Introduction
I am an experienced information security and secure software development consultant and researcher who can perform web and mobile application penetration tests, automated and manual code reviews, software debugging, security testing on cloud based environments, smartphone platforms such as iOS and Android, and develop security-aware web and mobile applications.
Fields of Interest
Software Security
Cloud Security
Penetration Testing
Communications Security
Secure Application Development
Work Experience
Industry Experience
Staff-2 Security Engineer @ VMware, San Francisco Bay Area, CA (01/2022 — present)
Staff Security Engineer @ VMware, San Francisco Bay Area, CA (11/2017 — 01/2022)
Senior Security Engineer @ VMware, San Francisco Bay Area, CA (04/2016 — 10/2017)
VMware virtualizes computing, from the data center to the cloud to mobile devices, to help our customers be more agile, responsive, and profitable. My job functions include providing security advice and expertise to help VMware product teams with Secure Software development throughout product’s lifecycle, finding new vulnerabilities in VMware products, analyzing externally reported vulnerabilities, developing demonstration exploits, developing vulnerability mitigations and workarounds, act as the technical reviewer for external security communications such as VMware Security Advisories, security response engineering and tools development.
Senior Security Consultant @ IOActive Inc., Seattle, WA (10/2014 — 04/2016)
IOActive is an industry leading security services firm. My essential job function is to perform security services for IOActive’s Global client portfolio. These can include penetration testing, vulnerability assessments, reverse engineering, fuzzing, exploit development, and more. The focus of my work is to provide leadership on mobile penetration testing for Android and iOS platforms. Other important job functions include participation in the business development process, performing research and delivering talks at industry events.
Security Consultant @ IOActive Ltd., London, United Kingdom (04/2013 — 09/2014)
The essential job functions include vulnerability assessments and analysis, penetration testing and source code review of web and mobile applications and platforms, reporting and documentation of all security findings, and travel to customer site locations as required. I have performed comprehensive security assessments of Android ROMs for major smartphone vendors. I have carried out code review and penetration testing of smartphone applications (Android, iPhone, iPad and Kindle Fire apps) and C/Java based web services for some of the Fortune top 50 companies. I have also worked in red team network penetration testing for major service providers on behalf of IOActive.
Research Engineer (Mobile App Development Manager) @ Next Generation Intelligent Networks Research Center, Islamabad, Pakistan (03/2012 — 02/2013)
Development of Secure SMS and Secure VoIP applications on Android and iPhone. The core task was to help the programmers apply the theory of information security, cryptography and secure development in real world mobile applications. I managed a team of mobile application developers to achieve these tasks. I was also responsible for completing reports and deliverables to meet requirements of the funding agency.
Research Engineer (Team Lead) @ Next Generation Intelligent Networks Research Center, Islamabad, Pakistan (04/2008 — 08/2010)
The aim of this project was to develop an intelligent security framework for IP Multimedia System (IMS) and Next Generation All-IP Networks, to protect infrastructure nodes and subscribers against IMS framework-related vulnerabilities, SIP protocol vulnerabilities, VoIP/ video/ PoC/ Messaging/ Presence/ Conferencing application vulnerabilities; and voice spam, media plane related vulnerabilities.
Internship Experience
Mobile Development, Security and Testing Intern @ Cigital, New York, NY (05/2011 — 12/2011)
I learned the basics of mobile (Android, Blackberry, iOS) development, and iOS application security. The concentration of my work was centered on penetration testing of a number of iPhone and iPad applications for some of the fortune 50 companies. I also worked on system image security assessment, and some linux based embedded system pen-testing.
Teaching Experience
Visiting Faculty @ National University of Computer & Emerging Sciences, Islamabad, Pakistan (08/2012 — 12/2012)
Courses Taught: Data Communication & Networking
Freelance Experience
Security Advisor @ Secursive Blog, https://blog.secursive.com (02/2020 — present)
I write blog posts on security topics that I find interesting.
Freelance Consultant @ Secursive, https://www.secursive.com (02/2012 — 01/2014)
A freelance Information Security Consultancy and Secure Software Development agency. I provide Secure Software development, Web and Mobile Applications penetration-testing, automated and manual code reviews for security vulnerabilities. Security testing on smartphone platforms such as iOS and Android, is what I love to do. I also provide Security-aware Web and Mobile applications development, Operating System development and Software debugging services.
