Professional hacker, information security
researcher and scientist, philosopher,
entrepreneur, full-time husband.
Phone Number
*** ******** **, ***********ille, VA 22901
Address
ac4mt6@r.postjobfree.com
abiusx.com
Website
Computer Science
Information Security
Cryptography
Software Engineering
Computer Engineering
Game Development
Web Development
Consultation
DevOps
Humanities
Philosophy
Epistemology
Game Theory
Journalism
History
Project Management
Teaching
Hacking & APT
Cognitive Sciences
PHP-Emul
The PHP Emulator written in PHP.
TypedPHP
Typing library for PHP5 code.
PHPQt-ng
Qt Bindings for PHP
iframework
A lightweight PHP web and cli application
framework.
taintless
Automated attacks against taint-inference protected systems.
Abbas
Naderi Afooshteh
@AbiusX
Google Software Engineer [Intern]
Developing shared filesystem capability for Chrome OS containers, enabling native apps executed under Chrome OS containers to access user data.
Key Skills: Kernel Development, NFS, Virtualization, DevOps, Security, Jailing, Gentoo Build System, Git, Gerrit
APR 2017 - PRESENT
ZDResearch Co-founder and CIO
ZDResearch is a cyber security research and training firm, specializing in vulnerability detection, assessment, analysis and mitigation as well as advanced cyber security training. Key Skills: Management, Sales, Marketing, Advertisement, Training Workflow, Digital Rights Management, Web Application Security, Reverse Engineering, Exploit Development, Penetration Testing FEB 2013 - FEB 2015
Etebaran Informatics Founder and CIO
Etebaran informatics is a high-tech IT firm located in Tehran and Karaj, providing IT solutions ranging from web hosting services to enterprise software and security solutions. FEB 2011 - AUG 2013
OWASP Iran Chapter Leader
The Open Web Application Security Project (OWASP) is an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. I have been leading several teams and projects at OWASP, as well as the Iran chapter. MAR 2007 - JAN 2016
Smart Systems Software Project Manager
Smart Systems develops enterprise solutions for Iran's critical infrastructure. I lead the one million man-hour enterprise solution that revolutionized Iran's customs and increased its revenue by 800%. APR 2011 - SEP 2012
Etebaran CIO
Etebaran is the parent company of Etebaran Informatics (although the two are separate entities now). Most of Etebaran's activities is focused on urban development. APR 2008 - SEP 2011
Iran Railways Head of Software Security
Leading the software security team of Iran's national railway company, with more than 15000 employees and 11000 endpoints.
JAN 2007 - JAN 2009
Iran Ministry of Culture Video Game Ratings
The national video game and software rating standard was developed in our team, and implemented throughout the country in this duration.
APR 2005 - OCT 2007
IRboost.com Founder
IRboost is an anti-filter privacy and performance enhancing technology providing Middle-Eastern countries with faster and less restrictive Internet access.
JUN 2011 - PRESENT
Hack Dat Kiwi Founder
Hack Dat Kiwi is a new CTF (Capture the Flag hacking competition) brand focusing on real-world quality competitions with reserved bragging rights.
