Rafael Ruf

Talwiesenstrasse 55 · 8404 Winterthur · Switzerland· (+41) 76 467 35 85 · [email protected]

Hey, I’m Rafael. I’m a DevSecOps living in Winterthur, Switzerland.
I am a fan of IT, e scooter, skiing and chess. I am generally interested in programming, it-networks, -security and technology.


My name in JavaScript

<script>
"use strict";
var ich = (bin) => {
    bin = ((vorname => "Rafael")());
    bin = bin.split("");

    ((ich) => {
        var nachname = ["R", "u", "f"].reverse();
        [].forEach.call(ich, (f, i) => (~((i % 2) - 1)) ? "" : ich.push(nachname.pop()));
    })(bin);

    return bin.reduce((name, i) => (i == "R") ? name += " R" : name += i);
};
console.warn(ich());
// => Rafael Ruf
</script>

Contact

Location

Talwiesenstrasse 55
8404 Winterthur
CH Switzerland

Mail

Messenger

ToxID:
toxid_qrcode

Please contact me before start toxing.
(PS: I know it's somehow pathetic to use a metadata avoided, OTR messenger.
And do the inital contact over a different channel.
However, it's just because in my experience mobile support often sucks init conversation.)


Experience

company_logo

Informatiker

Andeo AG, Winterthur, 100%

  • Developement
  • Sysadmin
  • Security; u.a. Web-Application Pentesting

Juli 2020 - aktuell
company_logo

Informatiker

fenaco, Winterthur, 100%

August 2018 - Juni 2020
company_logo

Informatiker

AAC Infotray AG, Winterthur, 100%

  • Evaluation von Softwarekomponenten für die LimsophyWebapplikation
  • Programmierung von Softwarelösungen mittels PHP, Typescript und JavaScript
  • Definition von Schnittstellen zwischen Webtechnologie und Win32-Entwicklungsteam
  • Beantwortung von Kundenfragen als direkter Ansprechpartner für Fragestellungen zu den Themen Webtechnologie, Webserver und Webservices
  • Installation von Limsophy Weblösungen auf Webserver von Kunden
  • Kundenspezifische Designanpassungen der Limsophy Webapplikation für Kunden

Februar 2016 - März 2018
company_logo

Informatiker

futuretek AG, Zürich, 100%

  • Webseite zur Administration von Speditionswesen in PHP mit Zend-Framework
  • Softwareverwaltung mit GIT, Taskmanagement mit JIRA

November 2015 - Dezember 2015
company_logo

Informatiker

Solution.ch AG, Winterthur, 100%

  • Programmierung und Erweiterung vom hauseigenen CMS und Newsletter-System in PHP und MySQL
  • Integration von PHP in HTML, CSS und JavaScript
  • Prüfen von SQL-Injection, Upload-Sicherheitsanalysen und Schutzmassnahmen
  • Apache Modules, Shell-Skripts

Dezember 2012 - August 2015
company_logo

Informatiker

Lifetime Immobilien GmbH (Konkurs 2012), Volketswil, 100%

  • Eigenentwickelte Webseite zur Verwaltung von Immobilienobjekten und Interessenten.
  • Auf Mac und Debian-Rootserver: Mit GIT, Zend-Framework, HTML5, JavaScript, jQuery, PHP

Juni 2012 - Oktober 2012
company_logo

Informatiker

INM Inter Network Marketing AG, Wetzikon, 100%

  • Programmierung und Design in folgenden Sprachen: PHP, ColdFusion, JavaScript, jQuery, AJAX, HTML, CSS, Java, ANT, SVN Hooks
  • Arbeiten im Bereich Google Merchant, Datenbankwartung und Analyse (MSSQL/MySQL), automatisiertes Softwaredeployment, Webapplikation zur Unterstützung interner Supportabläufe, Testing, API

Mai 2011 - April 2012
company_logo

Informatiker

Transcat PLM GmbH, Effretikon, 100%

  • Selbstständige Applikationsentwicklung im PLM-Umfeld
  • Analyse der Anforderungen, Design, Implementierung, Test und Dokumentation
  • Anwendungsbetreuung inkl. Support
  • .NET, Juniper Router, VPN, Typo3

November 2010 - Februar 2011
company_logo

Informatiker Lehre EFZ Schwerpunkt Applikationsentwicklung

Gartenmann Software AG, Seuzach, 100%

  • PHP, Javascript, HTML/CSS, Windows, Linux, MySQL, MSSQL
  • Windows Batch Scripting, Interne Strukturen: Backup, Systemadministration, VPN
  • Joomla, jQuery, MySQL, Windowsserver- und LinuxserverAdministration, Backup, Anti-Virus, Domänencontroller, DHCP, DNS

