$ npm run build
ABLUGG · SOFTWARE ENGINEER
COMPILED SUCCESSFULLY · 0 ERRORS · 0 WARNINGS
⬡  MIZAN · THREAT MODEL · CONFIDENTIAL COMPUTING LAYER
MIZAN NITRO ENCLAVE CORE SERVER COMPROMISE INSIDER THREAT MITM ATTACK SUPPLY CHAIN SELECT AN ATTACK VECTOR FOR MITIGATIONS
→ select an attack vector
Muhammad Ablugg
Muhammad Ablugg
Software Engineer
massrealtyinc.ca · live
CompTIA Security+
Software Engineer

Hired to build it.
Shipped to production.

I'm a full-stack software engineer. My flagship work is massrealtyinc.ca · the complete web platform I was hired to design and build for Mass Realty Inc., a registered Ontario brokerage. It is live, in production, and in daily use. Live MLS listings flow in from the PropTx/AmpRE IDX feed across Ontario, buyers search on an interactive Leaflet map that fetches by visible city rather than radius, sellers get an AI-assisted valuation in four steps, and every dollar figure on the site · CMHC premiums, land transfer tax, first-time buyer rebates · is calculated to Canadian conventions.

Building for a real client changes how you engineer. Features have to earn their place: the calculators feed lead capture, the insights library feeds search traffic, the valuation wizard ends in a CMA request. The platform includes a JWT-authenticated agent portal so brokerage agents manage their own listings, with every operation scoped to the agent who made it. And when my own compliance audit found a feature using IDX data in a way the PropTx agreement prohibited, I removed it · engineering for a real client means building to the contract, not just the spec. I was re-engaged in April 2026 to build the company's second site from scratch · the review that matters most.

I come from security engineering · TEE research, threat modelling, CompTIA Security+ · and it shows up in how I build software: input validation on every form surface, rate limiting at the API layer, session isolation, and audit logging from day one. Security isn't my headline anymore. It's my default.

Live
massrealtyinc.ca · in production for an Ontario brokerage
10+
Features shipped across one client platform
Sec+
Security-certified software engineer
Currently
shippingmassrealtyinc.ca · feature roadmap with the client
studyingsystem design · CISSP domains on the side
focusfull-stack product engineering · secure by default
Shipped Work

What I've built and shipped.

Client Work · In Production
CLIENT PLATFORM · LIVE IN PRODUCTION · FLAGSHIP
MassRealty Inc. · Real Estate Platform
The complete web platform for a Toronto-area brokerage, designed and built end to end. Live MLS listings from the PropTx/AmpRE IDX feed across Ontario are served through a serverless Node.js proxy with a shared 24-hour edge cache. Buyers search on a Leaflet map that fetches by visible city centroids instead of radius, so listings from Windsor to Ottawa never drop off at any zoom level, and a pre-warmed geocoding cache means pins appear instantly. Listing pages generate Schema.org and Open Graph data dynamically and carry price history, "Price Reduced" badges, mortgage and land transfer tax calculators, Walk Score, and demographics. Agents manage their own listings through a JWT-authenticated portal with every operation scoped by middleware. Hired to build it · re-engaged in April 2026 to build the company's second site from scratch.
JavaScript · ES Modules Node.js · Serverless Vercel · Blob Cache Leaflet · MarkerCluster PropTx · AmpRE OData IDX JWT Agent Portal
DOCUMENT  Engineering Case Study SYSTEM  massrealtyinc.ca ENGINEER  Muhammad Ablugg · Full-Stack STATUS  LIVE · IN PRODUCTION
01  The Brief

Mass Realty Inc. is a boutique brokerage serving buyers, sellers, and investors across Mississauga, Oakville, and the Greater Toronto Area. They needed more than a brochure site: live listings, buyer tools that generate leads, a content library that earns search traffic, and a way for staff to manage all of it without calling a developer.

I was hired to deliver the whole thing · design, frontend, backend, data pipeline, and admin tooling. Every page and every feature on the platform is my own work.

02  Architecture

Vanilla JavaScript frontend (ES Modules), Node.js serverless functions on Vercel, PropTx/AmpRE OData API behind a proxy. No framework overhead, SPA-like navigation through sessionStorage state, and a two-layer cache: a server-side Vercel Blob cache shared by every visitor (24-hour TTL, the maximum the IDX agreement allows) plus a client-side pin cache that restores the previous map state instantly.

Map search fetches by visible city centroids, not radius. The frontend detects which Ontario city centroids sit inside the current map bounds and fetches their listings in parallel · the fix for a real bug where distant markets like Windsor and Chatham vanished at certain zoom levels. A background pipeline geocodes street addresses through Nominatim into a persistent Blob geocache, and a warming script pre-populates it for every major Ontario market so first-time visitors see pins immediately.

Listing pages pull full property data · room dimensions, washroom breakdowns, condo details, amenities, open houses, virtual tours · with dynamically generated Schema.org structured data and Open Graph tags, price history charted from OriginalListPrice, and server-side deduplication of properties re-listed under a second MLS number.

The valuation wizard adapts its fields to the property type: a condo asks about floor level, maintenance fees, and view; a detached home asks about lot size and storeys. It ends in a Comparative Market Analysis request · the platform's strongest lead funnel.

