Soroush Dalili is a Principal Application Security Engineer and seasoned security researcher with over 12 years of professional experience and two decades of hands-on vulnerability research and exploit development. Based in England, he has led application security programs and red-team research at firms like NCC Group, MDSec and Bet365, and now guides security at Bentley Systems while running his own consultancy, SecProject Ltd. He combines deep offensive expertise—authoring and extending tools such as YSoSerial.Net and an IIS short-name scanner—with practical secure development work, threat modeling, and bespoke client training. Known for shipping custom tooling (e.g., Burp Suite extensions and internal scanners) and producing clear, actionable reports, he bridges high-level risk advice with low-level exploit knowledge. His background in both web development and MSc-level computer security gives him a rare full-stack view of how vulnerabilities arise and can be mitigated across teams. Colleagues value that he pairs relentless technical curiosity with a pragmatic focus on remediable outcomes.
12 years of coding experience
7 years of employment as a software developer
MSc. Computer Security, MSc. Computer Security at University of Birmingham
BSc. Electrical Engineering, BSc. Electrical Engineering at Shahid Beheshti University
Deserialization payload generator for a variety of .NET formatters
Role in this project:
Back-end Developer
Contributions:2 releases, 3 reviews, 56 commits in 4 years
Contributions summary:Soroush primarily contributed to enhancing the `ysoserial.net` project, a .NET deserialization payload generator. Their work involved fixing bugs, such as the single quote escaping issue and the Mono gadget functionality. Furthermore, the user implemented new features like the `--bridgedgadgetchains` option and a URL encode function. The user also updated several files and added new gadgets such as DataSetOldBehaviourFromFile and GenericPrincipal, demonstrating a focus on expanding the project's capabilities.
latest version of scanners for IIS short filename (8.3) disclosure vulnerability
Role in this project:
Back-end Developer
Contributions:1 review, 31 commits, 8 PRs in 8 years 7 months
Contributions summary:Soroush appears to be a back-end developer primarily focused on maintaining and updating the IIS short filename scanner. They have made several bug fixes and implemented new features as indicated by the version updates in the commit messages. They have also worked on the configuration and setup of the scanner. Their contributions involve modifying the core Java code of the scanner.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Soroush Dalili - Principal Application Security Engineer