JULY 2015 - PRESENT
Profile
Contanct
Skills/Interests
Open Source Projects
Employment
GRE: 1310 167 (Quantitative), 153 (Verbal), 3.0 (Writing) - 10/2010 TOEFL: 117 IBT Reading 30/30, Listening 30/30, Speaking 28/30, Writing 29/30 - 14 Jan 2012 IELTS: 8.0 Listenning 8, Reading 9, Writing 7, Speaking 7.5 - 19 Nov 2011 1. Taintless - Defeating Taint-Powered Protection Techniques Black Hat USA 2014 Conference 2. Trusting the PKI Federal Retirement Thrift Investment Board, October 2013 3. Modern Media Security 3rd International Digital Media Fair of Tehran, 2009 (OWASP Certified) 4. General Security in Cyberspace 3rd International Digital Media Fair of Tehran, 2009 5. General Security in Cyberspace 2nd International Digital Media Fair of Tehran, 2008 6. General Security in Cyberspace Iran's National TV, IRIB7, 3 Sessions 7. Participating in Open Source Communities 3rd International Digital Media Fair of Tehran, 2009 8. Software & Media Protection 3rd International Digital Media Fair of Tehran, 2009 9. Media Lock Methods 2nd International Digital Media Fair of Tehran, 2008 10. Western Games Pathology 3rd International Digital Media Fair of Tehran, 2009 11. Moodle Open Source LMS 3rd International Digital Media Fair of Tehran, 2009 12. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2007
13. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2008
14. Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jan 2009
15. Analysis of University Ranking Methodologies Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007
16. Disk I/O In Visual Basic 6 Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007
17. HTML Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008
18. CSS Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008
19. GUI Programming Concept & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, April 2010
20. Version Control Systems Theory & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jun 2010
21. Secure Application Development Islamic Republic of Iran Railways, IT Branch, Nov 2007 22. CLASP Security Model Bandar Abbas, Smart Customs Program, Jul 2011 23. Epistemologic Information Security Tarbiat Moalem (Kharazmi) University, April 2012 jframework
Robust and secure PHP framework (since PHP 4.0).
L3D
3D L-System for generating 3D trees and bushes
from simple rules
WP-SQL-SINK
Extract sinks and fragments from PHP applications
(e.g. Wordpress).
CLPatchmatch
OpenCL (realtime) implementation of patch match
image processing algorithm (Python and C)
CLSeamCarving
OpenCL (realtime) implementation of seam carving
image resizing algorithm
OWASP RBAC
Secure role based access control libraries.
OWASP PHP Security Project
OWASP WebGoat PHP
A deliberately insecure web application developed
using PHP to teach web application security
Facebook Mass Friend Removal Script
Allows people with lots of friends to filter their lists, something that facebook does not allow.
OWASP PureCaptcha
Single-file dependency-free CAPTCHA library.
WP-SQLI-LAB
Wordpress SQL Injection Lab, for testing and
automating sql injection research on Wordpress.
PyQtX
Binary distributions of PyQt for MacOS
WB-Tree
A C++/SCM B+ Tree implementation
Qt2DGraphiX
2D Game Engine on top of Qt Framework
QtCap
Network and packet sniffing utility.
VisualCrypto
MicroPiper
A duplex piping utility for Windows 98
APEngine
A Turbo C++ game engine used in several student
projects
SBCE Online Judge
Automated C++ programming environment for
teaching computer programming.
IRUnfilter
OWASP Code Review Guide 2
The open source cloud computing infrastructure, one of the most active open source projects I've ever seen. OpenStack
The open source cloud computing infrastructure, one of the most active open source projects I've ever seen. SQLCipher
open source encrypted SQLite database, very mature. Darwin
High level open source kernel of Mac OS X.
XNU-dev
Open source fork of Darwin for x86 IBM-PC.
OWASP WebGoat
Open source educational security application.
OWASP ESAPI
Enterprise security API framework.
OWASP ASVS
Application security verification standard.
University of Virginia
Computer Science - PhD
PhD Proposal (8/28/2015): Defeating Injection Attacks on Web Applications using Practical Threat Modeling and Hybrid Taint Inference
Advisor: Jack Davidson
Chair: John Knight
Committee: David Evans, R Sekar, Barry Horowitz
2013 - PRESENT
Carnegie Mellon University
Information Security - Master of Science
2013 - 2013
Sharif University of Technology
Computer Software Engineering - Master of Science
2012 - 2013
National University of Iran
Computer Software Engineering - Bachelor of Engineering 2006 - 2011
Allmeh Helli Highschool
Mathematics and Physics
2002 - 2006
Allmeh Helli Middle School
Mathematics and Physics
1999 - 2002
Open Source
Participation
Education
Talks & Workshops
Teaching Experience
1. Graduate Defense Against the Dark Arts University of Virginia, Computer Science Department, Spring 2017, 4 Sessions
2. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2006, 10 Sessions
3. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2006, 10 Sessions
4. Information Security & Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 10 Sessions
5. Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 25 Sessions
6. 3D Game Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, 10 Sessions
7. Cryptography & Information Security Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 7 Sessions
8. Web Development & Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 8 Sessions
9. Modern Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 3 Sessions
10. Operating System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, 16 Sessions
11. Database System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 16 Sessions
12. APT Security & Hacking Private Contractor, Fall 2011, 10 Sessions 13. CEH Private Contractor, Spring 2011, 20 Sessions 14. Operating Systems Labs Sharif University of Technology, Computer Engineering Department, Spring 2013
1. Abbas Naderi-Afooshteh, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, Jason D. Hiser, Jack W. Davidson Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks, The Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015. 2. Javad Zandi, Abbas Naderi-Afooshteh LRBAC: Flexible function-level hierarchical role based access control for Linux, 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), 2015.
