Skip to main content

/

دانلود رزومه

Mohammad Raouf Abedini

AI Security Researcher · Vulnerability Research · Offensive Security · Python & Systems Programming

Castle Hill, Sydney, NSW, Australia
[email protected]·[email protected]
github.com/Raoof128 LinkedIn Profile
01.

About

AI security researcher and final-year Cyber Security student at Macquarie University (graduating November 2026) with demonstrated ability to independently discover, validate, and responsibly disclose cross-platform vulnerabilities. Authored “The Invisible Window” — a 12-page IEEE-format security research paper demonstrating 100% screen capture evasion on Windows 10/11 and macOS 14–26 using documented OS-level APIs. Recent research also includes Project Simurgh privacy-preserving integrity evidence (DOI: 10.5281/zenodo.20549736) and Aion-BibleQA citation-faithfulness evaluation for Bible RAG systems (DOI: 10.5281/zenodo.20522874). Completed AI model evaluation for Anthropic (Claude Code Human Preference), benchmarking LLM code outputs for quality, security, and reliability.

02.

Security Research

The Invisible Window

2026

C, Swift, Python, Win32 API, ScreenCaptureKit, WebRTC

Exploiting OS-Level Display Affinity to Bypass WebRTC Proctoring Systems

  • Discovered and formalised a cross-platform trust boundary violation between the W3C Screen Capture API and the OS compositing pipeline — achieving 100% evasion across all tested platforms with zero visual artefacts over 10,000+ analysed frames
  • Uncovered a novel empirical finding on macOS 26.3.1: Apple's documented ScreenCaptureKit mitigation (macOS 15) remains ineffective — contradicting prevailing community and vendor assumptions through pixel-level forensic verification
  • Executed coordinated responsible disclosure to three proctoring vendors (ProctorU, Proctorio, Respondus) and two OS vendors (Microsoft, Apple) following OWASP/FIRST/CISA disclosure frameworks within a 90-day window
  • Documented measurable AI capability uplift: a single researcher with introductory security knowledge used Claude Opus 4.6 to produce validated cross-platform PoCs in a single research session — the model independently identified the operationally critical distinction between WDA_MONITOR and WDA_EXCLUDEFROMCAPTURE from API documentation
  • Characterised intent-vs-artefact safety boundary: model correctly distinguished research intent from misuse intent at the prompt level, but resulting artefacts (working PoC code) are transferable regardless of framing — a finding directly relevant to ASL threshold calibration
03.

Technical Proficiencies

> Languages

Python (primary), C, C++, TypeScript, JavaScript, Swift, Kotlin, Bash, SQL, Go (familiar)

> Security & Offensive

Vulnerability research, cross-platform exploit development (Win32 API, macOS ScreenCaptureKit), threat modelling, secure code review, penetration testing, responsible disclosure (OWASP/FIRST/CISA), Wireshark, Nmap, Burp Suite

> AI & ML

Large Language Model (LLM) integration & evaluation, Retrieval-Augmented Generation (RAG) evaluation, citation-faithfulness benchmarking, AI-assisted vulnerability research, Natural Language Processing (NLP), generative AI tooling, ML model evaluation, dual-use risk assessment

> Systems & Tools

Linux (Ubuntu/Kali), CMake, Docker, Git/GitHub, GitHub Actions CI/CD, Google Test, FastAPI, Cloudflare Workers, libpcap

> Frameworks

Open Web Application Security Project (OWASP) Top 10, MITRE ATT&CK, National Institute of Standards and Technology (NIST) Framework, W3C Screen Capture Specification

04.

Education

Bachelor of Cyber Security

Macquarie University
May 2024 – Nov 2026
Coursework: Digital Forensics, Network Security, Systems Security, Cloud Computing, Natural Language Processing (NLP) & Machine Learning, Privacy-Preserving Data Analysis

Diploma of Information Technology

Macquarie University
Jul 2023 – May 2024
05.

Selected Research & Engineering Projects

Project Simurgh [INTEGRITY]

2026

Node.js · Express · Browser Telemetry · HMAC Audit Chain · Privacy Engineering

Built zero-trust integrity API and published privacy-preserving device-integrity preprint plus Phase C voting-adjacent supplement at Macquarie University — 31 consented sessions, structural ballot-choice exclusion, HMAC-SHA-256 audit chain, and 5/5 collection-closure gates. DOI: 10.5281/zenodo.20549736.

Aion [BIBLE RAG]

2026

React Native · Expo · Supabase · pgvector · Gemini · OpenAI Embeddings · Tauri v2

Built AI-powered Bible companion and authored Aion-BibleQA, an 8-page preprint introducing a 40-question benchmark for citation faithfulness and false-premise robustness — R@5 = 0.941, mean citation_support = 0.978, zero unsupported citations, and 6/6 false-premise refusals. DOI: 10.5281/zenodo.20522874.

NanoMatch [SYSTEMS]

2026

C++20 · CMake · Google Test

Engineered high-performance matching engine processing 1M+ orders/second with sub-microsecond latency — implemented red-black tree price levels, custom memory pool allocator, and comprehensive test suite with p50/p99 latency benchmarks.

SentinelFlow [IDS]

2026

C++17 · libpcap · CMake · Google Test · Linux

Built real-time network packet processing engine parsing 500K+ packets/second — protocol dissection (Ethernet/IPv4/TCP/UDP/ICMP/DNS), signature-based detection engine, and stateful analysis (port scans, SYN floods).

Nexus Archive [FULL-STACK]

2025

Python/Litestar · React · PostgreSQL · Docker · Terraform

Shipped full-stack data platform with AI recommendation engine, event-driven API design, rate limiting, and automated security scanning — end-to-end ownership from database schema to deployment infrastructure.

Mehr Guard [KOTLINCONF]

2024

Kotlin Multiplatform · Local ML · Android & iOS

Built cross-platform offline threat detection tool with local ML-based classification — submitted to KotlinConf global developer conference.

70+ additional public projects on GitHub covering vulnerability research, systems programming, AI/ML tooling, and cloud infrastructure: github.com/Raoof128
06.

Professional Experience

Freelance Full-Stack Developer & Security Engineer

Self-Employed · Jan 2024 – Present
  • Architected production web applications with security-first design for multiple clients using Python, TypeScript, and Cloudflare Workers — serving 1,000+ end users with zero-downtime operation
  • Engineered CI/CD pipelines and automated test suites (500+ tests across 35 locales) via GitHub Actions — reducing deployment failures by approximately 40% through systematic quality assurance
  • Integrated LLM capabilities into client applications, building AI-powered automation tools that empowered non-technical users to manage content workflows independently

IT Manager

Iran Pharmacy · Aug 2019 – May 2024
  • Managed technology infrastructure across a multi-site organisation for 5 years — maintaining 99% system uptime, enforcing role-based access control (RBAC), and automating operational workflows via Python/Bash scripting (~30% reduction in manual tasks)
07.

AI Safety & Community

  • Completed AI model evaluation for Anthropic (Claude Code Human Preference) — benchmarked LLM code outputs across multiple codebases for quality, security, correctness, and reliability
  • Proposed three concrete research directions to Anthropic's Fellows team: systematic uplift measurement across vulnerability classes, intent-vs-artefact safety boundary generalisation testing, and defensive application development — all building on empirical findings from the Invisible Window case study
  • Mentored peers in cybersecurity, C/C++ programming, and systems-level problem-solving at Macquarie University — collaborative technical guidance across coursework, lab environments, and secure coding practices
08.

Additional Information

Available for full-time, 4-month fellowship from July 2026
English (Professional Working) · Persian (Native) · Japanese (Elementary)