I'm
Azhar Ghafoor
Cybersecurity Researcher
|MS Scholar, Data Analyst, Cybersecurity Enthusiast, Cybersecurity Researcher
As a self-driven learner, I have worked in the field of cybersecurity for almost two years and have developed a strong curiosity to learn about the adversarial tactics, techniques, and procedures (TTPs) to safeguard industrial and personal infrastructure. I strongly believe in growing with peers. Therefore, I always try to contribute my existing knowledge to the community. I want to further deepen my expertise in digital forensics, and malware analysis. I would like to work with real-world challenges to prevent threat actors from harming digital infrastructure.
Master's Thesis:
Measuring the Effectiveness of Geotagging in Cyber Deception
Read My Thesis
This degree turned my passion for technology into a future-focused career. Its hands-on, industry-based skills prepared me for an exciting future in a constantly evolving cyber industry.
Researched, evaluated and developed cybersecurity products and tools, learned about threats monitoring, avoiding and elimination, created automated tools to increase the effectiveness of deception setup and got familiarity with new technologies.
With a passion for learning new skills and enhancing my knowledge base with each passing day, I have tried to spend my time on different aspects of the cybersecurity field. Here I have mentioned a few of my skills.
As part of projects "D3cepticon" and "Java Vulnerability Detector", involved with uncovering the type of malicious web payloads, vulnerabilities detection in java language code, and extraction of actionable threat intelligence from raw data to take timely decisions to avoid future assaults.
Participation in advanced cybersecurity projects aimed at luring attackers away from real organisation assets by deploying decoybased deception systems; profiling threat actors based on their malicious intents and level of severity for any firm; investigating adversaries’ collaborative efforts to launch attacks; and developing models with advanced capabilities for classifying web attacks.
As an intern at AKSA-SDS, I was involved in optimization of Google knowledge panel, developmenet of Chat application; and Technical writing
Developed a ML model that classifies the web attacks into different classes such as SQLi, XSS, LFI, and Command Injection etc. in an autonomous manner.
Created a python based scrapper to extract important information of a company's employees to start cybersecurity compaingns
Constructed an encoder that can encode web payloads using eleven different schemes and helps in bypassing the malicious payloads from web application firewalls
Created python scripts to automatically submit the collected payloads to the Cuckoo sandbox and download reports after successful analysis and extracted useful payload attributes from those reports
Used open-source tools to detect whether an attacker is using a VPN or not
Used various tools for the forensics of audio tracks, images, documents, and emails to find hidden information, to get contents from password-protected files, and to share secret data by hiding it in various formats of files
Created a graphical representation after extracting threat intelligence from honeypot and firewall logs for executives to determine the system state and effectiveness of the approach
Developed an API with the capability of getting the verified origin of an attacker from his IP address
As part of detecting vulnerabilities in an application project’s source I wrote a Python script to convert text data to images
Developed an innovative self-destructive email stealer that can extract emails from a victim’s computer and send them back to the request originator and remove footsteps to avoid backtracking.
Created an API that lets you verify whether an email exists or not. It was purposed to deal with scenarios when you don't have information about company emails and you craft them on runtime and then want to test their existence.
After deploying decoys, created a comprehensive attacker profile to allow victim firms to learn about the foe and act quickly to deter such threat actors from returning.
A tool that determines if a received email is genuine or a phishing attempt and identifies the true sender by analysing the email header and revealing the faked address
Created a Python script based on Selenium that quickly and easily analyses the header of any email
Deployed diffrent interactive honeypots to attract attackers to abuse them, lateron analyzed that data to extract actionable insights for organization to take mitigation actions
I created a Python tool that examines an IP address to find its location, source organization, and detects either a normal IP or a bad one. It also checks to see if it belongs to a real person or is a bot.
To uncover collaborative efforts by attackers, I have designed a solution that can easily discover how many and which attackers are working in coordination against an organization by analyzing malicious payloads dropped by them.
Developed a ML model that classifies the web attacks into different classes such as SQLi, XSS, LFI, and Command Injection etc. in an autonomous manner.