3. Sajjad Arshad, Abbas Naderi, Comparison of Routing Protocols in Mobile Ad-Hoc Wireless Networks, 3rd World Conference on Information Technology (WCIT), 2012. 4. DNS Hijacking via DNS Rebinding Won $2000 innovative article of the year award, took 6 months to develop and demonstrate.
5. Secure Web Application Development Framework My BS thesis describing web techonologies from a security perspective and providing a framework to approach and use them in a means of minimizing security risks.
1. Fast & Flexible NIST Level 2 Role Based Access Control jrbac, the de-facto RBAC standard in theory. 2. OWASP ASVS Persian Native Persian version of application security verification standard. 3. Qt Quick Tutorial
4. Iran Rankings in the World
5. Untouched Usages of XOR
6. Birthday Paradox in Breadth
7. Feminism in Western Games
8. Turbo C++ 2D Game Development
9. Index of Conincidences
10. An Introduction to Cryptography (Book)
11. University Rankings Criteria (2009)
12. Application Security Checklist
13. Web Security Checklist
14. Linux Practical Tutorial I mostly used this to kick start my students on Linux world, so that they could do their assignments and projects.
15. Operating System Labs Manuscript Co-oped with another Operating Systems lab teacher, this manual is a kick-start for operating systems concepts and practice. From boot to most parts of kernel and UI, console capabilities, POSIX and etc. (I also covered most of Prof. Tanenbaums Operating Systems book on the course.)
Ranked 2nd in the DARPA CyberGrandChallenge Competition as part of TechX/Xandra team (DefCon 2016).
Programming Languages
C C++ PHP Python
Java C# ASM Haskell
JS SQL HTML CSS
Computer Skills
Hacking Network
Security
Web
Security
Crypto
Code
Audit
Malware
Analysis
Kernel
Hacking
Operating Systems
MacOS Debian Windows Gentoo
BSD
Database Systems
MySQL SQLite SQLServer Postgres
Oracle MongoDB
Version Control
SVN GIT CVS
IDE
VIM Sublime Eclipse XCode
VS QTC
Languages
Skills
Publications
Whitepapers
Honors & Awards
OWASP WASPY Best Inventor 2013 Award ($1000 Gift Card). Ranked 1st at Iran's Fifth National Hacking Online Contest (cert.sharif.edu, 2013) Ranked 3rd at Iran's Forth National Hacking Contest (cert.sharif.edu, 2013) Ranked 1st at Iran's Third National Hacking Online Contest (cert.sharif.edu, 2012-2013) Ranked 3rd at Iran's First National Hacking Online Contest (cert.sharif.edu, 2010) Ranked Honorary 1st & Official 5th at Iran's Second National Hacking Contest (cert.sharif.edu, 2010) For participating solo on a contest of teams of three, And staying on top of the scoreboard for 90% of contest time.
