Skip to content
View msuliq's full-sized avatar

Block or report msuliq

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
msuliq/README.md

Hi, I'm Suleyman

I build fraud detection and abuse prevention systems. Sole architect of the authentication, identity, and anti-fraud platform at a top-10 certificate authority, where attackers probe the platform daily. I pair LLM-augmented detection with human-led forensics to take an attack from detection to mitigation in minutes, not days.

Work I can talk about publicly:

  • Detected and shut down months-long attacker reconnaissance across authorization policies, invitation flows, password enumeration, and role-hijacking paths - every probed vector closed in code before exploitation.
  • Bot and fake-account defense handling 1,000+ fake signups per day, including countermeasures against human CAPTCHA-solving farms (reCAPTCHA v2/v3, Cloudflare Turnstile).
  • Insider-threat detection: staff and admin abuse, admins colluding with external attackers, attackers impersonating staff.
  • Identity-theft detection that cross-matches IP geolocation, billing, shipping, personal details, and phone numbers across applications.
  • Killed an SMS pumping attack that was burning ~$2,500/day. Designed, built, and deployed the countermeasure in 4 days; losses have stayed at $0 since.
  • Stopped a persistent session hijacking attacker who survived password resets, 2FA resets, and full endpoint forensics - session binding, replay detection, and automatic termination of suspect sessions at the application layer.
  • Under the hood: device fingerprinting, behavioral analytics, IP intelligence, and velocity controls protecting certificate issuance (TLS/SSL, code signing, identity) through 10x growth.

Open source

  • omniauth_oidc - OmniAuth strategy for OpenID Connect, first-class Microsoft Entra ID support
  • ip_geo_lookup - zero-dependency IP geolocation for fraud scoring and access control
  • balloon_hashing - pure Ruby implementation of the Balloon memory-hard hashing algorithm
  • yescrypt - Ruby C extension wrapping the yescrypt password hashing algorithm

Writing

Ruby/Rails, Python, C, SQL. Before engineering: quantitative trading, risk modeling and fraud modeling are the same discipline with different labels.

Open to senior fraud/abuse and security engineering roles, and solutions engineering at security vendors. US-remote (UTC+5, comfortable with US overlap).

Pinned Loading

  1. omniauth_oidc omniauth_oidc Public

    Omniauth strategy to authenticate and retrieve user data using OpenID Connect (OIDC)

    Ruby 12 2

  2. ip_geo_lookup ip_geo_lookup Public

    Zero-dependency IPv4/IPv6 geolocation lookup with embedded MaxMind database

    Ruby

  3. balloon_hashing balloon_hashing Public

    Pure Ruby implementation of the Balloon Hashing algorithm

    Ruby 1

  4. yescrypt yescrypt Public

    Ruby C extension wrapping the yescrypt password hashing algorithm

    C 1