Team Lead / Principal engineer / Senior Information Security Analyst
EDUCATION
2011 Ufa State Aviation Technical University, Ufa
General scientific faculty, Engineer - Mathematician
KEY COMPETENCIES
Python Researches IoT GNURadio PoC iOS Reverse-Engineering Network Security PE/ELF C
ASM Cryptography Software Defined Radio Computer Security LTE UMTS GSM/GPRS SSL/TLS
XML SS7 XFS Mathematics HTTP/HTTPS JSON GIT Subversion Mercurial SVN
EXPERIENCE
Company Huawei Technologies Group Co., Ltd.
(https://www.huawei.com/)
Position Team Lead / Principal engineer
Duration September 2019 – until now (2 years 8 months)
Responsibilities Researches: IoT, hardware testing,
chip security analysis.
Team leading/ Project management
Deploying and infrastructure maintaining
Onsite and remote security assessments
Generation and presentation of reports on security vulnerabilities
Analysis of information system security, security audit
Technologies OS: Linux, Android
Language: python, c, asm
Key technologies: gcc, gdb, uart, jtag
Project Security assessments
Description Audit and security analysis of key products of a dedicated business unit.
Responsibilities Deployment and preparing of the testing infrastructure. Vulnerability research and
analysis. Checking the results of a third-party audit. Project management and
preparation of audit reports.
Page 1 of 5
Garipov Artur
Company Dark Matter LLC (https://darkmatter.ae/)
Position Cyber Security Analyst
Duration May 2017 – November 2018 (1 year 6 months)
Responsibilities Researches: telecom (EPC) field, hardware testing,
analysis of the different wireless protocols
Writing a PoC (Proof of Concepts)
Onsite and remote security assessments
Generation and presentation of reports on security vulnerabilities
Analysis of information system security, security audit
Technologies OS: Linux
Language: python, c, GNURadio
Key technologies: gcc, scapy, gr projects, osmo/open bts, openlte, OAI, jtag
Project Security assessments
Description A wide range of analysis of product safety. Software, hardware and wireless
security assessment.
Responsibilities Creation of the test beds for security audit and testing of the mobile equipment
Audit of the Mobile and Telecom networks (air and core parts)
(GSM/GPRS, LTE, UMTS, SS7, DIAMETER, RADIUS). Fake bts, imsi-cacthers.
Spoofing and analysis of the wireless protocols (GPS, GLONASS, BLE,Zwave etc).
SCADA and Industrial Control System security analysis.
Company Positive Technologies
(https://www.ptsecurity.com/)
Position Senior Information Security Analyst
Duration April 2016 – May 2017 (1 year 2 months)
Responsibilities Researches: telecom field, IoT (Internet of Things),
different wireless protocols
Writing a PoC (Proof of Concepts)
Onsite and remote security consulting
Complex technological and architectural network security assessment
Generation and presentation of reports on security vulnerabilities
Analysis of information system security, security audit
Technologies OS: Linux
Language: python, c, GNURadio
Key technologies: gcc, scapy, gr-osmosdr, osmo/open bts, openlte,
Page 2 of 5
Position Cyber Security Analyst
Duration May 2017 – November 2018 (1 year 6 months)
Responsibilities Researches: telecom (EPC) field, hardware testing,
analysis of the different wireless protocols
Writing a PoC (Proof of Concepts)
Onsite and remote security assessments
Generation and presentation of reports on security vulnerabilities
Analysis of information system security, security audit
Technologies OS: Linux
Language: python, c, GNURadio
Key technologies: gcc, scapy, gr projects, osmo/open bts, openlte, OAI, jtag
Project Security assessments
Description A wide range of analysis of product safety. Software, hardware and wireless
security assessment.
Responsibilities Creation of the test beds for security audit and testing of the mobile equipment
Audit of the Mobile and Telecom networks (air and core parts)
(GSM/GPRS, LTE, UMTS, SS7, DIAMETER, RADIUS). Fake bts, imsi-cacthers.
Spoofing and analysis of the wireless protocols (GPS, GLONASS, BLE,Zwave etc).
SCADA and Industrial Control System security analysis.
