Hello, my name is

Roland Bogosi

and I am a

Software Engineer

Things I'm Good At

Software
Development

Web
Programming

Server
Administration

Penetration
Testing

What I've Learned

I'm an initially self-taught passionate developer and technology enthusiast in his early twenties. In my free time I like playing with new technologies and hacking random stuff. I'm not afraid to tackle hard problems; if one sparks my interest, I'll research its topic with my mad google-fu skills and then go to great lengths to solve even the most miniscule problems.

My journey in the world of computers begins on a long path paved with superfluous amounts of autodidacticism...

  • First exposure to the world of programming at the age of 11 via PHP scripts.

  • Published the first dynamic webpage written from scratch at the age of 12, followed by a second webpage for showcasing personal projects shortly thereafter.

  • First exposure to object-oriented programming in Visual Basic .NET, eventually leading to C#, via the .NET framework at the age of 13.

  • Published first desktop application in the same year, which implemented an original idea, at the age of 13, which utilized persistent databases, regular expressions, networking, screen-scraping and had a multilingual user interface.

    The application was published to Softpedia, where it was accepted and reviewed by their staff, leading to a few hundred downloads during its development lifetime.

  • Received first $100 check from Google AdSense at the age of 14.

  • Installed first Linux distribution at the age of 14.

  • Flashed first router with OpenWRT and DD-WRT at the age of 15.

    First recorded instance of voiding a warranty. I haven't stopped since.

  • Got the task of configuring and managing unmanaged VPS instances at the age of 15.

  • Installed first DIY-type distributions, ArchLinux, Gentoo and then ultimately Linux from Scratch at the age of 16.

  • Configured first server (LAMP + exim), from scratch, on an unmanaged VM, still used in production today, at the age of 16.

  • Learned to use neural networks, with the first project being a C# application that had a neural net which was trained to recognize numbers and letters real-time that appear on a live webcam feed, at the age of 16.

  • Published first open-source application at the age of 16, which then went donationware at the age of 17, by integrating serial numbers generated and validated using RSA public-private key encryption, which were released by a PHP script called by either PayPal Instant Payment Notification API or the Bitcoin API.

  • Launched first autonomous web-service that relies on and learns over time from user-contributed data at the age of 17. Aforementioned web-service uses PHP/MySQL and is a recommendation system, which provides tailored recommendations based on a user’s preference list.

  • Obtained first certificate IPv6 Certified Sage from Hurricane Electric at the age of 18.


Started attending B.Sc. Computer Engineering courses at Sapientia University, Faculty of Technical and Human Sciences, Târgu-Mureș.

  • I

    Followed classes such as C Programming, Algorithms and Data Structures, Computer Aided Graphics, Probability and Statistics, Numerical Analysis, Mathematical Analysis, Linear Algebra, Analytical and Differential Geometry, Physics (I and II), Electrotechnics and Electronic Devices.

  • II

    Followed classes such as Object-Oriented Programming (Java), Advanced Programming Techniques (C++), Graph Theory, Operating Systems (I and II), Shell Programming and UNIX Utilization, Logical and Functional Programming (Haskell and Prolog), Databases, Digital Electronics, Logical Design (VHDL), Electrotechnics, Electric Measuring (Sensors and Transducers), Special Mathematics and Systems Theory I.

  • Gave a presentation and a lab about the Facebook API and Query Language during one of the Database classes.

  • Extracurricular school projects for these semesters included:

    • Streaming and Processing Sensor Data from Android Devices in Realtime (Object-Oriented Programming)
    • On-Demand Task Loader and Executor Unix Daemon (Advanced Programming Techniques)
    • Facebook FQL Query Tool and SQL Schema/Data Exporter (Databases)
  • Alerted university staff a few hours after general disclosure of the exploit, about multiple servers being vulnerable to Heartbleed and leaking sensitive information, such as login and session cookies.