August 2007 - August 2010

Education & Certifications

education_logo

ServiceNow

 Certified System Administrator
https://www.servicenow.com ServiceNow Certified System Administrator
2. Oktober 2018
education_logo

Hochschule Luzern, Schweiz

 Certificate of Advanced Studies Information Security – Advanced
  • Technik: SOC, SIEM, Kritische Infrastruktur, Cloud-Computing, Risiken, Forensic Readiness, e-Discovery, IoT, DB Security, Cyber Response, IT-Security Lab
  • Management: Digitalisierung, Innovationen, Informationsmanagement, Cultural Diversity, Führungsverantwortung
  • Recht: Digitale Transformation, Records Management/Archivierung, Beweisbarkeit, IT-Forensik
November 2016 - Februar 2017
education_logo

Hochschule Luzern, Schweiz

 Certificate of Advanced Studies Information Security – Management
  • Technik: Public-Key-Infrastruktur, Hacking / Cracking / Malware, Cloud-Computing, Software as a Service
  • Management: Sicherheitspolitik, Risikomanagment, Information Security Management System, Kontrollen und Audits, IKS, Notfallorganisation, Outsourcing, Physische Sicherheit, Brandschutz
  • Recht: IT-Verträge, Datenschutz, Softlaw/Hardlaw, Fernmelderecht, Elektronischer Geschäftsverkehr
Februar 2015 - Juli 2015
education_logo

Hochschule Luzern, Schweiz

 Certificate of Advanced Studies Information Security – Technology
  • Technik: Netzwerksicherheit, Firewalls, Intrusion Detection/Prevention, Kryptologie, Web Application Security OWASP, IT-Forensik
  • Management: Standards (ISO 2700x, BSI, COBIT), Sicherheitspolitik, Awareness
  • Recht: Rechtsaspekte für Systemverantwortliche (URG, UWG, DSG, StGB, persönliche Verantwortung)
September 2014 - Februar 2015
education_logo

Berufsbildungsschule Winterthur BBW, Schweiz

 Eidgenössisches Fähigkeitszeugnis, Informatiker EFZ Schwerpunkt Applikationsentwicklung
August 2007 - August 2010

Language

Deutsch
Deutsch (Muttersprache)
English
English (very well)
Français
Français (connaissance basique)
Español
Español (debutantes)

