My name is Ruslan Habalov and I am currently working as a Security Engineer at Google in Switzerland. My two biggest fields of interest are Information Security and Machine Learning. In addition, I like sophisticated challenges, new exciting technologies, psychology and music.
Please note: all opinions on this site are my own.
Subsequently you can find some of my achievements so far:
- Launched pilot for Vulncode-DB – An open-source database (github.com/google/vulncode-db) for vulnerable code
- Published Side-channel attacking browsers through CSS3 features – Research on a bug affecting major browsers like Chrome and Firefox breaking the same origin policy and allowing to steal visual content from sites like Facebook
- Assistant for a TensorFlow basics workshop on the Applied Machine Learning Days conference in Lausanne
- Became a Security Engineer at Google Zurich
- Graduated: M.Sc. with distinction from the RWTH Aachen University
- Earned $22,000 for finding 2 PHP zero-days and hacking Pornhub with two further researchers (see extensive write-ups at How we broke PHP, hacked Pornhub and earned $20,000).
- My team “Secugain” has won against 6 other teams with it-experts from the academic and the professional field. During this cup we had to audit the mobile app SimsMe which is similar to Snapchat and the main E-Post website (secure message transfer) c.f. Dpdhl.
- 2015: Software Engineer Internship at Google Zurich
- 2013: Attended at the national “Deutsche Post” security contest in Germany. My team “Secugain” has scored the second place and has won 8000 Euros. You can find the corresponding article at one of Germany’s biggest it-news magazines Heise.
Some wargames and CTFs that I have played:
- 2015: HackIM 2015. Scored the 3rd place with my team “Full Metal Packet” (compared to 377 participants and teams with over 0 points). This ctf covered the topics: “Reverse Engineering”, “Exploitation”, “Web-security”, “Misc”, “Forensics”, “Programming” and “Cryptography”.
- 2014: https://io.netgarage.org/. This wargame consists of more than 30 levels that require in-depth knowledge about Linux, application security and reverse engineering.
- 2012: http://stripe.com/. Web CTF that required knowledge about web security (SQL-Injections, XSS and similar stuff).
In addition you can find my other blog about Artificial Intelligence at AIvoke.