AbiusX

Menu

AbiusX

Last Update: 2015/03/28

Abbas Naderi Afooshteh Résumé/CV

Caution: most of the items listed on this page, are hyperlinked to other images and/or websites so that the reader can personally verify the authenticity of the claim. If you're reading this on a printed paper, please visit the website.

General Information

  • Official Name: Abbas Naderi-Afooshteh
  • Commonly known as: AbiusX, Abius
  • Current Location: Charlottesville, VA 22901
  • Birthdate: 8th March 1988
  • Cellphone: +1 (434) 466-1257
  • E-Mail: [email protected] (S/MIME Public Key | PGP Public Key)
  • Language: Persian (Native), English (Native), Arabic (Understanding), Japanese (Limited)

Areas of Interest

Professional hacker, information security scientist/researcher, open-source ninja, teacher, entrepreneur.

  • Computer Science:
    • Cryptography
    • Information Security
    • Discrete Mathematics
    • Software Engineering
  • Computer Engineering
    • Game Development
    • Web Development
    • Technical Consultation
    • Managing Servers & Datacenters
  • Humanities:
    • Philosophy
    • Epistemology
    • Cultural Pathology
    • Journalism
    • History of Civilization
    • Project Management
  • Teaching
  • Cyberwars & APTs
  • The Human Brain

Education

  1. University of Virginia
    PhD Computer Science
    PhD Proposal (8/28/2015): Defeating Injection Attacks on Web Applications using Practical Threat Modeling and Hybrid Taint Inference
    Advisor: Jack Davidson
    Chair: John Knight
    Committee: David Evans, R Sekar, Barry Horowitz
    Charlottesville VA, 2013 - Now
  2. Carnegie Mellon University
    Pittsburgh PA, 2013 - GPA 3.8
  3. Sharif University of Technology
    M.Eng Computer Software Engineering
    Tehran, 2012-2013 - GPA 18
  4. Shahid Beheshti University
    B.Eng Computer Engineering - Software Engineering
    Thesis: Secure web application development framework (Professor Ali Zakerolhoseini)
    Tehran, 2006-2011 - GPA 13.2 (Major 15)
  5. Allameh Helli High School
    Tehran, 2002-2006 - GPA 19.2
  6. Allameh Helli 2 Middle School
    Tehran, 1999-2002 - GPA 19.6
  • GRE: 1310 167 (Quantitative), 153 (Verbal), 3.0 (Writing) - 10/2010
  • TOEFL: 117/120 (IBT) Reading 30/30, Listening 30/30, Speaking 28/30, Writing 29/30 - 14 Jan 2012
  • IELTS: 8.0/9.0 Listenning 8, Reading 9, Writing 7, Speaking 7.5 - 19 Nov 2011
  • IQ: approximately 150 Certified by International High IQ Society, 28 March 2012

Job / Career

  1. ZDResearch Co-Founder 2013-2015
    ZDResearch is an international advanced vulnerability research / penetration testing firm with 7+ years of experience.
    • ZDResearch Training Advanced hands-on security training provided by real-world hackers.
    • Binary/Web Analysis List ZDResearch provides binary/web analysis packages containing PoC, technical papers and videos, available as a subscription service.
  2. Etebaran Informatics CIO & Co-Founder 2011-2013
    Etebaran Informatics is a high tech infosec-software firm focused on secure software solutions. We also did a lot of cloud and infrastructure management.
    • MehrPortal Project Wordpress-jframework integration for a complete portal/CMS solution with advanced i18n, security and custom business logic support.
    • jframework jframework is a rapid PHP web/application framework which has been under heavy development for more than six years and supports many rich features. It has also formed many cutting-edge web technologies such as jRBAC and j18n. jframework was the basis for OWASP PHP Security Project, as well as the candidate OWASP framework for PHP.
    • Seraj Project A large-scale enterprise solution for the judiciary system of Iran, handling big-data using a mixture of data-mining and management solutions. This project was developed in the course of two years and is used by all judiciary offices around the country.
  3. OWASP Iran Chapter Leader Member since 2007, Chapter leader since 2012
    • OWASP PHP Security Project leader for OWASP PHP Security Project
    • OWASP PureCaptcha Project leader for OWASP PureCaptcha, an attempt to ease use of CAPTCHAs.
    • OWASP RBAC Project Project leader for OWASP RBAC Project. Role Based Access Control aims to change the way authorization is implemented all around the world.
    • ESAPI Active evaluator of ESAPI project and active developer at PHP ESAPI project.
    • ASVS Evaluator of OWASP Application Security Verification Standard and native (Persian) version author.
    • Top Ten OWASP Top Ten Web Security issues native author.
    • WebGoatPHP OWASP WebGoat Tester and OWASP WebGoatPHP project lead. WebGoat is a educational/testing environment to teach information security practically.
    • PHP Security Standards PHP security standards workgroup.
  4. Smart Customs Project Lead Developer 2011 - 2012
    • The highly critical one milion man-hour financial IT projects of Iran, resulting in more than 800% Customs and Border Protection income for the country.
    • The project was directly tasked by President Ahmadinejad and delivered by a team of 40 scientists and engineers from top Iran universities.
  5. Etebaran CIO 2008 - 2011
  6. Iran Railways Head of Software Security , 2007 - 2009
    • Iran Railways has more than 11000 computer-using personel and more than 1000 offices.
    • Review and standardization of more than 20 wide-scale custom enterprise applications
    • Deriving company information security policies
    • Security consultation to obtain 9 new custom enterprise applications, with more than 20 technical sessions
  7. Ministry of Culture IT Resolutionist & Head of Video Game Resolutions, (2005 - 2007)
    • Defining policies for domestic game market
    • Development of the standard country-wide game rating system
    • Establishing infrastructures and processes for application software resolutions

