boot to most parts of kernel and UI, console capabilities, POSIX and etc. (I also covered most of Prof. Tanenbaums Operating Systems book on the course.)

Ranked 2nd in the DARPA CyberGrandChallenge Competition as part of TechX/Xandra team (DefCon 2016).

Programming Languages

C C++ PHP Python

Java C# ASM Haskell

JS SQL HTML CSS

Computer Skills

Hacking Network

Security

Web

Security

Crypto

Code

Audit

Malware

Analysis

Kernel

Hacking

Operating Systems

MacOS Debian Windows Gentoo

BSD

Database Systems

MySQL SQLite SQLServer Postgres

Oracle MongoDB

Version Control

SVN GIT CVS

IDE

VIM Sublime Eclipse XCode

VS QTC

Languages

Skills

Publications

Whitepapers

Honors & Awards

OWASP WASPY Best Inventor 2013 Award ($1000 Gift Card). Ranked 1st at Iran's Fifth National Hacking Online Contest (cert.sharif.edu, 2013) Ranked 3rd at Iran's Forth National Hacking Contest (cert.sharif.edu, 2013) Ranked 1st at Iran's Third National Hacking Online Contest (cert.sharif.edu, 2012-2013) Ranked 3rd at Iran's First National Hacking Online Contest (cert.sharif.edu, 2010) Ranked Honorary 1st & Official 5th at Iran's Second National Hacking Contest (cert.sharif.edu, 2010) For participating solo on a contest of teams of three, And staying on top of the scoreboard for 90% of contest time.

Ranked 11th at International Hackademic Contest (2010) Participating solo, In a large-scale, four weeks contest of security teams participation

Ranked 1st at Stripe CTF hacking contest (2012) among top 100 people who solved all challenges, contest had 6000 hacker participants

Ranked 17th in the ACM Collegiate Programming Contest, West Asia Region (2007) Ranked 31th in the ACM Collegiate Programming Contest, West Asia Region (2008) Ranked 36th in Decryption, the international cryptography contest (Feb 2012) Ranked 2nd in the National Iran Open Robocup Festival, Innovations Section (2011) Honorary Undergraduate Scholarship from Sharif University of Technology (2006) Graduate Scholarship from Sharif University of Technology (2012) Bronze Medal of Astronomy Student Olympiads (2005) Google Summer of Code 2014

Shivam Dixit in OWASP WebGoatPHP

Google Summer of Code 2014

Minhaz Appatu Vadakekara in OWASP CSRF Protector

Google Summer of Code 2014

Abhishek Das in OWASP PHP Security Project

Google Summer of Code 2013

Rahul Chaudhary in OWASP PHP Security Project

COMPASS: Finding Your Message Workshop on Scientifically Communicating Scientific Research Certificate of Journalism from Ministry of Science & Higher Education at First Journalism Workshop Editor-In-Chief of Kankash Scientific Journal, Allameh Helli High School Editor-In-Chief of Bazitab Game Pathology Magazine, Ministry of Culture Editor-In-Chief of Millenia Science Electronics & Computer Science Journal, Shahid Beheshti University Editor-In-Chief of Ghasedak Newspaper, A Shahid Beheshti Public Newspaper Editor-In-Chief of Soozan Electronic Magazine, A Shahid Beheshti Popular e-Magazine Editor-In-Chief of Noghte Sare Khat Special Edition, And member of editors board University of Virginia Computer Science Graduate Student Group Co-Lead Director of Allameh Helli High School Yearly Seminar (6 months of 20 people teamwork) Member of Science Society Board of Directors at Shahid Beheshti University, Director of Electronics & Computer Engineering Science Society Board (1 year) Scientific, Cultural, Political Head of Student Council at Shahid Beheshti University Director of Shahid Beheshti University Robocup Team SBCESaviour (Summer 2007) Director of Workshops & Posters section at Iran's 12th International Computer Society Conference Director of Official Welcome Party for Freshmen at Shahid Beheshti University Director of Tours & Trips around the country for Freshmen at Shahid Beheshti University ISMS Auditor / Consultant Certificate

Active Member of ISSECO® International Secure Software Engineering Council Executive Chief of Iran's First Web Application Security Conference (2010) Executive Chief of Posters & Workshops at 12th Iran's Computer Society Conference (2006) Participant of 2nd, 3rd & 4th Iran's Society of Cryptology Conference Active Member of Iran's Society of Cryptology

Member of ACM (ac4mt6@r.postjobfree.com) since 2006

Member of IEEE since 2008

Participant of Adhoc & Sensor Network Security Workshop at KNTU University Participant of e-Voting Workshop, Sharif University of Technology Head of Shahid Beheshti University Robocup team, SBCE Saviour (Summer 2007) 1. Defense Against The Dark Arts University of Virginia, Computer Science, Spring 2014, Prof. Jack Davidson

2. Computational Complexity University of Virginia, Computer Science, Spring 2014, Prof. Mohammad Mahmoudy

3. Software Development Methods University of Virginia, Computer Science, Fall 2013, Prof. Luther Tychonievic

4. Computer Architecture University of Virginia, Computer Science, Fall 2013, Prof. Jack Stankovic IQ: 148 Certified by International High IQ

Society, 28 March 2012

Farsi English Arabic Japanese

Hebrew French

Mentorship

Journalism

Student Activity

Scientific Activity

More

Notable Work

Teaching Assistants

5. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, Prof. Mohsen Ebrahimi Moghaddam 6. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, MS. Ali Vahed

7. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Alireza Ahmadi Far

8. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Malihe Bahadori 9. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, MS. Ali Vahed

10. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, Prof. Alireza Ahmadi Far

11. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Alireza Ahmadi Far

12. Operating Systems Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori

13. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori 14. Computer Architecture Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Farshad Safaei

15. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, Prof. Alireza Ahmadi Far

16. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Azadeh Mansouri

17. Internet Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Hasan Haghighi

18. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, Prof. Ahmad Mahmoudi 19. Computer Networks Shahid Beheshti University, Computer Science Department, Fall 2011, Prof. Ehsan Malekian



Contact this candidate