Skip to main content

Mohammad Raouf Abedini

AI Security Researcher · Vulnerability Research · Offensive Security · Python & Systems Programming

Castle Hill, Sydney, NSW, Australia
[email protected]
github.com/Raoof128 LinkedIn Profile
01.

About

AI security researcher and final-year Cyber Security student at Macquarie University (graduating November 2026) with demonstrated ability to independently discover, validate, and responsibly disclose cross-platform vulnerabilities. Authored “The Invisible Window” — a 12-page IEEE-format security research paper demonstrating 100% screen capture evasion on Windows 10/11 and macOS 14–26 using documented OS-level APIs, with a novel finding that Apple's macOS 15 mitigation remains ineffective on macOS 26. Fluent in Python with production experience across C/C++, TypeScript, and Swift. Completed AI model evaluation for Anthropic (Claude Code Human Preference), benchmarking LLM code outputs for quality, security, and reliability. Motivated by reducing catastrophic risks from advanced AI — eager to measure capability uplift, characterise safety boundaries, and develop defensive applications.

02.

Security Research

The Invisible Window

2026

C, Swift, Python, Win32 API, ScreenCaptureKit, WebRTC

Exploiting OS-Level Display Affinity to Bypass WebRTC Proctoring Systems

  • Discovered and formalised a cross-platform trust boundary violation between the W3C Screen Capture API and the OS compositing pipeline — achieving 100% evasion across all tested platforms with zero visual artefacts over 10,000+ analysed frames
  • Uncovered a novel empirical finding on macOS 26.3.1: Apple's documented ScreenCaptureKit mitigation (macOS 15) remains ineffective — contradicting prevailing community and vendor assumptions through pixel-level forensic verification
  • Executed coordinated responsible disclosure to three proctoring vendors (ProctorU, Proctorio, Respondus) and two OS vendors (Microsoft, Apple) following OWASP/FIRST/CISA disclosure frameworks within a 90-day window
  • Documented measurable AI capability uplift: a single researcher with introductory security knowledge used Claude Opus 4.6 to produce validated cross-platform PoCs in a single research session — the model independently identified the operationally critical distinction between WDA_MONITOR and WDA_EXCLUDEFROMCAPTURE from API documentation
  • Characterised intent-vs-artefact safety boundary: model correctly distinguished research intent from misuse intent at the prompt level, but resulting artefacts (working PoC code) are transferable regardless of framing — a finding directly relevant to ASL threshold calibration
03.

Technical Proficiencies

> Languages

Python (primary), C, C++, TypeScript, JavaScript, Swift, Kotlin, Bash, SQL, Go (familiar)

> Security & Offensive

Vulnerability research, cross-platform exploit development (Win32 API, macOS ScreenCaptureKit), threat modelling, secure code review, penetration testing, responsible disclosure (OWASP/FIRST/CISA), Wireshark, Nmap, Burp Suite

> AI & ML

Large Language Model (LLM) integration & evaluation, AI-assisted vulnerability research, Natural Language Processing (NLP), generative AI tooling, ML model evaluation, dual-use risk assessment

> Systems & Tools

Linux (Ubuntu/Kali), CMake, Docker, Git/GitHub, GitHub Actions CI/CD, Google Test, FastAPI, Cloudflare Workers, libpcap

> Frameworks

Open Web Application Security Project (OWASP) Top 10, MITRE ATT&CK, National Institute of Standards and Technology (NIST) Framework, W3C Screen Capture Specification

04.

Education

Bachelor of Cyber Security

Macquarie University
May 2024 – Nov 2026
Coursework: Digital Forensics, Network Security, Systems Security, Cloud Computing, Natural Language Processing (NLP) & Machine Learning, Privacy-Preserving Data Analysis

Diploma of Information Technology

Macquarie University
Jul 2023 – May 2024
05.

Selected Research & Engineering Projects

NanoMatch [SYSTEMS]

2026

C++20 · CMake · Google Test

Engineered high-performance matching engine processing 1M+ orders/second with sub-microsecond latency — implemented red-black tree price levels, custom memory pool allocator, and comprehensive test suite with p50/p99 latency benchmarks.

SentinelFlow [IDS]

2026

C++17 · libpcap · CMake · Google Test · Linux

Built real-time network packet processing engine parsing 500K+ packets/second — protocol dissection (Ethernet/IPv4/TCP/UDP/ICMP/DNS), signature-based detection engine, and stateful analysis (port scans, SYN floods).

Nexus Archive [FULL-STACK]

2025

Python/Litestar · React · PostgreSQL · Docker · Terraform

Shipped full-stack data platform with AI recommendation engine, event-driven API design, rate limiting, and automated security scanning — end-to-end ownership from database schema to deployment infrastructure.

Mehr Guard [KOTLINCONF]

2024

Kotlin Multiplatform · Local ML · Android & iOS

Built cross-platform offline threat detection tool with local ML-based classification — submitted to KotlinConf global developer conference.

70+ additional public projects on GitHub covering vulnerability research, systems programming, AI/ML tooling, and cloud infrastructure: github.com/Raoof128
06.

Professional Experience

Freelance Full-Stack Developer & Security Engineer

Self-Employed · Jan 2024 – Present
  • Architected production web applications with security-first design for multiple clients using Python, TypeScript, and Cloudflare Workers — serving 1,000+ end users with zero-downtime operation
  • Engineered CI/CD pipelines and automated test suites (500+ tests across 35 locales) via GitHub Actions — reducing deployment failures by approximately 40% through systematic quality assurance
  • Integrated LLM capabilities into client applications, building AI-powered automation tools that empowered non-technical users to manage content workflows independently

IT Manager

Iran Pharmacy · Aug 2019 – May 2024
  • Managed technology infrastructure across a multi-site organisation for 5 years — maintaining 99% system uptime, enforcing role-based access control (RBAC), and automating operational workflows via Python/Bash scripting (~30% reduction in manual tasks)
07.

AI Safety & Community

  • Completed AI model evaluation for Anthropic (Claude Code Human Preference) — benchmarked LLM code outputs across multiple codebases for quality, security, correctness, and reliability
  • Proposed three concrete research directions to Anthropic's Fellows team: systematic uplift measurement across vulnerability classes, intent-vs-artefact safety boundary generalisation testing, and defensive application development — all building on empirical findings from the Invisible Window case study
  • Mentored peers in cybersecurity, C/C++ programming, and systems-level problem-solving at Macquarie University — collaborative technical guidance across coursework, lab environments, and secure coding practices
08.

Additional Information

Available for full-time, 4-month fellowship from July 2026
English (Professional Working) · Persian (Native) · Japanese (Elementary)