Education
Degrees
MS Computer Science (Security) @ Columbia University, New York, NY. (2011)
BE Electrical Engineering @ National University of Sciences & Technology, Islamabad, Pakistan. (2008)
Courses
Software Security & Exploitation
Security Architecture & Engineering
Network Security
Intro to Cryptography
Certificates
-
Fundamentals of Zero Trust Security. 2023. [View]
-
Critical Thinking for Better Judgment and Decision-Making. 2023. [View]
-
Influencing Others. 2023. [View]
-
Leading Globally. 2023. [View]
-
Fred Kofman on Managing Conflict. 2023. [View]
-
Transformational Leadership. 2023. [View]
-
Advanced Kubernetes. 2019. [View]
-
Microservice Application Architecture. 2018. [View]
-
Fundamentals of Information Security. 2017. [View]
-
VMware vSphere: Install, Configure, Manage plus Optimize and Scale Fast Track V6.0. 2016. [View]
Projects
-
Instruction Set Randomization
Instruction Set Randomization of PE binaries on Windows 7 using Intel’s PIN tool
Technologies: PE, Windows API, Intel PIN tool
Supervisor: Dr. Angelos Keromytis
-
Privacy in Social Networks
Automated privacy configuration in social networks such as Twitter.
Supervisor: Dr. Steven Bellovin
Link: https://www.muhammadakbar.com/files/report-socialnets-ali.pdf
-
Secure File Repository
Implementation of a secure file repository with access control and encryption
Technologies: C++, Linux
-
Secure Ad hoc On-demand Distance Vector routing (SAODV)
Implementation, Simulation and attack-based scenario testing of Secure Ad hoc On-demand Distance Vector routing (SAODV) using Network Simulator (NS-2)
Technologies: Network Simulator (NS-2)
Link: https://www.muhammadakbar.com/files/paper-saodv-manets.pdf
-
Buffer Overflow Exploiatation
Exploitation of VideoLan Media Player v0.8.6d Stack based buffer overflow vulnerability for shellcode code execution on Windows XP
Technologies: x86 Shellcode
Supervisor: Dr. Herbert H. Thompson
-
SIP Server Fuzzing
Black box Fuzzing against commercial and open source SIP servers and responsible disclosure of vulnerabilities to the vendor
Technologies: Fuzzing, SIP, VoIP
-
OS Buffer Overflow Protection Analysis
Analyzing OS protections (Windows 7 and Ubuntu 10) against buffer overflows using Case Study of Mozilla Firefox
Technologies: x86 Shellcode, Windows/Ubuntu OS
Supervisor: Dr. Herbert H. Thompson
Link: https://www.muhammadakbar.com/files/report-os-protection-exploitation-firefox.pdf
-
Linux OS Kernel development for Android mobile devices
-
Linear Algebra made Easy (LAME)
A new C like language compiler for linear algebra with built-in support for matrices and matrix operations.
Technologies: OCaml, C++
Supervisor: Dr. Stephen A. Edwards
-
Twenty Five Across
A collaborative crossword puzzle solving game where two or more players work together to solve a crossword puzzle; each user can see the other’s modifications to the board in real-time
Technologies: Java Swing, EJB 3.0
Supervisor: Dr. Gail Kaiser
Publications
Research Topics
Information & Communications Security
Mobile Security
VoIP Security
Privacy and Anonymity
Machine Learning
Authentication
Internet of Things (IoT)
Wireless Communication
Tele-health Monitoring
Patents
G. McCready, R. Chamarajnager, G. Bollella, M. Akbar et al. "Gateway enrollment for Internet of Things device management". US Patent 11,916,911. Patent Granted in 02/2024. [Download]
G. McCready, R. Chamarajnager, G. Bollella, M. Akbar et al. "Gateway enrollment for Internet of Things device management". US Patent 11,595,392. Patent Granted in 02/2023. [Download]
G. McCready, R. Chamarajnager, G. Bollella, M. Akbar et al. "Gateway enrollment for Internet of Things device management". US Patent 11,190,513. Patent Granted in 11/2021. [Download]
G. Dimitrov, M. Akbar et al. "Persistable identity tokens". US Patent 11,178,141. Patent Granted in 11/2021. [Download]
M. Akbar et
al. "Automating establishment of initial mutual trust during deployment of a virtual appliance in a managed virtual data center environment
". US
Patent 10,728,243. Patent Granted in 07/2020.
[Download]
S. Mukhopadhyay, M. Akbar. "Automating application updates in a virtual computing environment". US Patent 10,416,986. Patent Granted in 09/2019. [Download]
Journal Papers
Salman H. Khan, M. Ali Akbar, et al. "Secure Biometric Template Generation for Multi-factor Authentication". In Pattern Recognition, Elsevier, 09/2014. [Download]
M. Ali Akbar et
al. "Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony
". In Knowledge
and Information Systems, Springer-Verlag, 02/2014.
[Download]
Conference Papers
Salman H. Khan, M. Ali Akbar, et al. "Multi-Factor Authentication on Cloud". In
IEEE International Conference on Digital Image Computing: Techniques and Applications (DICTA 2015)
, 11/2015. [Download]
M. Ali Akbar, et
al. "The Droid Knight: a silent guardian for the Android kernel, hunting for rogue smartphone malware applications
". In Virus
Bulletin (VB 2013), 10/2013.
[Download]
F. Shahzad, M. Ali Akbar, et
al. "Tstructdroid: Realtime malware detection using in-execution dynamic analysis of kernel process control blocks on android
". In
National University of Computer & Emerging Sciences, Islamabad, Pakistan
, 01/2013. [Download]
F. Shahzad, M. Ali Akbar, et
al. "A survey on recent advances in malicious applications analysis and detection techniques for smartphones
". In
National University of Computer & Emerging Sciences, Islamabad, Pakistan
, 12/2012. [Download]
M. Ali Akbar, et
al. "RTP-Miner: A Real-time Security Framework for RTP Fuzzing Attacks
". In
20th International Workshop on Network and Operating Systems Support for Digital Audio and Video (NOSSDAV 2010), Amsterdam, Netherlands
, 06/2010. [Download]M. Zubair Rafique, M. Ali Akbar, et al. "Evaluating DoS Attacks Against SIP-Based VoIP Systems". In
IEEE Global Communications Conference (GLOBECOM 2009), Honululu, Hawaii USA
, 11/2009. [Download]
M. Ali Akbar, et
al. "Application of Evolutionary Algorithms in Detection of SIP based Flooding Attacks
". In
Genetic and Evolutionary Computation Conference (GECCO 2009), Montreal, Canada
, 07/2009. [Download]
M. Ali Akbar, et
al. "A Comparative Study of Anomaly Detection Algorithms for Detection of SIP Flooding in IMS
". In
International Conference on Internet Multimedia Services Architecture and Application (IMSAA 2008), Bangalore, India
, 12/2008. (Best Paper Award) [Download]
M. Ali Akbar, et
al. "Bit Error Rate Improvement using ESPRIT based Beamforming and RAKE receiver
". In
IEEE International Multitopic Conference (INMIC 2009), Islamabad, Pakistan
, 12/2009. [Download]
M. Ali Akbar, et
al. "Fuzz-Fortuna: A fuzzified approach to generation of cryptographically secure pseudo-random numbers
". In
IEEE International Multitopic Conference (INMIC 2008), Karachi, Pakistan
, 12/2008. [Download]M. Zulkifl Khalid, M. Ali Akbar, et al. "Using Telemedicine as an Enabler for Antenatal Care in Pakistan". In
2nd International Conference on E-Medical System (E-Medisys), Sfax, Tunisia
, 10/2008. [Download]Blog Posts
-
Secursive Blog
I write blog posts on security topics that I find interesting
Achievements
Fulbright Grant for Masters in Computer Science at Columbia University NYC, NY. 2010-11.
First Prize in Research Category at 9th All Pakistan Inter Colleges/Universities Computer Project Exhibition & Competition (COMPPEC 2010), College of E&ME, Rawalpindi, Pakistan. June, 2010.
First Best Paper Award at International Conference on Internet Multimedia Services Architecture and Application (IMSAA 2008), Bangalore, India. Dec, 2008.
Development of Proposal for Remote Patient Monitoring System for Rural Areas with Focus on Ante-natal Care, awarded a Research Grant of 0.25 million USD from National ICT R&D Fund, Ministry of IT, Pakistan in 2007-08. This project was carried out at nexGIN RC, Islamabad, inline with the UNDP’s Millennium Development Goals (MDGs) to reduce Maternal Mortality Ratio (MMR) and Infant Mortality Ratio (IMR) in Pakistan. 2008.
Reviewer, GECCO 2010 & 2011 (Real world Application Track) and several other international conferences.
Various merit based Academic Scholarships & distinction shields throughout the academic career.
Various performance based awards throughout the professional career.