Company Positive Technologies
(https://www.ptsecurity.com/)
Position Senior Information Security Analyst
Duration April 2016 – May 2017 (1 year 2 months)
Responsibilities Researches: telecom field, IoT (Internet of Things),
different wireless protocols
Writing a PoC (Proof of Concepts)
Onsite and remote security consulting
Complex technological and architectural network security assessment
Generation and presentation of reports on security vulnerabilities
Analysis of information system security, security audit
Technologies OS: Linux
Language: python, c, GNURadio
Key technologies: gcc, scapy, gr-osmosdr, osmo/open bts, openlte,
Page 2 of 5
Project Penetration testing
Description Wireless / Mobile protocols are widely used in industrial systems and in common
life. Attacks on them are considered rare, but exactly this attacks fetch a biggest
damage. It is difficult to detect them and to resist them.
Responsibilities Attacks on Mobile networks and through Mobile networks (air and core)
(GSM/GPRS, LTE, UMTS, SS7). Fake bts, imsi-cacthers. Spoofing wireless
protocols (GPS, GLONASS, BLE, nRF), etc. SCADA and Industrial Control
System security analysis. Banking security analysis (XFS, replay attack and
attacks through service area).
Company Positive Technologies
(https://www.ptsecurity.com/)
Position Information Security Analyst
Duration December 2014 – March 2016 (1 year 4 months)
Responsibilities Network / Computer security analysis
Writing a PoC (Proof of Concepts)
Mobile applications reverse engineering
Penetration / Vulnerability testing
Technologies OS: Linux, Windows, iOS
Language: python, c, asm
Key technologies: gcc, scapy, gdb
Project DPI (Deep Packet Inspection)
Description Deep packet inspection is a form of computer network packet filtering that
examines the data part of a packet as it passes an inspection point.
Responsibilities Writing a PoC for packet reassembling. Decoding of the TLS/SSL HTTPS traffic.
Decoding SSH traffic. Patches for OpenSSH (for key extracting).
Writing a POF (passive OS fingerprinting) tool, based on different methods of
statistical detection. Stress Testing.
Company Individual businessman
Position Researcher
Duration October 2013 – October 2014 (1 year 1 month)
Responsibilities Mobile applications reverse engineering
Applications reverse engineering
Virus analysis
Technologies OS: Windows, Linux, iOS
Language: python, c, asm
Key technologies: gdb, lldb, nasm, gcc, IDA, Olly, Hopper Disassembler
Page 3 of 5
Description Wireless / Mobile protocols are widely used in industrial systems and in common
life. Attacks on them are considered rare, but exactly this attacks fetch a biggest
damage. It is difficult to detect them and to resist them.
Responsibilities Attacks on Mobile networks and through Mobile networks (air and core)
(GSM/GPRS, LTE, UMTS, SS7). Fake bts, imsi-cacthers. Spoofing wireless
protocols (GPS, GLONASS, BLE, nRF), etc. SCADA and Industrial Control
System security analysis. Banking security analysis (XFS, replay attack and
attacks through service area).
Company Positive Technologies
(https://www.ptsecurity.com/)
Position Information Security Analyst
Duration December 2014 – March 2016 (1 year 4 months)
Responsibilities Network / Computer security analysis
Writing a PoC (Proof of Concepts)
Mobile applications reverse engineering
Penetration / Vulnerability testing
Technologies OS: Linux, Windows, iOS
Language: python, c, asm
Key technologies: gcc, scapy, gdb
Project DPI (Deep Packet Inspection)
Description Deep packet inspection is a form of computer network packet filtering that
examines the data part of a packet as it passes an inspection point.
Responsibilities Writing a PoC for packet reassembling. Decoding of the TLS/SSL HTTPS traffic.
Decoding SSH traffic. Patches for OpenSSH (for key extracting).
Writing a POF (passive OS fingerprinting) tool, based on different methods of
statistical detection. Stress Testing.
Company Individual businessman
Position Researcher
Duration October 2013 – October 2014 (1 year 1 month)
Responsibilities Mobile applications reverse engineering
Applications reverse engineering
Virus analysis
Technologies OS: Windows, Linux, iOS
Language: python, c, asm
Key technologies: gdb, lldb, nasm, gcc, IDA, Olly, Hopper Disassembler
Page 3 of 5
Company OZNA: design and manufacturing solutions for
the oil and gas industry (http://eng.ozna.ru/)
Position Software Developer
Duration March 2011 – September 2013 (2 years 7 months)
Responsibilities Automatic Control System for Technological Process (DCS, APCS), SCADA-
package Wonderware InTouch, Historian.
