Awaab KheiriSecurity Testing & Vulnerability Research
Specializing in practical security testing, vulnerability discovery, and secure system design. Working across web, cloud, and network environments to build stronger defenses through methodical analysis and hands-on experimentation.
Open to cybersecurity R&D internships, research roles, and offensive security opportunities.
Backend Engineering — SaMaS Gamify
Backend engineering for gamified learning platforms and serverless APIs.
Backend Engineer — SaMaS Gamify
Built and maintained serverless backends and relational data stores for gamified learning platforms.
AWS Lambda serverless functions
PostgreSQL backend development and schema design
Featured Work
Selected projects and security research write-ups
Dynamic Analysis of njRAT v0.6.4
This report presents a dynamic analysis of njRAT v0.6.4, following a previous static analysis of the same sample. Using VMware, FLARE VM, Process Monitor, Regshot, Wireshark, and FakeNet, the malware was executed in an isolated environment to validate hypotheses derived from static reverse engineering. The analysis confirms the dropper behavior, registry-based persistence, firewall modifications, TCP communication with the command-and-control infrastructure, and the initial C2 beacon containing host fingerprint information. It also identifies a secondary payload (windows.exe), compares runtime observations against static predictions, and highlights findings that remain inconclusive.
Static Analysis of njRAT v0.6.4
A static analysis of njRAT v0.6.4, a well-known Remote Access Trojan first observed in 2012 and linked to a developer known as njq8. The sample, obtained from the theZoo malware repository, was analyzed using DIE, strings, and dnSpy. Analysis reveals the main executable is a dropper that silently delivers two obfuscated payloads. The writeup covers dropper behavior, privilege escalation indicators, registry-based persistence, firewall modification, capability analysis including keylogging, credential theft, remote shell, and camera surveillance, as well as encryption indicators and attribution artifacts extracted from the binary. Several findings remain unconfirmed pending dynamic analysis.
Hardware Security Assessment: $10 IoT Camera Network Analysis
This report documents Part 2 of a hardware security assessment on a budget IoT camera ($10 USD). Through isolated network traffic analysis using Wireshark, I captured and analyzed the camera's network behavior. Key findings include: unencrypted bootloader communication, encrypted video stream on UDP port 34593 (local-only transmission), mandatory WireGuard VPN tunnel to manufacturer's server, and telemetry collection via msftconnect.com connectivity checks. The analysis reveals the device prioritizes cloud connectivity over local security, with all non-video traffic routed through an encrypted manufacturer-controlled tunnel.
Hardware Security Assessment: $10 IoT Camera UART Extraction & Firmware Analysis
This report documents a hardware security assessment of a budget IoT camera ($10 USD). Through UART extraction and bootloader analysis, I successfully captured the full boot sequence, identifying critical firmware vulnerabilities: Ingenic XBurst T23 SoC with EOL U-Boot 2013.07 and Linux 3.10.14 kernel—both lacking 8+ years of security patches. The analysis reveals absent secure boot mechanisms, writable flash partitions, and exposed debug interfaces. Part 1 establishes the attack surface; subsequent phases will involve SPI flash extraction and network reconnaissance for deeper vulnerability mapping.