Information Security Engineering

Fardin Gholami

CYBER SECURITY PROFFESIONAL · PENETRATION TESTER

+98-935-***-**** addssn@r.postjobfree.com gholamifrd fardin-gholami @gholamifrd Summary

Practical cybersecurity professional with mechanical engineering background and over 4 years of progressive experience in penetration testing, vulnerability audit, linux systems administration,and virtualization at scale. Specialized in web application vulnerability hunting and creating penetration testing reports and advisorydocumentsforgovernmentorganizationsandprivatebusinesses. Deep understanding of TCP/IP, Named DataNetworking,Reverse Engineering, DeepPacketInspectionandnovelexploitationmethodsthroughhands-on simulations andexaminations. Extensive experience in creating customized tools using advanced Bash, Python, and Docker Containers in Unix and Windows environments to resolve complex problems.

Core Competencies

Programming Languages C++, PHP, JavaScript

Scripting Languages Bash, Python, GO, Regex

Intercepting Proxies Burpsuite, ZAP, MITMProxy

Web Application Scanners Netsparker, Acunetix, Nikto, Vega, Arachni, w3af Network Scanners Nessus, Nmap, Masscan, Zmap

Exploitation Frameworks Metasploit, SQLMap, BeEF

Network Simulation NS3, GNS3, Packet Tracer

Network Analysis Solarwinds, Wireshark

Firewalls pfSense, iptables, snort

Virtualization VMware ESXi, KVM, Xen, QEMU, Proxmox, Docker, Kubernetes, Vagrant Operating Systems Arch Linux, Kali Linux, FreeBSD

Experience

CERTCC MAHER Urmia University, Urmia, Iran

PENETRATION TESTER Sep 2017 - Present

• Provided detailed reports on the findings of network and application penetration tests including mitigation and remediation activities.

• Assessed novel network vulnerabilities to include EternalBlue, BlueKeep, and SMBGhost on more than 12 million IPs and extracted statistical data of vulnerable cases for further incident response.

• Conducted penetration tests on more than 40 local and national networks and websites.

• Performed creative web application exploitation techniques including Blind XSS, DNS Data Exfiltration and Out Of Band File Upload SSRF.

• Analyzed security performance and configurations of most commonly used proprietary firewalls in comparison with open-source alternatives.

• CreatedacomprehensivedatabaseofallIranianIPswithopenports,running services,andwebapplicationframeworksandvisualizedresulting data similar to Shodan.io.

• Conducted workshops and trained more than 15 students on the following subjects:

– Using Common Exploitation Frameworks

– Launching Isolated Labs Using Vulnerable Web Applications

– Advanced Web Application Bug Hunting Techniques

Pouyan System Urmia, Iran

JR. LINUX SYSTEM ADMINISTRATOR Dec 2016 - Aug 2017

• Configuration and troubleshooting DHCP, Default Gateway, DNS, VPN, Firewall, SSH, and VNC in a multiplatform LAN.

• Installation and Configuration of virtual machines within VMware ESXi and Proxmox.

• Configuration of Web Servers, Reverse Proxies, Database, FTP and DNS Servers. i

• Respond to security alerts with risk evaluation, monitoring, and report on unauthorized access attempts. Education

Self-Taught Urmia, Iran

INFORMATION SECURITY 2015 - Present

• TCP/IP Network Administration

• Information Security The Complete Reference

• OWASP Testing Guide 4.0

Tabriz University Tabriz, Iran

M.S IN AGRICULTURAL MECHANICAL ENGINEERING 2012 - 2015 FARDIN GHOLAMI · RÉSUMÉ 1

Honors & Awards

DOMESTIC

2018 2nd Place, 6th Capture The Flag Contest Isfahan, Iran Projects

Named Data Networking Congestion Control Algorithm M.S THESIS COLLABORATOR Jul 2019 - Oct 2019

• A new congestion control algorithm to decrease latency and improve bandwidth utilization in NDN networks

• Developed a customized python PyBindgen library compatible with ndnSIM PCON (pyBindgen)

• Docker implementation of ndnSIM PCON to decrease environment setup time and increase simulation process reCAPTCHA V2 Bypass

PERSONAL Sep 2017 - Feb 2018

• Developed a fully automated bot capable of bypassing google reCAPTCHA and performing automatic clicks to collect Bitcoin in advertisement websites

FARDIN GHOLAMI · RÉSUMÉ 2

Contact this candidate