ICT Skill

Category
DEV: Application  Python3, AutoIT/AHK  Python2,  C, C++, Lua  Java, Qt, wxPython  Go,  Rust, C#, Ruby
 DEV: Script Bash shell, Bourne shell, Unix commands, Windows PowerShell Windows BAT (Batch), Windows CMD VBA / VBS
DEV: Web  Bootstrap,  CSS3,  HTML HTML5,  Javascript,  Node.js npm,  PHP,  Symfony, Symfony/http-kernel,  Yarn, AJAX, Composer, JQuery, JQuery UI, SCSS SASS, Twig, Typescript, jQuery, webpack-encore  Joomla,  Wordpress, Angular.JS, Doctrine, Require.JS AMD, Zend-Framework, babel, bower, compass  Chrome Extension Development,  Firefox Extension Development  Magento,  Typo3, ColdFusion, Groovy, Laravel
DEVOP: Testing, Deploying, Performance  Git,  Jenkins, PHPUnit, XAMPP, XDebug, sipp (pbx Lasttests)  Gitlab, Git Hooks, LoadUI (Lasttests), Selenium, TeamCity Apache Ant, Code coverage, Codeception, Cypress JUnit, QUnit
OP: Operating Systems  FreeBSD (FreeBSD,Opnsense,Bhyve),  Linux Archlinux,  Linux RedHat=RHEL/CentOS,  Linux Debian-Derivats: [Debian, Ubuntu, Kali, Parrot OS, Whonix, Tails, ..],  Windows (95 - 10,11),  Windows-Server (2008 - 2022), ADDS (Active Directory)  Android / LineageOS, Linux Gentoo, Pfsense, Pinephone Alpine  Macintosh, Knoppix, iOS
OP: PXE Autosetup  CentOS=Kickstart,  Debian=Preseed,  Arch/Gentoo: Bash-Script,  Windows 10,11,2022,2022 Datacenter, netboot.xyz
 OP: Database/Filesystem MySQL / MariaDB, NTFS, SQLite, ZFS (Zettabyte File System) BitLocker, FAT, Linux Unified Key Setup (LUKS), MSSQL, SQL, VMWare, ext3+4, swap Btrfs, Oracle PostgreSQL
OP: Visualisation/Container  Docker, Ansible, Bhyve, VirtualBox Proxmox, Qemu, VMWare, Vagrant HyperV, Kubernets, Terraform, Windows Virtual PC Puppet
OP: Hosting  Cloudflare, Apache inkl. Apachemodules, VirtualBox, nginx Azure, Azure DockerRepo, GITHub, IIS
OP: Network  Cloudflare,  SSL / TLS, API, Apache inkl. Apachemodules, HTTP, HTTPS, JSON, OSI model, OWASP ZAP, OpenVPN, PKI (Public Key Infrastructure), REST, SFTP, SOAP, SSH, VirtualBox, Wireguard, XHR Ajax, nginx ICAP (Internet Content Adaptation Protocol) Proxy, JSON-RPC, Proxy (+ transparent), RDP, Reverse proxy, VNC Load balancing, SMB Samba FTP
SEC: Technology (M)IDS/HIDS/IDS/IPS ((Managed) Host Intrusion Detection/Prevention System) OSSEC,  Endpoint Security, Burp Suite, Content Security Policy (CSP), DHCP Starvation, Firewall: [OpnSense, Pfsense, iptables, etc.], Forensic, HTTP Feature/Permission-Policy, OWASP, Perunsfart, PrintNightmare, R-U-Dead-Yet, Reverse Engineering, SQL Injection, SSLsplit/SSLstrip, Seth (RDP PODDLE-Attack), Transparent Proxy, Wireshark, lsass.exe, mimikatz, nmap Portscanning, slacker.exe  WLAN / WPA / WPA2, WPA2-PSK, RADIUS, Cryptography, ICMP Flooding, Kernel panic, MFTExplorer, MSF Metasploit, Reflective DLL Injection, SELinux, Spoofing, powersploit Buffer- Stackoverflow, Chainsaw, Ghidra, IAM (Identity Access Management), IT-Forensic, Pentesting, SIEM
SEC: anonymization & streaming Amule/Emule, DHT (Distributed hash table), F2F networks, Freenet, Gtkgnutella, I2P, I2PRufus, I2PSnark, JAP/Jondo, P2P networks, Tor, Torrent, Tox Acestream, SopCast GNUNet, Retroshare, Zeronet
SEC: Reversing Cheatengine, Codecaves, DLL Injection, Perunsfart / Unhooking, x64dbg Assembler Pince
Others: standards Agile Developement, Gang Of Four - Design Pattern, KISS (Keep it simple and stupid), SOLID-Development, Scrum Gitflow, XP (Extreme Programming) ISO 2700x BSI, COBIT
Others: misc  Microsoft Office (Access, Word, Excel, Power Point, Outlook),  Asterisk PBX, Chocolatey Packages, IntelliJ IDEA/PHPStorm/Pycharm/CLion/... (Gesamte Suite), SoapUI, Yealink Phones, apt, dnf/yum, pacman, pkg ports, rsync, snap, winget Confluence, Double Commander, IPMI/iLO, Icinga, Insomnia, Jira, Midnight Commander, Plesk, RegEx (Regular Expression) [PCRE, POSIX], TotalCommander, Zabbix, xpra Gimp, Inkscape, Scribus

Quiz

Was ist die Ausgabe von diesem Code?
<script>
"use strict";
var arr = [5,10,15];
[].reverse().forEach.apply(arr.slice().reverse().reverse(), [arr=>{console.log(arr)}]);

</script>
  •   This is valid JS-Code! It may doesn't seem so, because it's written on a single line and the use of fat arrow function.
  •   Correct! The reverse before the [].forEach don't matter because with apply the 'this' object is bounded to our arr array. And the arr array is reversed twice, so in the end it's not reversed.
    Also the function passed to the apply-function has one single parameter which is also called arr, and this arr will gets assigned a single item in loop from the forEach function
  •   The reverse before the [].forEach don't matter because with apply the 'this' object is bounded to our arr array. And the arr array is reversed twice, so in the end it's not reversed.
  •   The function passed to the apply-function has one single parameter which is also called arr, and this arr will gets assigned a single item in loop from the forEach function

   Interests

  •   IT
  •   Gaming
  •   Barbecue
  •   Soccer
  •   Chess
  •   Skiing
  •   E-Scooter

Weird quotes

What does a computer scientist funeral service invitation say?

 What does a computer scientist funeral service invitation say?

ICMP Type 11/Code 0: Time to Live exceeded 😀

The Answer to the Ultimate Question of Life, The Universe, and Everything?

 The Answer to the Ultimate Question of Life, The Universe, and Everything?

42 😀