Ranked 11th at International Hackademic Contest (2010) Participating solo, In a large-scale, four weeks contest of security teams participation
Ranked 1st at Stripe CTF hacking contest (2012) among top 100 people who solved all challenges, contest had 6000 hacker participants
Ranked 17th in the ACM Collegiate Programming Contest, West Asia Region (2007) Ranked 31th in the ACM Collegiate Programming Contest, West Asia Region (2008) Ranked 36th in Decryption, the international cryptography contest (Feb 2012) Ranked 2nd in the National Iran Open Robocup Festival, Innovations Section (2011) Honorary Undergraduate Scholarship from Sharif University of Technology (2006) Graduate Scholarship from Sharif University of Technology (2012) Bronze Medal of Astronomy Student Olympiads (2005) Google Summer of Code 2014
Shivam Dixit in OWASP WebGoatPHP
Google Summer of Code 2014
Minhaz Appatu Vadakekara in OWASP CSRF Protector
Google Summer of Code 2014
Abhishek Das in OWASP PHP Security Project
Google Summer of Code 2013
Rahul Chaudhary in OWASP PHP Security Project
COMPASS: Finding Your Message Workshop on Scientifically Communicating Scientific Research Certificate of Journalism from Ministry of Science & Higher Education at First Journalism Workshop Editor-In-Chief of Kankash Scientific Journal, Allameh Helli High School Editor-In-Chief of Bazitab Game Pathology Magazine, Ministry of Culture Editor-In-Chief of Millenia Science Electronics & Computer Science Journal, Shahid Beheshti University Editor-In-Chief of Ghasedak Newspaper, A Shahid Beheshti Public Newspaper Editor-In-Chief of Soozan Electronic Magazine, A Shahid Beheshti Popular e-Magazine Editor-In-Chief of Noghte Sare Khat Special Edition, And member of editors board University of Virginia Computer Science Graduate Student Group Co-Lead Director of Allameh Helli High School Yearly Seminar (6 months of 20 people teamwork) Member of Science Society Board of Directors at Shahid Beheshti University, Director of Electronics & Computer Engineering Science Society Board (1 year) Scientific, Cultural, Political Head of Student Council at Shahid Beheshti University Director of Shahid Beheshti University Robocup Team SBCESaviour (Summer 2007) Director of Workshops & Posters section at Iran's 12th International Computer Society Conference Director of Official Welcome Party for Freshmen at Shahid Beheshti University Director of Tours & Trips around the country for Freshmen at Shahid Beheshti University ISMS Auditor / Consultant Certificate
Active Member of ISSECO® International Secure Software Engineering Council Executive Chief of Iran's First Web Application Security Conference (2010) Executive Chief of Posters & Workshops at 12th Iran's Computer Society Conference (2006) Participant of 2nd, 3rd & 4th Iran's Society of Cryptology Conference Active Member of Iran's Society of Cryptology
Member of ACM (ac4mt6@r.postjobfree.com) since 2006
Member of IEEE since 2008
Participant of Adhoc & Sensor Network Security Workshop at KNTU University Participant of e-Voting Workshop, Sharif University of Technology Head of Shahid Beheshti University Robocup team, SBCE Saviour (Summer 2007) 1. Defense Against The Dark Arts University of Virginia, Computer Science, Spring 2014, Prof. Jack Davidson
2. Computational Complexity University of Virginia, Computer Science, Spring 2014, Prof. Mohammad Mahmoudy
3. Software Development Methods University of Virginia, Computer Science, Fall 2013, Prof. Luther Tychonievic
4. Computer Architecture University of Virginia, Computer Science, Fall 2013, Prof. Jack Stankovic IQ: 148 Certified by International High IQ
Society, 28 March 2012
Farsi English Arabic Japanese
Hebrew French
Mentorship
Journalism
Student Activity
Scientific Activity
More
Notable Work
Teaching Assistants
5. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, Prof. Mohsen Ebrahimi Moghaddam 6. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, MS. Ali Vahed
7. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Alireza Ahmadi Far
8. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Malihe Bahadori 9. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, MS. Ali Vahed
10. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, Prof. Alireza Ahmadi Far
11. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Alireza Ahmadi Far
12. Operating Systems Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori
13. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori 14. Computer Architecture Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Farshad Safaei
15. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, Prof. Alireza Ahmadi Far
16. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Azadeh Mansouri
17. Internet Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Hasan Haghighi
18. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, Prof. Ahmad Mahmoudi 19. Computer Networks Shahid Beheshti University, Computer Science Department, Fall 2011, Prof. Ehsan Malekian