Fardin Gholami
CYBER SECURITY PROFFESIONAL · PENETRATION TESTER
+98-935-***-**** addssn@r.postjobfree.com gholamifrd fardin-gholami @gholamifrd Summary
Practical cybersecurity professional with mechanical engineering background and over 4 years of progressive experience in penetration testing, vulnerability audit, linux systems administration,and virtualization at scale. Specialized in web application vulnerability hunting and creating penetration testing reports and advisorydocumentsforgovernmentorganizationsandprivatebusinesses. Deep understanding of TCP/IP, Named DataNetworking,Reverse Engineering, DeepPacketInspectionandnovelexploitationmethodsthroughhands-on simulations andexaminations. Extensive experience in creating customized tools using advanced Bash, Python, and Docker Containers in Unix and Windows environments to resolve complex problems.
Core Competencies
Programming Languages C++, PHP, JavaScript
Scripting Languages Bash, Python, GO, Regex
Intercepting Proxies Burpsuite, ZAP, MITMProxy
Web Application Scanners Netsparker, Acunetix, Nikto, Vega, Arachni, w3af Network Scanners Nessus, Nmap, Masscan, Zmap
Exploitation Frameworks Metasploit, SQLMap, BeEF
Network Simulation NS3, GNS3, Packet Tracer
Network Analysis Solarwinds, Wireshark
Firewalls pfSense, iptables, snort
Virtualization VMware ESXi, KVM, Xen, QEMU, Proxmox, Docker, Kubernetes, Vagrant Operating Systems Arch Linux, Kali Linux, FreeBSD
Experience
CERTCC MAHER Urmia University, Urmia, Iran
PENETRATION TESTER Sep 2017 - Present
• Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.
• Assessed novel network vulnerabilities to include EternalBlue, BlueKeep, and SMBGhost on more than 12 million IPs and extracted statistical data of vulnerable cases for further incident response.
• Conducted penetration tests on more than 40 local and national networks and websites.
• Performed creative web application exploitation techniques including Blind XSS, DNS Data Exfiltration and Out Of Band File Upload SSRF.
• Analyzed security performance and configurations of most commonly used proprietary firewalls in comparison with open-source alternatives.
• CreatedacomprehensivedatabaseofallIranianIPswithopenports,running services,andwebapplicationframeworksandvisualizedresulting data similar to Shodan.io.
• Conducted workshops and trained more than 15 students on the following subjects:
– Using Common Exploitation Frameworks
– Launching Isolated Labs Using Vulnerable Web Applications
– Advanced Web Application Bug Hunting Techniques
Pouyan System Urmia, Iran
JR. LINUX SYSTEM ADMINISTRATOR Dec 2016 - Aug 2017
• Configuration and troubleshooting DHCP, Default Gateway, DNS, VPN, Firewall, SSH, and VNC in a multiplatform LAN.
• Installation and Configuration of virtual machines within VMware ESXi and Proxmox.
• Configuration of Web Servers, Reverse Proxies, Database, FTP and DNS Servers. i
• Respond to security alerts with risk evaluation, monitoring, and report on unauthorized access attempts. Education
Self-Taught Urmia, Iran
INFORMATION SECURITY 2015 - Present
• TCP/IP Network Administration
• Information Security The Complete Reference
• OWASP Testing Guide 4.0
Tabriz University Tabriz, Iran
M.S IN AGRICULTURAL MECHANICAL ENGINEERING 2012 - 2015 FARDIN GHOLAMI · RÉSUMÉ 1
Honors & Awards
DOMESTIC
2018 2nd Place, 6th Capture The Flag Contest Isfahan, Iran Projects
Named Data Networking Congestion Control Algorithm M.S THESIS COLLABORATOR Jul 2019 - Oct 2019
• A new congestion control algorithm to decrease latency and improve bandwidth utilization in NDN networks
• Developed a customized python PyBindgen library compatible with ndnSIM PCON (pyBindgen)
• Docker implementation of ndnSIM PCON to decrease environment setup time and increase simulation process reCAPTCHA V2 Bypass
PERSONAL Sep 2017 - Feb 2018
• Developed a fully automated bot capable of bypassing google reCAPTCHA and performing automatic clicks to collect Bitcoin in advertisement websites
FARDIN GHOLAMI · RÉSUMÉ 2