Babak (Bob) AminAzad, PhD
Senior Systems Engineer at CloudflareContact
- silverfoxy
- babakaminazad
- Stony Brook, NY
Web Security
Penetration Testing
-
PHP Static/Dynamic Analysis
-
Courses
Machine Learning
-
Data Science
-
Bots & Automation
Browser & bot automation
-
Analysis of anti-bot mechanisms
-
Mobile Security
Android Mobile Application Penetration Testing
-
Mobile Malware Analysis
-
Malware Detection & Sandboxing
-
iOS 3rd Party Market Analysis
-
Awards
Best Systems and Security Poster Award
Stony Brook University Graduate Research Day 2022
Best Film Editing Award
IEEE S&P 2021
Best Film Editing Award (Most Creative Video) for "Good Bot, Bad Bot: Characterizing Automated Browsing Activity" paper - Video
Best Paper Award (3rd)
2021 Applied Research Competition by Cybersecurity Games & Conference (CSAW)
Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits CSAW 2021 Winners
Best Presentation Award
17th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)
DIMVA 2020 Best Presentation Award for Web Runner 2049: Evaluating Third-Party Anti-bot Services Announcement - Video
About Me
I’m currently a senior systems engineer/researcher at Cloudflare where I work with the Bot Management R&D team and I am a member of the AI Bureau at Cloudflare. My main responsibility is to design and develop robust systems to detect and block unwanted bot traffic towards websites. I research and build detection signals, train and deploy machine learning models, and contribute to our MLOps pipeline. Most recently, I have designed and deployed HTTP/3 fingerprint, residential proxy signals, and trained ML models v7 (2023) and v8 (2024) currently used in production to detect bots running on more than 46 million HTTP requests per second.
I serve on the program committee of multiple top tier security conferences. I have graduated with a PhD from the Stony Brook University in 2022 where I worked under the supervision of Professor Nikiforakis at the PragSec Lab. My main research focus aimed at uncovering vulnerabilities and practices, that make the web insecure. More specifically, my research goal was to make web applications safer, by reducing their attack surface through software debloating. I incorporate static and dynamic analysis techniques to identify unused features in web applications and remove them. In my prior work, I have showed that this method of attack surface reduction is highly effective in removing exploitable vulnerabilities from web applications. I make parsers, code analyzers and symbolic execution engines. Orthogonally to my work on attack surface reduction, I studied browser fingerprintong and designed mechanisms to detect malicious bots on the internet and protect websites by differentiating malicious bot traffic from regular users.
Talks & Publications
-
AnimateDead: Debloating Web Applications Using Concolic Execution (Artifacts)
Babak Amin Azad, Rasoul Jahanshahi, Christos Tsoukaladelis, Manuel Egele, and Nick Nikiforakis
Usenix Security 2023
August, 2023 -
Minimalist: Semi-automated Debloating of PHP Web Applications through Static Analysis (Artifacts)
Rasoul Jahanshahi, Babak Amin Azad, Nick Nikiforakis, and Manuel Egele
Usenix Security 2023
August, 2023 -
RoleModels: Role-based Debloating For Web Applications (Artifacts)
Babak Amin Azad and Nick Nikiforakis
ACM CODASPY 2023
April, 2023 -
Catching Transparent Phish: Understanding and Detecting MITM Phishing Kits
Boston University Security Camp
August, 2022 -
Mitigating MITM Phishing Toolkit Attacks that Bypass MFA (video)
I2 Online
June, 2022 -
The Droid is in the Details: Environment-aware Evasion of Android Sandboxes
Brian Kondracki, Babak Amin Azad, Najmeh Miramirkhani, and Nick Nikiforakis
Network and Distributed System Security Symposium 2022
February, 2022 -
Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits
Brian Kondracki, Babak Amin Azad, Oleksii Starov, and Nick Nikiforakis
CSAW '21 Finalist (3rd place)
ACM CCS 2021
November, 2021
Media Coverage: The Hacker News, Slashdot, The Record, Gizmodo, CyberNews, MalwareBytes, Avast -
Good Bot, Bad Bot: Characterizing Automated Browsing Activity
Xigao Li, Babak Amin Azad, Amir Rahmati, and Nick Nikiforakis
IEEE Symposium on Security and Privacy (S&P) 2021
May, 2021 -
Less is More: Introducing an Automated Debloating Pipeline based on Dynamic Web Application Usage (Artifacts)
TPCP Software Security Summer School (SSSS '20)
August, 2020 -
Web Runner 2049: Evaluating Third-Party Anti-bot Services (video)
Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
DIMVA 2020 (Won Best Video Presentation Award)
July, 2020 -
Taming The Shape Shifter: Detecting Anti-fingerprinting Browsers (video)
Babak Amin Azad, Oleksii Starov, Pierre Laperdrix, and Nick Nikiforakis
DIMVA 2020
July, 2020 -
Less is More: Web Application Attack Surface Reduction Through Software Debloating (video)
Georgia Tech Cybersecurity Lecture Series
April, 2020 -
Gas What? I can see you GasPots. Studying the fingerprintability of ICS honeypots in the wild
Mohammad-Reza Zamiri-Gourabi, Ali Razmjoo Qalaei, Babak Amin Azad
ACSAC 2019, Puerto Rico, USA
December, 2019 -
Less is More: Quantifying the Security Benefits of Debloating Web Applications
OWASP Global AppSec 2019, Washington, D.C, USA
September, 2019 -
Less is More: Quantifying the Security Benefits of Debloating Web Applications (video)
Babak Amin Azad, Pierre Laperdrix, and Nick Nikiforakis
USENIX Security ’19, Santa Clara, CA, USA
August, 2019 -
Fingerprinting users on the web. The good, the bad and the ugly.