Courses Lectured

  1. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2006, 10 Sessions
  2. Elementary Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2006, 10 Sessions
  3. Information Security & Cryptography Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 10 Sessions
  4. Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, 25 Sessions
  5. 3D Game Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, 10 Sessions
  6. Cryptography & Information Security Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 7 Sessions
  7. Web Development & Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, 8 Sessions
  8. Modern Web Development Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 3 Sessions
  9. Operating System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, 16 Sessions
  10. Database System Labs Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, 16 Sessions
  11. APT Security & Hacking Private Contractor, Fall 2011, 10 Sessions
  12. CEH Private Contractor, Spring 2011, 20 Sessions
  13. Operating Systems Labs Sharif University of Technology, Computer Engineering Department, Spring 2013

Sessions & Workshops

  1. Modern Media Security 3rd International Digital Media Fair of Tehran, 2009 (OWASP Certified)
  2. General Security in Cyberspace 3rd International Digital Media Fair of Tehran, 2009
  3. General Security in Cyberspace 2nd International Digital Media Fair of Tehran, 2008
  4. General Security in Cyberspace Iran's National TV, IRIB7, 3 Sessions
  5. Participating in Open Source Communities 3rd International Digital Media Fair of Tehran, 2009
  6. Software & Media Protection 3rd International Digital Media Fair of Tehran, 2009
  7. Media Lock Methods 2nd International Digital Media Fair of Tehran, 2008
  8. Western Games Pathology 3rd International Digital Media Fair of Tehran, 2009
  9. Moodle Open Source LMS 3rd International Digital Media Fair of Tehran, 2009
  10. Elementary Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2007
  11. Elementary Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Feb 2008
  12. Elementary Game Development Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jan 2009
  13. Analysis of University Ranking Methodologies Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007
  14. Disk I/O In Visual Basic 6 Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Dec 2007
  15. HTML Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008
  16. CSS Workshop Shahid Beheshti University, Electrical and Computer Engineering Derpartment, March 2008
  17. GUI Programming Concept & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, April 2010
  18. Version Control Systems Theory & Practice Shahid Beheshti University, Electrical and Computer Engineering Derpartment, Jun 2010
  19. Secure Application Development Islamic Republic of Iran Railways, IT Branch, Nov 2007
  20. CLASP Security Model Bandar Abbas, Smart Customs Program, Jul 2011
  21. Epistemologic Information Security Tarbiat Moalem (Kharazmi) University, April 2012

Publications

  1. Abbas Naderi-Afooshteh, Anh Nguyen-Tuong, Mandana Bagheri-Marzijarani, Jason D. Hiser, Jack W. Davidson Joza: Hybrid Taint Inference for Defeating Web Application SQL Injection Attacks, The Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015.
  2. Javad Zandi, Abbas Naderi-Afooshteh LRBAC: Flexible function-level hierarchical role based access control for Linux, 12th International Iranian Society of Cryptology Conference on Information Security and Cryptology (ISCISC), 2015.
  3. Sajjad Arshad, Abbas Naderi, Comparison of Routing Protocols in Mobile Ad-Hoc Wireless Networks, 3rd World Conference on Information Technology (WCIT), 2012.
  4. DNS Hijacking via DNS Rebinding Won $2000 innovative article of the year award, took 6 months to develop and demonstrate.
  5. Secure Web Application Development Framework My BS thesis describing web techonologies from a security perspective and providing a framework to approach and use them in a means of minimizing security risks.

