About ME

Computer security researcher, developer, and engineer based in Canada, with 10+ years of hands-on experience in application, system, and network security across web, mobile, and compute platforms. Focused on building practical tools and research prototypes, especially in Rust, and translating research into systems that work in real environments. Work includes security-oriented software development, privacy and security analysis, reverse engineering, and malware analysis.

What I work on

Systems and network security engineering across web, mobile, and compute platforms, with a focus on building real-world tooling and prototypes. My work blends security analysis and instrumentation (static/dynamic, user/kernel level) with reverse engineering and malware analysis, and it often goes end-to-end—from traffic and protocol behavior to OS internals.

Recent Experiences

• Fortinet (2025–present): Software developer in the R&D department, working on malware-deception modules, asynchronous web/DNS services, and network-based deception techniques.
• Concordia University (2020–2025): PhD research on large-scale Android privacy and security analysis, including tooling, tracing techniques, and eBPF-based instrumentation.

Education

• PhD, Information and Systems Engineering — Concordia University (2020–2025).
  • Thesis: Uncovering Privacy and Security Issues in Android Apps at Scale Through Comprehensive Dynamic Analysis.
• MSc, Secure Computation (2017–2020).
  • Thesis: Designing a Framework for Security Assessment in the IoT Application Layer.

Publications

• Racing for TLS Certificate Validation: A Hijacker’s Guide to the Android TLS Galaxy — USENIX Security Symposium (USENIX ’24).
• LURK-T: Limited Use of Remote Keys with Added Trust in TLS 1.3 — IEEE Transactions on Network Science and Engineering (TNSE 2024).
• Leaky Kits: The Increased Risk of Data Exposure from Phishing Kits — APWG eCrime (eCrime’22).
• Hidden in Plain Sight: Exploring Encrypted Channels in Android apps — ACM SIGSAC Conference on Computer and Communications Security (CCS ’22).

Press

• We caught technicians at Best Buy, Mobile Klinik, Canada Computers and others snooping on our personal devices — CBC News.
• How a hidden Android bug could endanger your personal data — Concordia University News.

Awards & disclosures

• Competitive CTF background including 1st place at NSec 2019 and 1st place at the 7th international SharifCTF (2016).
• Disclosed multiple vulnerabilities, including CVEs affecting DotNetNuke (DNN), Apple OS X Server, Ettercap, and MailEnable.