Robert Babaev's Logo

SCROLL DOWN

// ABOUT ME //

Robert standing in front of the NorthSec 2022 sign

Hey, I'm Robert! Thanks for stopping by. In the modern world, having not only security be an integral part of the development process but also part of culture is increasingly important in the face of rampant cyberattacks.

That's my mission. Since 2019 I've been involved with cybersecurity, and while I like breaking websites wide open, I love locking them down from attacks. Even this portfolio website has a few nifty security tricks up its sleeve despite the small attack surface. (Try bypassing Cloudflare, and if you laugh I'd love to grab a coffee.)

I've done everything from pitch a cybersecurity business while having just started in the field and still getting into an accelerator, to flying to Europe and collaborating with and competing against some of the best university-level hackers on the planet. Am I the best penetration tester or security developer on Earth? Not by a long shot. But I love educating folks looking to get into the field through presentations at my university, and advocating for better security in both conversation and research.

You can find my contact information at the bottom of this page, below my resume, projects, and articles. Let's chat!

// RESUME //

2023-05-01 - 2023-08-18

  • Designed an automation suite for data audits using HTML, JavaScript and VBA to drastically reduce effort and improve efficiency by 200%

2023-01-09 - 2023-04-28

  • Developed a feature using C# and ASP.NET in a Windows environment to export system log data in CSV format, allowing IT personnel to easily process logs in an automatable manner

  • Identified a discrepancy in a development environment using SQL that had blocked progress on a high-priority ticket, allowing development to continue smoothly

2022-05-02 - 2022-08-31

  • Contributed findings to client-facing vulnerability reports using CVSS and DREAD scoring, knowledge of the CIA triad, and realistic attack scenarios to improve client security posture

  • Wrote a BASH script to run Nmap scans on all subdomains of a given domain and produce a summary report, using knowledge of BASH scripting and various security reconnaissance programs to reduce the amount of downtime spent in the recon phase of a test

  • Discovered a catastrophic denial-of-service condition in a medical application using knowledge of regular expressions and Burp Suite, preventing a potential indefinite shutdown of the system

  • Wrote a script to parse library manifests and scan for vulnerabilities on Snyk using Python, concurrent programming, and web scraping techniques, improving static analysis speeds for vulnerable components by 200%

2022-01-03 - 2022-04-29

  • Developed an HTML-based document renderer to replace a previously unmaintainable MS Word-based generator, leveraging knowledge of HTML/CSS, JavaScript, and template engines to generate professional reports in a maintainable manner

  • Investigated potential vulnerabilities in a WordPress site using wpscan and OWASP ZAP, resulting in 2 findings of outdated components with known security vulnerabilities

  • Reviewed source code for a client facing application, using vulnerability databases, search engines, and my own knowledge of NodeJS code to discover a library that had not been maintained for 8 years, allowing the team to use more up-to-date and secure code.

  • Troubleshot a critical issue with Django Forms causing data to disappear, using rigorous testing and source code review to identify the root cause, preventing data corruption and severe delays in report delivery

2021-05-03 - 2021-12-24

  • Implemented a full backup and restore flow for an internal tool using Django management scripts and the SendSafely API to allow full disaster recovery and DevOps version control

  • Built a secure authentication system for client-facing application using Single Sign-On and JWT authentication in TypeScript to allow authentication without storing client credentials

  • Maintained and executed multiple deployments of a Docker-based application, using self-taught skills with the technology to modify the environment as required in accordance with an Agile development flow

  • Wrote a script in Python using the GitHub API to speed up the process of curating GitHub repositories for a collaborative event with CENGN by 350%

// ARTICLES //

Selenium Oxide Field Testing @ ICC 2022

NorthSec 2022: Tako SSO Writeup

NorthSec 2022: Rego Prototype Review Writeup

HackTheBox Writeup: Bounty Hunter

Adding Django Admin Panel MFA to an Existing Project

// PROJECTS //

Selenium Oxide

A browser-based web exploitation library written in Python. Uses a builder pattern flow to streamline browser exploitation, along with stealth functions and proxy compatibility.

Vibechek

A music scheduling application that leverages the Spotify API to play playlists according to a user's schedule. Written in NodeJS, Svelte, and SQL with secure practices in mind, such as Argon2 password hashing and deny by default authorization.

Prophet Zero

A behaviour-focused malware analysis tool and database written for GeekPeek 2021. Developed the front end using Quasar/Vue.js.

Personal Website

My personal website! Written in SvelteKit, and using a data API written in Django. Deployed using Nginx and docker-compose! Also contains some fun security measures :)

Hangar

An offensive security omnitool written in Rust, designed to verify updates and functioning tools, as well as managing commands

// CONTACT //