  • III

    Followed classes such as Artificial Intelligence, Formal Languages and Compilers, Software Engineering, Computer Architecture, Microcontroller Design, Electrotechnics, Assembly Programming Language, Control Engineering, Computer Networks, Distributed Systems, Web Technologies, Mathematical Optimization, Systems Theory II and Modelling and Simulation.

  • Gave presentations about various topics during classes:

    • The Deep Web (Software Engineering)
    • Peer-to-Peer Systems (Distributed Networks)
  • Extracurricular school projects for these semesters included:

    • Network Analysis and Protocol Dissection of Sniffed WiFi Traffic (Distributed Networks)
    • An Untitled Minecraft-like 3D Multiplayer Game (Software Engineering)
    • Assembly Compiler for Course-made CPU on FPGA (Computer Architecture)
    • Sentimental Analysis of Text on Social Websites (Databases II)
  • Attended the annual XVI. Scientific Student Conference in the field of Computer Science and Software Development with a project titled Sentiment Analysis, which won a special award.

  • IV

    Followed classes such as Java Technologies, Image Processing, Cryptography and Information Security, Parallel and Distributed Algorithms, Digital Circuits, Electrotechnics, Programmable Digital Systems, Digital Signal Processing, Robotics, Special Chapters of Artificial Intelligence, Testing of Computer Systems and Computer Peripherals and Interfaces.

  • Gave presentations about various topics during classes:

    • Risk Management in Computer Science (Management)
    • Open Source Licenses (Testing of Computer Systems)
    • Antivirus Evasion Techniques (Cryptography and Information Security)
  • Extracurricular school projects for these semesters included:

    • Advanced Steganography Methods for Image and Video (Image Processing)
    • Market Prediction using Deep Learning Neural Networks and Genetic Algorithms (Special Chapters of Artificial Intelligence)
  • Published first peer-reviewed scientific paper in the field of combinatorics on words titled Sapiness Sentiment Analyser.

  • Attended the annual XV. Scientific Student Conference in the field of Computer Science and Software Development with a project titled Black-Box Penetration Testing and Autonomous Vulnerability Assessment, which was awarded.


Graduated with honours and a thesis in information security, entitled Black-Box Penetration Testing and Autonomous Vulnerability Assessment, which received the maximal grade of 10.

My Skills

10 years of experience in .NET/C#

  • Experience with Windows Forms, WPF, MVC 5-6, Web Forms and Web API, gained through personal projects since the age of 13.
  • Extensive knowledge of Test-Driven Development via leading unit test libraries, such as NUnit and MSTest.
  • Extensive experience with various development tools, used to:
    • profile and analyze unit test coverage, such as dotCover;
    • profile, detect and mitigate memory leaks, such as ANTS Memory Profiler and dotMemory;
    • profile, detect and mitigate performance bottlenecks, such as ANTS Performance Profiler and dotTrace.
  • Various short-term hobby projects along the time driven by the desire to learn and experiment in various fields, thus expanding my experience and increasing my knowledge of various algorithms, frameworks, and my programming ability as a whole.

8 years of experience in C/C++

  • Extensive use of the UI libraries Qt and MFC.
  • Experience with cross-platform software development on Windows, Linux, FreeBSD and Mac OS X platforms, including usage of OS-specific component implementations, such as differing network stacks on the lowest level.
  • Usage of qmake, CMake (and its components CPack and CTest) to build, test and package software for distribution on multiple platforms.
  • Unit-testing with Boost.Test and Google Test, including mocking with Google Mock.
  • Experiments with massively parallel systems, such as OpenCL and nVidia’s CUDA, which are GPU-backed languages. Frequent use of OpenMP and projects with MPI.
  • Experience with NSIS, InnoSetup, and WiX, including scripting of custom methods.

