You like that, huh?

Would you like some help on this one?

Enable Gyroscope

On iOS devices, manual Gyroscope permission is required to enable motion controls for the globe visualization.

RAFET ABBASLI

Offensive Security Researcher Senior Software Engineer

View my public resume

Philosophy behind my work

Principles that guide my approach to security research and software engineering.

(Tap on cards to expand)

Zero Trust Security

Assumptions are the mother of all mistakes. I design systems that verify everything, trust nothing, and minimize attack surfaces.

Complexity Reduction

Complexity is where vulnerabilities hide. I fight bloat to keep systems auditable, maintainable, and inherently secure.

Automation First

Human labor is error-prone. I automate repetitive tasks to ensure consistency, reduce mistakes, and free up time for creative problem-solving.

Evidence-Based Decisions

Heuristics is exploitable. I trust logs, metrics, and Proof-of-Concepts (PoCs) over gut feelings to guide my architectural and security choices.

Performance is not Optional

Whether I design for millions of users or a niche audience, I prioritize speed and efficiency to deliver seamless experiences.

Modular Architecture

Monoliths get messy. I build systems with interchangeable components to enhance flexibility, scalability, and ease of maintenance.

Looking for proof of my skills?
Check out my write-ups about my discoveries.

Engineering & Technical Expertise

Declassified architectural overviews of my recent work.

Distributed Threat Intelligence Pipeline

Event-driven architecture handling TB-scale ingestion from hostile sources.

RabbitMQZooKeeperRedisProtobufAsyncIO

The Challenge: Monitoring thousands of dark-web and surface-web sources concurrently without triggering rate limits or losing data consistency.

The Architecture: Designed a distributed system where ZooKeeper manages distributed locks to coordinate hundreds of asynchronous workers, preventing race conditions. RabbitMQ handles high-throughput message brokering for task dispatching.

The Result: A fault-tolerant pipeline capable of ingesting and normalizing terabytes of unstructured threat data into a centralized Data Lake using Protocol Buffers for efficient serialization.

Adversarial Browser Automation

Bypassing advanced anti-bot fingerprinting (TLS, Canvas, Audio) in real-time.

CDP (DevTools Protocol)RustReverse EngineeringAnti-Fingerprinting

The Challenge: Automating interactions with cybercrime forums protected by military-grade anti-bot solutions (Cloudflare Turnstile, ReCAPTCHA v3, DDoS-Guard) where standard Selenium/Puppeteer gets flagged instantly.

The Solution: Moved beyond WebDriver. I engineer direct Chrome DevTools Protocol (CDP) injections to patch JavaScript execution contexts and normalize browser entropy (Canvas, WebGL, AudioContext).

The Result: A stealth automation framework that mimics human behavior patterns, solves interactive CAPTCHAs programmatically, and maintains persistent sessions in hostile environments.

Mobile Threat Vector Analysis

Automated static analysis pipeline for Android (APK) malware detection.

MobSFStatic AnalysisDecompilationPython

The Challenge: Detecting brand impersonation and malware across unregulated third-party app stores where no official API exists.

The Solution: Built a watchdog that crawls shadow app stores, downloads APKs, and performs automated static analysis. It decompiles binaries to search for malicious permissions, hardcoded secrets, and repackaged code signatures.

The Result: An automated dragnet that identifies and flags fraudulent mobile applications before they gain traction, feeding intelligence directly into the central security dashboard.

Black-Box API Reverse Engineering

Reconstructing undocumented internal APIs for emulation and monitoring.

Traffic AnalysisCert Pinning BypassMitMProtocol Analysis

The Challenge: Monitoring social platforms and closed networks that do not offer public APIs.

The Solution: I use advanced MitM techniques to bypass SSL pinning on mobile and web clients, capturing and analyzing proprietary traffic. I then reverse-engineer the request signing logic and data structures.

The Result: Creation of custom, lightweight API clients that replicate the behavior of official apps, allowing for low-bandwidth, high-speed monitoring without the overhead of a full browser stack.

Summary of my technical skills

A quick overview of the tools, technologies, and methodologies I employ regularly.

DISTRIBUTED SYSTEMS ARCHITECTURE
HIGH-PERFORMANCE PYTHON
RUST & GO
THREAT INTELLIGENCE PIPELINES
EVENT-DRIVEN INFRASTRUCTURE
RABBITMQ
REDIS
DOCKER (PODMAN)
KUBERNETES
POSTGRESQL
ELASTICSEARCH
MONGODB
AWS S3
ANSIBLE
GITHUB ACTIONS
SECURE SDLC
DISTRIBUTED SYSTEMS ARCHITECTURE
HIGH-PERFORMANCE PYTHON
RUST & GO
THREAT INTELLIGENCE PIPELINES
EVENT-DRIVEN INFRASTRUCTURE
RABBITMQ
REDIS
DOCKER (PODMAN)
KUBERNETES
POSTGRESQL
ELASTICSEARCH
MONGODB
AWS S3
ANSIBLE
GITHUB ACTIONS
SECURE SDLC
OFFENSIVE SECURITY RESEARCH
ADVANCED ANTI-BOT EVASION
BURP SUITE
FRIDA
REVERSE ENGINEERING
BROWSER INSTRUMENTATION (CDP)
BINARY NINJA
APK STATIC ANALYSIS
CAIDO
REQABLE
WIRESHARK
MITM PROXY
DRISSIONPAGE
KERNELSU & LSPOSED
API SECURITY BYPASSING
MOBSF
OSINT & DIGITAL FOOTPRINTING
OFFENSIVE SECURITY RESEARCH
ADVANCED ANTI-BOT EVASION
BURP SUITE
FRIDA
REVERSE ENGINEERING
BROWSER INSTRUMENTATION (CDP)
BINARY NINJA
APK STATIC ANALYSIS
CAIDO
REQABLE
WIRESHARK
MITM PROXY
DRISSIONPAGE
KERNELSU & LSPOSED
API SECURITY BYPASSING
MOBSF
OSINT & DIGITAL FOOTPRINTING
ARCH LINUX
HYPRLAND
ZSH + STARSHIP
ALACRITTY
ASTRO
HTMX
THREE.JS
WEBGL & GLSL
RIPGREP
HTTPIE
JQ
YAAK
BEEKEEPER STUDIO
MACOS
NOTESNOOK
FX
DMS
SVG ANIMATION
ARCH LINUX
HYPRLAND
ZSH + STARSHIP
ALACRITTY
ASTRO
HTMX
THREE.JS
WEBGL & GLSL
RIPGREP
HTTPIE
JQ
YAAK
BEEKEEPER STUDIO
MACOS
NOTESNOOK
FX
DMS
SVG ANIMATION

Coded for this year

I'm a polyglot developer. Here's a breakdown of the top programming languages I've used recently.

Language Time spent Percentage
00 languages in total