Robert Babaev's Logo

About Me

Robert standing in front of the NorthSec 2022 sign

Hi, my name is Robert, and I'm a fourth year standing student in a Bachelor of Computer Science at Carleton University. Currently, my focus is in cyber security, which I've been involved in for a few years. I like to think of myself as striking a balance between security and development, where I build tooling and practice secure development in the web apps I build to the best of my ability. In other words, I like being either on the purple team or just doing security development work.

I started my cybersecurity journey in 2019 with, of all things, a business pitch. The idea? Hack hackers back. Automatically. An idea riddled with flaws, but I was able to convince the judges of the idea enough that they accepted me into the Hatch 2019 Cohort. It was there that I actually began to study the field in more depth, and realized that in no way was this idea getting off the ground. But that led me to attending a cybersecurity workshop, which got me into Capture the Flag games, and that encouraged me to practice further.

Between June 2021 and June 2022, I tried my hand at competitive Capture the Flag events, with CyberSci Team Canada. I got the opportunity to travel to both Prague, Czechia and Athens, Greece to compete in international CTFs. They were excellent opportunities, which I'm really thankful to CyberSci for, and I was able to see some of Europe for the first time and meet awesome people.

Outside of work, I enjoy doing Muay Thai, playing tabletop RPGs such as Lancer, writing third party RPG supplements and open source software, and spending time with my girlfriend (often on the Minecraft server I host).

Resume

2023-01-09 - 2023-04-28
  • Developed a feature using C# and ASP.NET in a Windows environment to export system log data in CSV format, allowing IT personnel to easily process logs in an automatable manner
  • Identified a discrepancy in a development environment using SQL that had blocked progress on a high-priority ticket, allowing development to continue smoothly

2022-05-02 - 2022-08-31
  • Contributed findings to client-facing vulnerability reports using CVSS and DREAD scoring, knowledge of the CIA triad, and realistic attack scenarios to improve client security posture
  • Wrote a BASH script to run Nmap scans on all subdomains of a given domain and produce a summary report, using knowledge of BASH scripting and various security reconnaissance programs to reduce the amount of downtime spent in the recon phase of a test
  • Discovered a catastrophic denial-of-service condition in a medical application using knowledge of regular expressions and Burp Suite, preventing a potential indefinite shutdown of the system
  • Wrote a script to parse library manifests and scan for vulnerabilities on Snyk using Python, concurrent programming, and web scraping techniques, improving static analysis speeds for vulnerable components by 200%

2022-01-03 - 2022-04-29
  • Developed an HTML-based document renderer to replace a previously unmaintainable MS Word-based generator, leveraging knowledge of HTML/CSS, JavaScript, and template engines to generate professional reports in a maintainable manner
  • Investigated potential vulnerabilities in a WordPress site using wpscan and OWASP ZAP, resulting in 2 findings of outdated components with known security vulnerabilities
  • Reviewed source code for a client facing application, using vulnerability databases, search engines, and my own knowledge of NodeJS code to discover a library that had not been maintained for 8 years, allowing the team to use more up-to-date and secure code.
  • Troubleshot a critical issue with Django Forms causing data to disappear, using rigorous testing and source code review to identify the root cause, preventing data corruption and severe delays in report delivery

2021-05-03 - 2021-12-24
  • Implemented a full backup and restore flow for an internal tool using Django management scripts and the SendSafely API to allow full disaster recovery and DevOps version control
  • Built a secure authentication system for client-facing application using Single Sign-On and JWT authentication in TypeScript to allow authentication without storing client credentials
  • Maintained and executed multiple deployments of a Docker-based application, using self-taught skills with the technology to modify the environment as required in accordance with an Agile development flow
  • Wrote a script in Python using the GitHub API to speed up the process of curating GitHub repositories for a collaborative event with CENGN by 350%

Articles

Selenium Oxide Field Testing @ ICC 2022

NorthSec 2022: Tako SSO Writeup

NorthSec 2022: Rego Prototype Review Writeup

HackTheBox Writeup: Bounty Hunter

Adding Django Admin Panel MFA to an Existing Project

Projects

Selenium Oxide

A browser-based web exploitation library written in Python. Uses a builder pattern flow to streamline browser exploitation, along with stealth functions and proxy compatibility.

Vibechek

A music scheduling application that leverages the Spotify API to play playlists according to a user's schedule. Written in NodeJS, Svelte, and SQL with secure practices in mind, such as Argon2 password hashing and deny by default authorization.

Prophet Zero

A behaviour-focused malware analysis tool and database written for GeekPeek 2021. Developed the front end using Quasar/Vue.js.

Personal Website

My personal website! Written in SvelteKit, and using a data API written in Django. Deployed using Nginx and docker-compose! Also contains some fun security measures :)

Hangar

An offensive security omnitool written in Rust, designed to verify updates and functioning tools, as well as managing commands

Contact