12 years of experience in HTML, CSS, JavaScript, PHP and MySQL

  • Up-to-date knowledge of HTML 5, CSS 3, PHP 7/Hack, JavaScript, and SQL as of today.
  • Extensive knowledge in the use and production of REST APIs, OAuth, OpenID and SOAP, also having experience in data-interchange formats, namely: JSON, XML, Google Protocol Buffers, BSON, and various others.
  • Knowledge of various SQL flavors, in order of skill level: MySQL, SQLite, Oracle, PostgreSQL and Microsoft SQL Server.
  • Extensive knowledge of optimization and caching mechanisms, including the optimization of relational databases (query plans, indices, complexities, …), key-value stores (such as Redis and memcached). Multi-tiered caching systems, utilizing the aforementioned technologies, with a fallback to file-based LRU caches. Brief exposure to document stores, namely MongoDB and CouchDB.
  • Extensive exposure to dedicated search servers, namely ElasticSearch and Sphinx, including both their programmatic use and proper server configuration.
  • Experience with jQuery, semantic web and dynamic webpages, utilizing AJAX and JavaScript ”MVW” frameworks, namely Angular.js.
  • Experience with Bootstrap, and grid-based fluid and responsive web design.
  • Familiarity with Model-View-Controller (MVC) architectures.
  • Extensive experience with test-driven development via PHPUnit, and the use of various development tools, such as performance profilers and remote debuggers, namely XDebug.
  • Experience with both horizontal and vertical scaling of both databases and codes.
  • Familiarity with the integration and implementation of various payment gateway processors, such as PayPal IPN, Stripe, and Bitcoin RPC.
  • Intricate knowledge on the security front, and up-to-date on the 0-day scene. While programming, I have a security- and optimization-focused mindset.

8 years of experience in Unix-like systems (Linux, BSD)

  • Extensive knowledge of the Linux ecosystem as of today. Personally owning and administering multiple production and staging servers, while providing support for others on an incident-response basis.
  • Early adopter on multiple fields, including IPv6, having been participated in the private beta of the IPv6 deployment of both RDS&RCS and Dreamhost. The configuration and use of IPv6 networking was the primary reason to stay with OpenWRT-flashed routers in the first place, as it was not yet available in consumer firmware due to the low technology adoption rate at the time.
  • Tendency to automate tedious processes, by scripting them in the appropriate environment. (Such as shell scripts in Unix and Unix-like systems.)
  • Strong Bash scripting experience, including heavy terminal usage, and heavy knowledge of the BSD and GNU userland tools.
  • Ability to configure, administer, update and support Debian and CentOS-based systems for various purposes:
    • Web servers: nginx, lighttpd, Apache, with fast and secure configurations, including caching and microcaching techniques, on-the-fly optimization with Google PageSpeed modules; Web Application Firewall security modules, such as mod_security and mod_evasive; proper deployment of TLS according to best practices and high Qualys scores or compliance with PCI DSS 3.1 or NIST SP.800-52r1; load-balanced environments, including various internal architectures and 3rd-party CDN integration (CloudFlare, Incapsula...)
    • Email servers: exim, Postfix, Dovecot, with proper deployment of current authentication methods for anti-spam such as SPF records, DKIM (DNS records and signing at the mailer daemon level), DMARC (DNS records and interpretation of the incoming reports) and ADSP records.
    • Database servers and various stores: MySQL (and forks, namely MariaDB and PerconaDB), PostgreSQL, Redis, CouchDB, memcached, etc.
    • Search servers: ElasticSearch, Sphinx, with optional content synchronization.
    • Proxies and VPN servers: OpenVPN, L2TP/IPSec, PPTP protocols, through various daemons which the selected distribution recommends, including multi-functional servers, such as SoftEther.
    • Authentication servers: FreeRADIUS, OpenLDAP
    • Type-1 hypervisors: VMware ESXi, Microsoft Hyper-V
    • Experience with hidden services, namely Tor and I2P, including configuring the middleware and securing the servers behind it not to leak personally-identifiable information.
    • Exposure to meshnets, such as the Hyperboria network on the CJDNS.
  • Extensive experience with cloud-service providers, namely Amazon AWS, Linode, and DigitalOcean. Exposure to Microsoft Azure services.