Created a python based scrapper to extract important information of a company's employees to start cybersecurity compaingns
Constructed an encoder that can encode web payloads using eleven different schemes and helps in bypassing the malicious payloads from web application firewalls
Created python scripts to automatically submit the collected payloads to the Cuckoo sandbox and download reports after successful analysis and extracted useful payload attributes from those reports
Used open-source tools to detect whether an attacker is using a VPN or not
Used various tools for the forensics of audio tracks, images, documents, and emails to find hidden information, to get contents from password-protected files, and to share secret data by hiding it in various formats of files
Created a graphical representation after extracting threat intelligence from honeypot and firewall logs for executives to determine the system state and effectiveness of the approach
Developed an API with the capability of getting the verified origin of an attacker from his IP address
As part of detecting vulnerabilities in an application project’s source I wrote a Python script to convert text data to images
Developed an innovative self-destructive email stealer that can extract emails from a victim’s computer and send them back to the request originator and remove footsteps to avoid backtracking.
Created an API that lets you verify whether an email exists or not. It was purposed to deal with scenarios when you don't have information about company emails and you craft them on runtime and then want to test their existence.
After deploying decoys, created a comprehensive attacker profile to allow victim firms to learn about the foe and act quickly to deter such threat actors from returning.
A tool that determines if a received email is genuine or a phishing attempt and identifies the true sender by analysing the email header and revealing the faked address
Created a Python script based on Selenium that quickly and easily analyses the header of any email
Deployed diffrent interactive honeypots to attract attackers to abuse them, lateron analyzed that data to extract actionable insights for organization to take mitigation actions
I created a Python tool that examines an IP address to find its location, source organization, and detects either a normal IP or a bad one. It also checks to see if it belongs to a real person or is a bot.
To uncover collaborative efforts by attackers, I have designed a solution that can easily discover how many and which attackers are working in coordination against an organization by analyzing malicious payloads dropped by them.
Developed a ML model that classifies the web attacks into different classes such as SQLi, XSS, LFI, and Command Injection etc. in an autonomous manner.
Huawei Certified ICT Associate of Security
OPSWAT Email Security Associate
Certified Ethical Hacker(in progess)
OPSWAT Network Security Associate
OPSWAT Web Traffic Protection Associate
OPSWAT Endpoint Compliance Associate.
The Art of Defense evasion: Bypass Multi-Factor Authentication (MFA)
Security and Privacy Challenges of Big Data, Solutions and Recommendations
A Technical Review on Maintaining the Privacy and Security in Autonomous Vehicles
Offensive Security: From Backdoor to Visual Reality, Command Control has Evolved
Security and Privacy in Cloud Computing: An Analysis on Modern Approaches
VBVC: Task Scheduling And Distribution In VANET-Based Volunteer Computing
The Internet of Medical Things (IOMT): Security Threats and Issues Affecting the Digital Economy Forecasting
The Trends and Patterns of Crime In San Francisco Using Machine Learning Model
Discover And Automate New Adversarial Attack Paths To Reduce Threat Risks For The Security Of Organizations
Automating Malicious Activities inside Organization to Evaluate Endpoint Security
The Art of Defense evasion: Bypass Multi-Factor Authentication (MFA)
Security and Privacy Challenges of Big Data, Solutions and Recommendations
A Technical Review on Maintaining the Privacy and Security in Autonomous Vehicles
Offensive Security: From Backdoor to Visual Reality, Command Control has Evolved
Security and Privacy in Cloud Computing: An Analysis on Modern Approaches
VBVC: Task Scheduling And Distribution In VANET-Based Volunteer Computing
The Internet of Medical Things (IOMT): Security Threats and Issues Affecting the Digital Economy Forecasting
The Trends and Patterns of Crime In San Francisco Using Machine Learning Model
Discover And Automate New Adversarial Attack Paths To Reduce Threat Risks For The Security Of Organizations
Automating Malicious Activities inside Organization to Evaluate Endpoint Security
The Art of Defense evasion: Bypass Multi-Factor Authentication (MFA)
My Address:
Mail me:
Follow me:
