Nicolai Søborg
M.Sc. in Information Technology
cv@xn--sb-lka.org
Open-source enthusiast.
Interested in cyber security and practical cryptology.
Interested in cyber security and practical cryptology.
Work Experience
Denmark
04/2022 – ∞
04/2022 – ∞
Senior Security Engineer
Azure, infrastructure, python
Azure, infrastructure, python
Mastercard expands open banking reach with acquisition of Aiia.
I did a lot of DevSecOps (Global Admin in Azure, Super Admin in Google Workspace, Slack Workspace Admin, GitHub Admin, 1Password Admin, DNS Admin, …), created a bunch of custom scripts for audit logging, Slack/GitHub bots for alerting, etc
I did a lot of DevSecOps (Global Admin in Azure, Super Admin in Google Workspace, Slack Workspace Admin, GitHub Admin, 1Password Admin, DNS Admin, …), created a bunch of custom scripts for audit logging, Slack/GitHub bots for alerting, etc
- Azure Active Directory — hardening, cleanup, management
- Sentinel — SOC, monitoring
- Azure Managed HSM — provinsioning, management
Denmark
08/2021 – 04/2022
08/2021 – 04/2022
Lead Security Engineer
Azure, infrastructure, C#, .NET Core
Azure, infrastructure, C#, .NET Core
Spiir became Nordic API Gateway became Aiia and the end of the end of the reversing-era occurred.
PSD2 meant new challenges and a ton of new solutions to audit and pentest.
- ASP.NET Core — API security
- mTLS, x.509, QWAC/QSeal — Lot's of non-standard TLS fun
- Internal pentest of homegrown systems
- Audit implementations of OAuth2
Denmark
09/2019 – 08/2021
09/2019 – 08/2021
Reverse Engineer
Frida, jadx, C#, .NET Core
Frida, jadx, C#, .NET Core
Reverse-engineering mobile bank apps.
- Decompiling APKs
- Figuring out custom cryptography/encodings
- Re-implementing APIs
- Making internal tools to automate the process
Denmark
02/2016 – 08/2019
02/2016 – 08/2019
Student helper (DevOps)
Python, Bash, JS, Linux
Python, Bash, JS, Linux
I mostly automated checks to monitor that everything was running as expected.
Did a lot of packaging (bio-)tools to
.deb packages.
And helped develop an internal tool to search in terabytes of proteins/dna/genomes.
- Automation using Python3 and bash
- RESTful Django web service
- Frontend in React (JavaScript)
- Distributed big data storage using HBase and Hadoop
- Purely Linux (Ubuntu) based ecosystem
Education
Master Degree
Technical University of Denmark (DTU)
2017 — 2019
2017 — 2019
Student
Python3, Java, Linux
Python3, Java, Linux
The title of my master thesis is “Analyzing the security of IoT devices” in which I wrote about when weaknesses turns into vulnerabilities, using a lot of data from MITRE (CVE, CVSS, CWE & CAPEC).
I had the following courses at DTU during my master:
- Cryptology 2
- Practical Cryptology
- Applied Cryptography
- Advanced Topics in Cryptology
- Language Based Security
- Data Security
- Computer Security Forensics
- Computer Security Incident Response
- Network Security
- Practical Network Security
- Algorithms for Massive Data Sets
- Compiler Construction
- Computational Tools for Data Science
- Distributed Systems
- Software Development of Web Services
- Knowledge-based Entrepreneurship
Bachelor Degree
Technical University of Denmark (DTU)
2013 — 2017
2013 — 2017
Student
Java, Python, C, F#
Java, Python, C, F#
My bachelor was in “Software-Based Fault Tolerant Virtualization Layer Using Sector-Disk Codes”.
I had the following courses at DTU during my bachelor:
- Cryptology 1
- Operating Systems
- Program Analysis
- Embedded Systems
- Database Systems
- Computer Science Modelling
- Advanced engineering mathematics 1
- A supplement in mathematics
- Discrete Mathematics
- Algorithms and Data Structures 1
- Algorithms and Data Structures 2
- Functional Programming
- Applied Functional Programming
- Concurrent Programming
- Software Engineering 1
- Programming using C# and .NET
- Software Technology Project
- Introductory Programming
- Introduction to Software Technology
- Introduction to programming and data processing
- Introduction to Statistics
- Physics 1
- Fundamental Chemistry
- Philosophy of Science in Engineering
Technologies
I have experience working with the following technologies:
I like fixing bugs / contributing new features to open-source projects. List of projects I've contributed to:
- Python3
- Linux
- Azure
- git
- C#
- JavaScript
- Frida
- (Bash-)scripting
- SQL
- …
I like fixing bugs / contributing new features to open-source projects. List of projects I've contributed to:
| Project | Pull Request |
|---|---|
| Mastodon | Fix frame_rate for videos where ffprobe reports 0/0 |
| QubesOS | Fix service qubesd not working with some locales |
| keybase | Add .deb GUI dependencies. Fixes #9872 and #17365 |
| mautrix/facebook | Auth: redact login command |
| lynis | Check MemoryOverwriteRequest Control |
| azure-docs | Note about Token Store for Claims Mapping to work |
| azure-docs | Defender for Cloud on Management Group Tip |
| azure-cli | [Network] az network dns zone import: Fix alias records cannot be imported |
| azure-pipelines-tasks | AzureFunctionApp@2: Better alias for Service Connection |
| azure-storage-python | Fix "SyntaxWarning: is with a literal." |
| apkdiff | Add --no-debug-info to apktool |
| tinyproxy | Change loglevel for "Maximum number of connections reached" |
| postmark-dotnet | Fix PostmarkInboundMessage.Attachment model |
| jnitrace | Track jstring |
| MetaMask/eth-phishing-detect | Add Privnote phishing sites |
| ... | … |
Capture-The-Flag (CTF)
In my free time I like to play CTF's. I usually don't do writeups, but once in a while a writeup will be added to my ctf-writeups repo (github.com/NicolaiSoeborg/ctf-writeups).
Playing as part of team Kalmarunionen.
My CTFtime profile (ctftime.org/user/32131) is pretty up to date.