Configuring flow controllers Floboss S600/S600 +, OMNI 6000/3000, SPG 763.
Rework of the requirements of current software object (Delphi, MS SQL).
Formation systems reports, CMC (control metrological characteristics),
verifications.
Commissioning of metering units oil / gas systems and systems of measuring the
quality of oil and gas
Technologies OS: Windows
IDE: Microsoft Visual Studio, Delphi
Language: c#, lua
Key technologies: Network communication, Modbus, OPC, SQL
Company The Ufa plant "Promsvyaz"
(http://www.ps-ufa.ru/)
Position Design engineer / programmer of embedded systems
Duration January 2010 — July 2010 (7 months)
Responsibilities Development of System Software for Set Top Box (IPTV) on OS Linux.
Writing drivers for Linux.
Porting drivers for architecture SuperH.
Cross compile applications.
Debug and upload firmware using a JTAG.
Technologies OS: Linux
Language: c, perl
Key technologies: Network communication, Modbus, OPC, SQL
Page 4 of 5
the oil and gas industry (http://eng.ozna.ru/)
Position Software Developer
Duration March 2011 – September 2013 (2 years 7 months)
Responsibilities Automatic Control System for Technological Process (DCS, APCS), SCADA-
package Wonderware InTouch, Historian.
Configuring flow controllers Floboss S600/S600 +, OMNI 6000/3000, SPG 763.
Rework of the requirements of current software object (Delphi, MS SQL).
Formation systems reports, CMC (control metrological characteristics),
verifications.
Commissioning of metering units oil / gas systems and systems of measuring the
quality of oil and gas
Technologies OS: Windows
IDE: Microsoft Visual Studio, Delphi
Language: c#, lua
Key technologies: Network communication, Modbus, OPC, SQL
Company The Ufa plant "Promsvyaz"
(http://www.ps-ufa.ru/)
Position Design engineer / programmer of embedded systems
Duration January 2010 — July 2010 (7 months)
Responsibilities Development of System Software for Set Top Box (IPTV) on OS Linux.
Writing drivers for Linux.
Porting drivers for architecture SuperH.
Cross compile applications.
Debug and upload firmware using a JTAG.
Technologies OS: Linux
Language: c, perl
Key technologies: Network communication, Modbus, OPC, SQL
Page 4 of 5
LANGUAGES SKILLS
English Advanced
Russian Native
LINKS
https://habrahabr.ru/company/pt/blog/261035/
(http://blog.ptsecurity.com/2015/07/the-mitm-mobile-contest-gsm-network.html)
https://habrahabr.ru/company/pt/blog/269525/
(http://blog.ptsecurity.com/2015/10/hackersim-blamestorming.html)
https://habrahabr.ru/company/pt/blog/281445/
https://habrahabr.ru/company/pt/blog/302490/
(http://blog.ptsecurity.com/2016/06/phd-vi-how-they-stole-our-drone.html)
https://www.youtube.com/watch?v=qBYgXwnsbd4
http://en.2018.mosec.org/
https://www.ruscrypto.ru/program/sections/s_4.html
CONFERENCES ATTENDED
PHDays, MOSEC, NULLCON, DEFCON, BlackHAT, ROOTCON, GRCon, RusCrypto.
Page 5 of 5
English Advanced
Russian Native
LINKS
https://habrahabr.ru/company/pt/blog/261035/
(http://blog.ptsecurity.com/2015/07/the-mitm-mobile-contest-gsm-network.html)
https://habrahabr.ru/company/pt/blog/269525/
(http://blog.ptsecurity.com/2015/10/hackersim-blamestorming.html)
https://habrahabr.ru/company/pt/blog/281445/
https://habrahabr.ru/company/pt/blog/302490/
(http://blog.ptsecurity.com/2016/06/phd-vi-how-they-stole-our-drone.html)
https://www.youtube.com/watch?v=qBYgXwnsbd4
http://en.2018.mosec.org/
https://www.ruscrypto.ru/program/sections/s_4.html
CONFERENCES ATTENDED
PHDays, MOSEC, NULLCON, DEFCON, BlackHAT, ROOTCON, GRCon, RusCrypto.
Page 5 of 5