Soroush Babaei

Web & API Pentest • Secure Code Review • Offensive Research

Hi, I’m Soroush — a web penetration tester and cybersecurity researcher based in Tehran. I test enterprise B2B web apps and APIs, review code, and turn vulnerabilities into clear reports teams can actually fix.

Read My Notes See Skills & Training
2025
Web Pentester at Chargoon
M.Sc.
Cybersecurity at AUT
4+
Research and tooling projects
soroush@security-lab 
$ whoami
>Soroush Babaei — Web Penetration Tester
$ pwd
>/home/soroush/web-api-pentest/research
$ grep -i "focus" profile.log
>focus: Web/API pentest, secure code review, Windows Internals

About Me

I like finding the bugs that matter—and explaining them clearly.

I work on web application and API penetration testing, secure code review, and vulnerability research. At Chargoon, I assess enterprise B2B products with a focus on authentication, authorization, access control, and critical business workflows.

Before moving deeper into offensive security, I worked as a deep learning engineer at Roshan, building Python-based models for time-series forecasting and market prediction. That mix of software, ML, and security shapes how I investigate problems today.

Skills & Certificates

Hands-on skills, training, and tools I use

Web Pentest

Web Hacking Professional — Ravin Academy

Web and API testing across OWASP Top 10, authentication, access control, SQL injection, SSTI, XSS, IDOR, and business logic flaws.

View Certificate
Red Team

Red Team Operation — Ravin Academy

Currently sharpening red team fundamentals, offensive workflows, reconnaissance habits, OPSEC thinking, and clear evidence collection.

View Certificate
Hardware

Security Hardware Gadgets — Ravin Academy

Hands-on training around practical security hardware, attack surfaces, and gadget-assisted offensive security workflows.

View Certificate
Low-Level

Windows Forensic & Offensive Programming

Training and practice around Windows Internals, WinDbg, Volatility, Windows API, C/C++, and offensive programming concepts.

View Certificate
Web & API Pentest OWASP Top 10 Business Logic Testing Secure Code Review Python C / C++ Burp Suite Nmap WinDbg / Volatility

Work Experience

Where I’ve been applying the work

Oct 2025 — Present

Web Penetration Tester — Chargoon Company

Testing enterprise B2B web applications and APIs, validating high-impact vulnerabilities, reviewing code, and preparing actionable reports with PoC evidence and remediation guidance.

2022 — 2023

Deep Learning Engineer — Roshan Company

Built and fine-tuned Python-based deep learning models for time-series forecasting, crypto market prediction, news-driven pipelines, and image data workflows.

Education

Academic background

Academic Background

M.Sc. Cybersecurity — AmirKabir University of Technology

Thesis: extracting neural network model structures using side-channel attacks. I also hold a B.Sc. in Computer Science from the University of Gilan, with coursework in data structures, algorithms, operating systems, and networks.

Projects

Selected Projects & Research

Automated Subdomain Enumeration

A recon tool that combines passive sources with active DNS techniques and filters live assets with Httpx for more reliable web testing targets.

Project Details

Side-Channel ML Security Research

My M.Sc. research explores techniques for inferring neural network architecture and model structure using side-channel attack ideas.

Project Details

MultiInput Product Label Model

A TensorFlow multi-label classification project using image and text inputs to predict product attributes like gender, season, and category.

Project Details

Blog

Notes I’m Building Around Security & Research

Open the Blog

Contact

Open to security collaboration, research conversations, and knowledge sharing.

You can reach me by email at Soroushbbi@aut.ac.ir or by phone at 09303933787. I’m based in Tehran and happy to connect around web security, research, and practical tooling.

Soroushbbi@aut.ac.ir