Extensive experience in Penetration Testing and Reverse Engineering

  • Penetration Testing
    • Up-to-date with security bulletins.
    • Knowledge of Cross-Site Scripting, SQL Injection, Cross-Site Request Forgery and similar techniques from a very young age, around 11 or so.
    • Familiarity with Black, Grey and White Box Penetration Testing methodologies.
    • Experience with vulnerability assessment tools Nessus, Nexpose and OpenVAS, including interpretation of results, vulnerability validation and elimination.
    • Extensive use of penetration testing frameworks and tools such as Metasploit, nmap, tcpdump, OWASP ZAP, Burp Suite, sqlmap, and many others.
    • Familiarity with Web Application Firewalls and Intrusion Detection Systems, techniques to bypass them, and to strengthen them for different purposes.
    • Notified university of being vulnerable to OpenSSL’s heartbleed bug, approximately 5 hours after the public disclosure of the bug.
  • Reverse Engineering
    • Experience with disassembling, modifying and reassembling MSIL/CIL, Java bytecode and x86(-64) ASM.
    • Familiarity with the tools and techniques used in reverse engineering, such as:
      • Debuggers: WinDbg, OllyDbg/Immunity Debugger.
      • Disassemblers/Decompilers: IDA Pro, Reflector, JD, amongst others.
      • Various file format/PE analysis tools, packer techniques and anti-virus evasion.

Miscellaneous Technical Skills and Experiences

  • Gained deeper insights into various fields pertaining to Computer Science and Electrical Engineering, of whose knowledge were previously vague and/or fragmented:
    • Use of Matlab to solve problems, analyze data, draw in 2D and 3D space, and perform simulations.
    • Knowledge of programming techniques, structures, algorithms and graph theory.
    • Furthered knowledge in the field of relational databases, including relational algebra, database normalization, and so on.
    • Intricate knowledge of the UNIX operating system, and general theories belonging to Operating Systems and computers in general.
    • Introduction to the world of Logical and Functional programming, beginning from the implementation of various algorithms in a recursive way, until the implementation of more complex applications with GUI.
    • Analogue and Digital integrated circuits, Boole logic, Automata theory, finite-state automaton implementations using analogue circuit elements, binary systems, decoders, (de-)multiplexers, mathematical operations, amplifiers, operational amplifiers, counters, mono-/bi-stables, registers, and memory types.
    • FPGA programming, including implementation of state-machines using either or both VHDL programming and/or schematic design of circuit elements and gates.
    • Microcontrollers, such as PIC and Atmel programmed in ANSI C. Intricate knowledge of the inner workings of a microprocessor thanks to Microcontroller Design, Computer Architecture and Assembly Language classes.
    • Built a fully working CPU in FPGA from scratch for a class assignment.
    • Gained deeper insight into the automation of SCADA systems and networking in cars, including the CAN protocol and the CAPL programming language in a special course taught by Continental AG.
    • Learned the advanced parts of Artificial Intelligence via the related courses, which were then later put in practice via several extracurricular projects.
    • Furthered knowledge in the field of networking by embarking on a journey to study the intricacies of various networking protocols as an extracurricular activity, by writing a WiFi packet capture software that also analyzes the received data.
  • Screen-Scraping
    • Strong knowledge of regular expressions and XPath.
    • Complicated setups involving scripts that circumvent anti-screen-scraping measures, even to the point of OCR-ing the Captcha, when it is weak enough, otherwise using the human-powered services available on the markets.
  • Search Engine Optimization
    • Google Panda-tailored optimizations that have proven their legitimacy throughout the various websites I operate.
  • Version Control Systems
    • Extensive use of git nowadays.
    • Previously used SVN.
    • Familiarity with other VCSs, such as Mercurial and CVS.
  • Continuous Integration
    • Experience with CI through usage in open-source projects.
    • Familiarity with the set-up and usage of Jenkins and Travis CI.
  • Self-teaching is an important part of my lifestyle. I try to keep up with the ever-evolving technologies of today.
    • I constantly try out new languages, new technologies and new practices. I constantly go back and re-do old projects, with a twist, and I challenge myself to do it much better this time, by setting much higher goals.
    • I read research papers, 0-day bulletins and other sources of information that let me be ahead of the competition.
    • I am not afraid to take initiative, and to color outside of the lines. I don’t mind to get my hands dirty to try something out, let it be DoS-ing my own server in order to try out if an optimization technique or security practice did indeed work.
    • I also watch conference videos (such as DefCon, Black Hat, etc) and tech-talks (such as Microsoft’s GoingNative, and much more) in order to get an edge in their specific fields.
  • When writing code, I focus on simplicity, code-maintainability, optimization and security.
  • Communication skills gained through regular business and social interaction with clients and fellow developers.
  • Presentation skills acquired by frequently giving presentations about various topics to varying audiences.
  • Organizational/Managerial skills accumulated over time via superfluous scheduling and prioritizing to meet business and educational deadlines.
  • Fluency in English, Hungarian and Romanian.