Whitepapers

  1. Fast & Flexible NIST Level 2 Role Based Access Control jrbac, the de-facto RBAC standard in theory.
  2. OWASP ASVS Persian Native Persian version of application security verification standard.
  3. Qt Quick Tutorial
  4. Iran Rankings in the World
  5. Untouched Usages of XOR
  6. Birthday Paradox in Breadth
  7. Feminism in Western Games
  8. Turbo C++ 2D Game Development
  9. Index of Conincidences
  10. An Introduction to Cryptography (Book)
  11. University Rankings Criteria (2009)
  12. Application Security Checklist
  13. Web Security Checklist
  14. Linux Practical Tutorial I mostly used this to kick start my students on Linux world, so that they could do their assignments and projects.
  15. Operating System Labs Manuscript Co-oped with another Operating Systems lab teacher, this manual is a kick-start for operating systems concepts and practice. From boot to most parts of kernel and UI, console capabilities, POSIX and etc. (I also covered most of Prof. Tanenbaums Operating Systems book on the course.)

Honors & Awards

  • Ranked 2nd at DARPA Cyber Grand Challenge autonomous hacking competition ($1,000,000 cash prize)
  • Ranked 1st at National Collegiate Cyber Defense Competition 2018 (taking part as a first-timer team, beating last 5 years' champions altogether)
  • Ranked 1stMid-Atlantic Collegiate Cyber Defense Competition 2018
  • Ranked 1st at Iran's Fifth National Hacking Online Contest (cert.sharif.edu, 2013)
  • Ranked 3rd at Iran's Forth National Hacking Contest (cert.sharif.edu, 2013)
  • Ranked 1st at Iran's Third National Hacking Online Contest (cert.sharif.edu, 2012-2013)
  • Ranked 3rd at Iran's First National Hacking Online Contest (cert.sharif.edu, 2010)
  • Ranked Honorary 1st & Official 5th at Iran's Second National Hacking Contest (cert.sharif.edu, 2010) For participating solo on a contest of teams of three, And staying on top of the scoreboard for 90% of contest time.
  • Ranked 11th at International Hackademic Contest (2010) Participating solo, In a large-scale, four weeks contest of security teams participation
  • Ranked 1st at Stripe CTF hacking contest (2012) among top 100 people who solved all challenges, contest had 6000 hacker participants
  • Ranked 17th in the ACM Collegiate Programming Contest, West Asia Region (2007)
  • Ranked 31th in the ACM Collegiate Programming Contest, West Asia Region (2008)
  • Ranked 36th in Decryption, the international cryptography contest (Feb 2012)
  • Ranked 2nd in the National Iran Open Robocup Festival, Innovations Section (2011)
  • Honorary Undergraduate Scholarship from Sharif University of Technology (2006)
  • Graduate Scholarship from Sharif University of Technology (2012)
  • Bronze Medal of Astronomy Student Olympiads (2005)

Teaching Assistants

  1. Defense Against The Dark Arts University of Virginia, Computer Science, Spring 2014, Prof. Jack Davidson
  2. Computational Complexity University of Virginia, Computer Science, Spring 2014, Prof. Mohammad Mahmoudy
  3. Software Development Methods University of Virginia, Computer Science, Fall 2013, Prof. Luther Tychonievic
  4. Computer Architecture University of Virginia, Computer Science, Fall 2013, Prof. Jack Stankovic
  5. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2007, Prof. Mohsen Ebrahimi Moghaddam
  6. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2008, MS. Ali Vahed
  7. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Alireza Ahmadi Far
  8. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2008, Prof. Malihe Bahadori
  9. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, MS. Ali Vahed
  10. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2009, Prof. Alireza Ahmadi Far
  11. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Alireza Ahmadi Far
  12. Operating Systems Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori
  13. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Malihe Bahadori
  14. Computer Architecture Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2009, Prof. Farshad Safaei
  15. Computer Basics & Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2010, Prof. Alireza Ahmadi Far
  16. Advanced Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Azadeh Mansouri
  17. Internet Engineering Shahid Beheshti University, Electronics & Computer Engineering Department, Spring 2011, Prof. Hasan Haghighi
  18. Machine Language & Assembly Programming Shahid Beheshti University, Electronics & Computer Engineering Department, Fall 2011, Prof. Ahmad Mahmoudi
  19. Computer Networks Shahid Beheshti University, Computer Science Department, Fall 2011, Prof. Ehsan Malekian

