Instructed cybersecurity courses on Secure Software Development, Information Security, Network Forensics, and ICT, including conducting hands-on labs.
Supervised undergraduate projects: Oversaw a Bachelor’s Final Year Project and currently supervising two cybersecurity projects, focusing on an Innovative Cyber Deception Solution and AI-based MITRE ATT&CK mapping of vulnerabilities.
Delivered comprehensive OSINT training: Conducted a week-long training session for NACTA Pakistan employees, enhancing their skills in Data Intelligence and analyst mentoring.
Led university penetration testing team: Directed efforts to strengthen network and web portal security against cyber threats, identifying and reporting various vulnerabilities.
Initiated the development and promotion of a revolutionary Compliance Assessment Tool tailored for SMEs in Qatar, aligning with NIA Policy 2.0 and NIA Standard 2.1 Qatar. Collaborating with QDB, the tool marked an 80% increase in compliance rates among SMEs.
Led the innovation and presentation of state-of-the-art decoys within Project SARAB, redefining cyber deception paradigms. By customizing existing decoys and creating new ones, our team ensured robust protection of real assets against cyber threats, resulting in a remarkable 70% decrease in successful attacks on client networks.
Championed Project SnipeX, pushing the boundaries of WAF resilience with advanced payload generation techniques. The project showcased our expertise in Breach and Attack Simulation (BAS), enhancing cyber defense capabilities against evolving threats.
Key contributor to the implementation of NextGen-ASM, a strategic Attack Surface Management initiative. This cutting-edge solution provided real-time insights into digital ecosystems, empowering organizations to proactively detect and prevent threats across multiple client networks.
Promoted cybersecurity awareness through the FIFA Qatar World Cup 2022 assessment, meticulously analyzing applications like the Qatar Railway app to ensure the delivery of safe and secure services to users.
Led compromised assessment efforts leveraging advanced machine learning models to conduct comprehensive evaluations of IT infrastructure. This involved analyzing data collected from systems and networks to identify and prioritize potential security threats. By uncovering hidden threats and vulnerabilities, we fortified overall security posture, reducing attack detection time by 70%.
Led a phishing awareness project, devising various exploits to simulate email theft and account hijacking. Developed a machine learning-based tool that reduced password harvesting attacks by over 80% compared to previous statistics.
Implemented network protection technologies, including IDS/IPS and firewalls, and seamlessly integrated them with various SIEM solutions such as QRadar, Wazuh, and Splunk. Developed a post-attack assessment system, reducing attack detection time by 60%. Successfully enhanced endpoint visibility and cybersecurity measures by integrating IDS/IPS technology with QRadar and Wazuh, leading to a notable 50% reduction in successful attacks on client networks.
Demonstrated effective collaboration with cross-functional teams, showcasing strong communication and teamwork skills essential for successful cybersecurity projects.
Contributed to advanced cybersecurity projects aimed at luring attackers away from real organizational assets by deploying decoy-based deception systems.
Profiling threat actors based on their malicious intents and level of severity for any firm.
Investigated adversaries’ collaborative efforts to launch attacks.
Developed models with advanced capabilities for classifying web attacks using machine learning.
Completed research, compiled data, updated spreadsheets and produced timely reports.
Developed and maintained relationships with key internal stakeholders.
Maintained accurate records and documentation of projects to inform stakeholders of progress and updates.
Optimized the Google knowledge panel and developed a chat application.
Wrote technical documents related to software development and deployment.
Email Hunter developed an innovative self-destructive email stealer that can extract emails from a victim’s computer, send them back to the request originator, and remove footsteps to avoid backtracking.
Email Verifier created an API that lets you verify whether an email exists or not. It was purposed to deal with scenarios when you don’t have information about company emails and you craft them on runtime and then want to test their existence.
Attacker Profile After deploying decoys, created a comprehensive attacker profile to allow victim firms to learn about the foe and act quickly to deter such threat actors from returning.
Phishing Detector a tool that determines if a received email is genuine or a phishing attempt and identifies the true sender by analyzing the email header and revealing the faked address.
Email Header Analyzer created a Python script based on Selenium that quickly and easily analyses the header of any email.
Cyber Deception Threat intelligence deployed different interactive honeypots to attract attackers to abuse them and later analyzed that data to extract actionable insights for an organization to take mitigation actions.
IP Footprints created a Python tool that examines an IP address to find its location and source organization and detects either a normal IP or a bad one. It also checks to see if it belongs to a real person or is a bot.
Binary Footprinting to uncover collaborative efforts by attackers, I have designed a solution that can easily discover how many and which attackers are working in coordination against an organization by analyzing malicious payloads dropped by them.
Machine Learning enabled WAF developed an ML model that classifies the web attacks into different classes, such as SQLi, XSS, LFI, Command Injection, etc., in an autonomous manner.
LinkedIn Scraping created a Python-based scrapper to extract important information about a company’s employees to start cybersecurity campaigns.
Multi Encoder constructed an encoder that can encode web payloads using eleven different schemes and helps in bypassing malicious payloads from Web Application Firewalls.
Sandboxing created a Python tool to automatically submit the collected payloads to the Cuckoo sandbox and download reports after successful analysis, and extracted useful payload attributes from those reports.
VPN Detection automated the process of VPN detection using various open-source tools to detect whether an attacker is using a VPN or not.
Forensics used various tools for the forensics of audio tracks, images, documents, and emails to find hidden information, get contents from password-protected files, and share secret data by hiding it in various formats of files.
Data Visualizations created a graphical representation after extracting threat intelligence from honeypot and firewall logs for executives to determine the system state and effectiveness of the approach.
IP2Country developed an API with the capability of getting the verified origin of an attacker from his IP address.
Text2Image as part of detecting vulnerabilities in an application project’s source, I wrote a Python script to convert text data to images.