Curriculum Vitæ

Things I've Done

If I had to pick which projects to showcase, then these two would be my obvious choices, since they are my longest-lasting, biggest and the ones enjoying most of the popularity by reaching thousands of users across the globe on a daily basis.
RS TV Show Tracker

RS TV Show Tracker

Started in February 2010

An open-source application which was born out of the need for the features it currently offers, as there were no alternative solutions for them at the time. To date, no software has so many features in this category, and as a result, under the four years it's been actively developed, its popularity has grown exponentially. Today, I single-handedly maintain it and push updates to hundreds of thousands of users on a monthly basis.

The application was developed in C# with an interface in WPF, and was kept constantly up-to-date with the newer technologies that have been released during its development phase.

There are, as of writing this in May 2015, 135,700 active daily users of the application, with the number of installations reaching into the millions.

Host Scanner

Started in May 2015

An open-source application developed as an implementation companion to my bachelor's thesis. The purpose of the application is to perform autonomous vulnerability assessment using both active and passive scanning, or by analyzing earlier reports of 3rd-party tools.

The features and implementation techniques are unique to this application, a fact which was validated by an award-winning presentation at the XV. Scientific Students' Associations Conference.

The application was developed in C++ with strong cross-platform support with OS-specific implementations for Linux, Windows and BSD/Darwin systems. The various helper scripts that come bundled with the application were developed in Go.

AlienSubtitles

December 2013 — March 2016

Full-stack development of the website and continued maintenance, including initial devops responsibilities (such as cloud server deployment on DigitalOcean) and continued proactive monitoring and administration of the web, database and load-balancer servers.

The website was developed in PHP (HHVM) backed by MySQL servers in multi-master replication configuration and ElasticSearch instances for the search feature.

At its peak, the site had 15 million unique users, who were served by 4 geo-located and load-balanced front-end servers, attaining 100% uptime and under 10 millisecond response times for all users throughout peak times.

AlienSubtitles.com
As I am very adventurous in nature, I tend to have a multitude of small projects that I've written for myself either for educational purposes or to scratch an itch, spanning from WiFi packet capture analysis to BitCoin auto-traders and self-teaching Intrusion Dedection Systems.
To see a full list of my projects from 2006 until today, check out my dedicated lab subdomain:
The majority of these projects are also available on my GitHub profile.

Get In Touch

I'm located in Târgu-Mureș, Romania.

I am available for full-time employment opportunities, either through remote work or via relocation to Europe or North America.

If you would be interested, shoot me a message via any of the means listed below.