ROBERT BABAEV

Cyber Security / Development

Robert Babaev's Logo

About Me

Robert standing in front of the NorthSec 2022 sign

Hi, my name is Robert, and I'm a third year standing student in a Bachelor of Computer Science at Carleton University. Currently, my focus is in cyber security, which I've been involved in for a few years. I like to think of myself as striking a balance between security and development, where I build tooling and practice secure development in the web apps I build to the best of my ability. In other words, I like being either on the purple team or just doing security development work.

I started my cybersecurity journey in 2019 with, of all things, a business pitch. The idea? Hack hackers back. Automatically. An idea riddled with flaws, but I was able to convince the judges of the idea enough that they accepted me into the Hatch 2019 Cohort. It was there that I actually began to study the field in more depth, and realized that in no way was this idea getting off the ground. But that led me to attending a cybersecurity workshop, which got me into Capture the Flag games, and that encouraged me to practice further.

Between June 2021 and June 2022, I tried my hand at competitive Capture the Flag events, with CyberSci Team Canada. I got the opportunity to travel to both Prague, Czechia and Athens, Greece to compete in international CTFs. They were excellent opportunities, which I'm really thankful to CyberSci for, and I was able to see some of Europe for the first time and meet awesome people.

Outside of work, I enjoy doing Muay Thai, playing tabletop RPGs such as Lancer, and spending time with my girlfriend (often on the Minecraft server I host).

Resume

Coop Penetration Tester - SoftwareSecured

2022-05-02 - 2022-08-31
  • Analyzed a potentially malicious file using FlareVM to verify a client's suspicions of malware being sent through their messaging systems
  • Wrote a BASH script to run Nmap scans on all subdomains of a given domain and produce a summary report, using knowledge of BASH scripting and various security reconnaissance programs to reduce the amount of downtime spent in the recon phase of a test
  • Discovered a catastrophic denial of service condition in a medical application using knowledge of regular expressions and research tools, preventing a potential total shutdown of the system

Part Time Software Developer - SoftwareSecured

2022-01-03 - 2022-04-29
  • Wrote an HTML report renderer, using investigative skills in researching HTML/CSS documentation, as well as knowledge of template engine rendering with Django to replace a painfully difficult to maintain report generation flow
  • Investigated potential vulnerabilities in a WordPress site using wpscan and OWASP ZAP, resulting in 2 findings of outdated components with known security vulnerabilities
  • Reviewed source code for a client facing application, using vulnerability databases, search engines, and my own knowledge of NodeJS code to discover a library that had not been maintained for 8 years, allowing the team to use more up-to-date and secure code.

Coop Software Developer - Reshift Security

2021-05-03 - 2021-12-24
  • Implemented a full backup and restore flow using Django management scripts and the Sendsafely API to allow full recovery in disaster scenarios, improving team confidence and testing capabilities
  • Built a secure authentication system for client-facing application using Single Sign On and JWT authentication in Typescript to allow authentication without storing client credentials
  • Assisted in deployment and rollback of web app using Docker, SQL scripts, and Git version control to allow seamless migration between two substantially different versions
  • Wrote a script in Python using the GitHub API to speed up the pro-cess of curating GitHub repositories for a collaborative event with CENGN by 350%

Articles

Selenium Oxide Field Testing @ ICC 2022

NorthSec 2022: Tako SSO Writeup

NorthSec 2022: Rego Prototype Review Writeup

HackTheBox Writeup: Bounty Hunter

Projects

Selenium Oxide

A browser-based web exploitation library written in Python. Uses a builder pattern flow to streamline browser exploitation, along with stealth functions and proxy compatibility.

Vibechek

A music scheduling application that leverages the Spotify API to play playlists according to a user's schedule. Written in NodeJS, Svelte, and SQL with secure practices in mind, such as Argon2 password hashing and deny by default authorization.

Prophet Zero

A behaviour-focused malware analysis tool and database written for GeekPeek 2021. Developed the front end using Quasar/Vue.js.

Personal Website

My personal website! Written in SvelteKit, and using a data API written in Django. Deployed using Nginx and docker-compose! Also contains some fun security measures :)

Contact