Open Source Participation

  • OWASP PureCaptcha Single-file dependency-free CAPTCHA library.
  • WP-SQLI-LAB Wordpress SQL Injection Lab, for testing and automating sql injection research on Wordpress.
  • WP-SQL-SINK Extracts strings and/or un/installs wrappers on SQL sinks (all query functions and methods) for Wordpress (and any other PHP project).
  • OWASP Code Review Guide 2 The open source cloud computing infrastructure, one of the most active open source projects I've ever seen.
  • OpenStack The open source cloud computing infrastructure, one of the most active open source projects I've ever seen.
  • SQLCipher open source encrypted SQLite database, very mature.
  • Darwin High level open source kernel of Mac OS X.
  • XNU-dev Open source fork of Darwin for x86 IBM-PC.
  • OWASP WebGoat Open source educational security application.
  • OWASP ESAPI Enterprise security API framework.
  • OWASP ASVS Application security verification standard.
  • Facebook Mass Friend Removal Script Allows people with lots of friends to filter their lists, something that facebook does not allow.

Notable Work

Mentorship

Pieces of Code

Journalism

  • COMPASS: Finding Your Message Workshop on Scientifically Communicating Scientific Research
  • Certificate of Journalism from Ministry of Science & Higher Education at First Journalism Workshop
  • Editor-In-Chief of Kankash Scientific Journal, Allameh Helli High School
  • Editor-In-Chief of Bazitab Game Pathology Magazine, Ministry of Culture
  • Editor-In-Chief of Millenia Science Electronics & Computer Science Journal, Shahid Beheshti University
  • Editor-In-Chief of Ghasedak Newspaper, A Shahid Beheshti Public Newspaper
  • Editor-In-Chief of Soozan Electronic Magazine, A Shahid Beheshti Popular e-Magazine
  • Editor-In-Chief of Noghte Sare Khat Special Edition, And member of editors board

Student Activity

  • University of Virginia Computer Science Graduate Student Group Co-Lead
  • Director of Allameh Helli High School Yearly Seminar (6 months of 20 people teamwork)
  • Member of Science Society Board of Directors at Shahid Beheshti University,
  • Director of Electronics & Computer Engineering Science Society Board (1 year)
  • Scientific, Cultural, Political Head of Student Council at Shahid Beheshti University
  • Director of Shahid Beheshti University Robocup Team SBCESaviour (Summer 2007)
  • Director of Workshops & Posters section at Iran's 12th International Computer Society Conference
  • Director of Official Welcome Party for Freshmen at Shahid Beheshti University
  • Director of Tours & Trips around the country for Freshmen at Shahid Beheshti University

Scientific Activity

Computer Skills

Programming Languages

  1. C Master
  2. C++ Master
  3. PHP Guru
  4. Java Good, But I hate it
  5. Perl Basic
  6. Basic Master
  7. Pascal Master
  8. Python Good
  9. C# Master
  10. Ada Basic
  11. Delphi Good
  12. FoxPro Basic
  13. Assembly (Intel) Master, AT&T (Master)
  14. Haskell Basic
  15. HLSL Basic
  16. Ruby Basic
  17. LaTeX Basic
  18. Javascript Master
  19. Mathematica Basic
  20. MATLAB Basic
  21. Miranda Basic
  22. Objective-C Good
  23. Scheme Good
  24. Scala Master
  25. Tcl Basic
  26. T-SQL Master
  27. ASP/ASPX Good
  28. HTML Guru
  29. CSS Master
  30. Smalltalk Basic

Operating System

  1. Mac OS X Master
  2. Microsoft Windows Good
  3. Linux Good
    1. Ubuntu/Debian Master
    2. Suse/openSuse Good
    3. CentOS/RDEL Master
    4. Fedora Good
    5. Gentoo Basic
    6. Slackware Basic
    7. Mint Basic
  4. Solaris Basic
  5. BSD Good
  6. openDarwin/pureDarwin Basic
  7. Minix Good

Database System

  1. MySQL Guru
  2. SQL Server Good
  3. SQLite Master
  4. PostgreSQL Basic
  5. Oracle Good
  6. MongoDB Basic

Version Control

  1. Subversion Master
  2. Git Good
  3. CVS Basic
  4. Mercurial Basic
  5. Bazaar Basic

IDE

  1. Eclipse Guru
  2. Visual Studio Good
  3. Xcode Good
  4. Qt Creator Good
  5. NetBeans Good
  6. VIM Master

Site Footer

Copyright © AbiusX.com 2006-2019. All rights reserved.

Sliding Sidebar