P0SCON 2018 Conference, Urmia University of Technology
August, 2018 -
Penetration Testing Methods for Android Applications
1st Offseconf Conference, Khaje Nasir Toosi University
November, 2016 -
Ransomware Threats and Mitigation Techniques
5th Annual Conference on E-Banking and Payment Systems
January, 2016
Service
Reviewer for ACM CCS 2024 Conference
Reciewer for RAID 2024 Conference
Reviewer for The Web Conference (WWW 2024)
Reviewer for RAID 2023 Conference
Reviewer for Transactions on the Web Journal (2021)
OWASP Global AppSec San Francisco 2020 Review Committee
Usenix Security 2020 Artifact Evaluation Committee
IEEE S&P'20 Poster Review Committee
External Reviewer at MADWeb 2020
External Reviewer at DIMVA'19
IEEE S&P 2020 Shadow PC
IMC 2019, Shadow PC
NECCDC 2020 Proctor
EDUCATION AND EXPERIENCE
Work Experience
Senior Systems Engineer
Cloudflare ( San Francisco, US ) 2024 - Present
I work with the Bot Management SPARK Lab research team at Cloudflare as a senior systems engineer/researcher and my focus is on designing and developing signals, fingerprints, and analyses to guide the future of our bot detection products.
Systems Engineer
Cloudflare ( San Francisco, US ) 2023 - 2024
I work with the Bot Management ML team at Cloudflare as a systems engineer and my focus is on designing and developing robust bot detection schemes including research for novel browser
fingerprinting methods and building machine learning models to detect unwanted bot traffic.
Software Engineer Intern.
Cloudflare ( San Francisco, US ) 2021 - 2021
I worked with the Bot Management team at Cloudflare as an intern for the summer of 2021. During my internship, I researched and studied the design of the new HTTP/3 protocol. Using this insight and by collaborating with the protocols team, I designed the HTTP/3 fingerprint. I then implemented the fingerprint extraction logic within Quiche (Cloudflare's open source H3 implementation), and propagated this change to the bot detection module and the corresponding logging pipelines. Moreover, I built a glossary of browser and bot HTTP/3 fingerprints.
Software Engineer Intern.
Cloudflare ( San Francisco, US ) 2020 - 2020
I worked with the Bot Management team at Cloudflare as an intern for the summer of 2020. My focus was on bots that target Cloudflare. I implemented a scalable red teaming platform that automated bot attacks against the Bot Management platform. This platform which was built using Kubernetes and RabbitMQ, provides a scalable setup to add arbitrary bots and mount content scraping and password brute force attacks. Moreover, it allows for integration of common anti-fingerprinting techniques using proxies and UserAgent rotation.
Research Assistant
PragSec Lab, Stony Brook University ( Stony Brook, NY, USA ) 2018 - 2023Teaching Assistant
Stony Brook University ( Stony Brook, NY, USA ) 2017 - 2018Cyber Security Analyst, Incident Response Team
Kashef Banking Security Governance ( Tehran, Iran ) 2014 - 2016
Website Monitoring and Deface Detection Service:
In this project an application was developed to monitor national banks’ websites and alert the CSIRT team if a downtime or a deface takes place. Important features of this application includes:
This project spanned over 35 national banks’ internet banking websites, SSL protocol configuration of these sites was studied, factors like security against SSL vulnerabilities (Heartbleed, POODLE, FREAK, LogJam etc.), certificate signature algorithm and cipher suites negotiated with clients were taken into consideration and a hardening report was delivered to their admins to address the issues.
Mobile Banking Software Security Report and Secure Android Development Guide:
The android version of mobile banking applications of 35 national banks was studied, features like secure software distribution, frequent updates, tamper detection and integrity verification, secure communication channel to the server, cryptographic protocols, insecure data storage and presence of source code protection was tested, during this study several high impact vulnerabilities were found and reported. Lastly, a secure android development guide was produced to address common pitfalls in applications tested during this study.
In this project an application was developed to monitor national banks’ websites and alert the CSIRT team if a downtime or a deface takes place. Important features of this application includes:
- Monitoring Script addition to the page
- Monitoring redirection to another domain
- Checking for addition of specific words to pages
- Checking for change in the HTML source of website greater than a predefined threshold
- Monitoring DNS records status
- Monitoring WHOIS entry changes and expiration
- Integration with Qualys SSL Labs to produce reports about SSL configuration
This project spanned over 35 national banks’ internet banking websites, SSL protocol configuration of these sites was studied, factors like security against SSL vulnerabilities (Heartbleed, POODLE, FREAK, LogJam etc.), certificate signature algorithm and cipher suites negotiated with clients were taken into consideration and a hardening report was delivered to their admins to address the issues.
Mobile Banking Software Security Report and Secure Android Development Guide:
The android version of mobile banking applications of 35 national banks was studied, features like secure software distribution, frequent updates, tamper detection and integrity verification, secure communication channel to the server, cryptographic protocols, insecure data storage and presence of source code protection was tested, during this study several high impact vulnerabilities were found and reported. Lastly, a secure android development guide was produced to address common pitfalls in applications tested during this study.
Freelance Web Developer
Ontech Solutions ltd., United Kingdom (Remote) ( United Kingdom ) 2013 - 2016
Our task at Ontech was to upgrade a legacy, windows based sector specific ERP
software to a multi user, web based application, this was a web development project
but due to abundance of features it had, the design and implementation of it was
quite a challenge.