03  What Shipped
  • Map search · Leaflet + MarkerCluster · viewport city-centroid fetching · parallel loads
  • Two-layer cache · shared Vercel Blob (24h TTL) + sessionStorage pin cache
  • Geocoding pipeline · Nominatim · persistent geocache · city warming script
  • Listing detail · rooms, washrooms, condo details, amenities, open houses, virtual tours
  • Price history from OriginalListPrice · "Price Reduced" badges · re-listing dedup
  • Schema.org structured data + Open Graph generated per listing · SEO throughout
  • Mortgage calculator · land transfer tax estimator · Walk Score · demographics widget
  • 4-step home valuation wizard · dynamic fields per property type · CMA lead funnel
  • Insights library · 6 long-form buyer & seller guides · transactional email via Resend
  • JWT-authenticated agent portal · agents create, edit, and manage their own listings
  • UX · non-blocking load pill · map position persistence · spiderfy for same-building units · "View on Map" deep links
04  Security & Compliance

My security background shows up in the plumbing rather than the pitch:

  • Agent auth via signed JWT · all CRUD operations scoped to the authenticated agent by middleware
  • Audited the platform against the PropTx IDX Data Agreement · implemented required compliance notices
  • Capped the shared data cache at the 24-hour TTL the agreement requires
  • Removed an AI chat feature that used IDX data in a way prohibited under Section 6.2(k) · shipping sometimes means saying no to your own feature
  • Compliance-aware copy · CMHC, LTT, and valuation disclaimers written to Ontario conventions
Independent Builds
OPEN-SOURCE · LOCAL AI · PRIVACY
Wazier · Private Local AI
An open-source AI desktop app that runs entirely on-device · no cloud, no telemetry, no data harvested. Powered by Ollama, every conversation is encrypted at rest with AES-256-GCM and stored in a local vault. Two separate encrypted stores: a 7-day auto-expiring chat vault and a permanent document vault with local RAG via nomic-embed-text embeddings. Zero bytes leave the machine after setup. If you won't trust a privacy claim without proof, clone it and run it airgapped.
JavaScript · Node.js Electron Open Source AES-256-GCM Local RAG Ollama
FULL-STACK · E2E ENCRYPTED AI
Lexora · Legal AI Platform
Built the full encrypted pipeline between user and AI on Azure Confidential Computing. Messages are encrypted client-side using WebCrypto AES-256-GCM with PBKDF2-derived keys stored in IndexedDB · ciphertext travels to the server, is decrypted inside the Azure TEE boundary, processed by the AI, and re-encrypted before leaving the enclave. Plaintext never exists outside the TEE. MongoDB stores only ciphertext · no plaintext is ever written to the database. Azure attestation endpoint integration confirms enclave integrity before any key material is used. Rate limiting, DDoS protection, and session isolation across the full stack.
Azure Confidential Computing WebCrypto AES-256-GCM PBKDF2 Key Derivation Azure Attestation Node.js
LEGAL TECH · AI MARKETPLACE
CounselConnect
AI-powered legal marketplace co-founded and incubated at the Legal Innovation Zone at Toronto Metropolitan University. Led product from ideation through production · managed MongoDB databases including security updates, data integrity testing, and disaster recovery protocols. Coordinated technical roadmap and sprint deliverables alongside the engineering co-founder.
MongoDB Node.js Legal Innovation Zone · TMU 5 Years
CONFIDENTIAL COMPUTING · SYSTEMS
Mizan · Legal AI Platform
AI cannot process ciphertext, so every AI pipeline has a decryption window. Mizan closes it by running inference inside an AWS Nitro Enclave: data is decrypted and processed in hardware-enforced isolation, and PCR-validated attestation proves enclave integrity before KMS releases key material. My deepest systems work · explore the interactive threat model to see how it holds up.
AWS Nitro Enclaves Cryptographic Attestation Python · Flask React
Security Research & Tooling
AWS NITRO ENCLAVES · SECURITY TOOLING
Nitro Attestation Verifier
Client-side CLI tool and Python library for cryptographically verifying AWS Nitro Enclave attestation documents. Parses COSE_Sign1 and CBOR attestation structures, validates PCR0/1/2 against pinned baseline values, and inspects the X.509 certificate chain back to the AWS Nitro root CA. Three verification modes: descriptive inspection, pin-check against known-good baselines, and JSON output for CI/CD pipeline integration. Directly complements the trust model used in Mizan · the client runs this before trusting any enclave-generated response.
AWS Nitro Enclaves COSE · CBOR PCR Validation X.509 · Certificate Chain Attestation Python
NETWORK ANALYSIS · PYTHON
Scapy Packet Sniffer
Local packet capture tool that performs layer-by-layer dissection from Ethernet through IP to TCP/UDP/ICMP. Detects and parses HTTP, DNS, SMTP, and FTP traffic in real time · outputs hex and ASCII payload representations with configurable per-protocol filters.
Python Scapy Network Analysis Protocol Dissection TCP/IP
APPLIED CRYPTOGRAPHY · PYTHON
Consent-Gated Keystroke Auditor
Local keystroke audit tool built for security research. Requires explicit consent before capture begins · logs keystrokes encrypted at rest using Fernet (AES-128-CBC) with the key file stored at chmod 600. Includes a separate decryption utility for log review. Designed to demonstrate the architectural difference between a malicious keylogger and a consented audit tool.
Python Fernet · AES-128 Applied Cryptography pynput
AWS NITRO ENCLAVES · SUPPLY CHAIN
PCR Baseline Diff
Diagnostic tool for Nitro Enclave attestation drift. When a KMS key policy starts rejecting decryption requests because PCR values changed unexpectedly, this tool diffs two EIF files, walks the binary section table, and attributes the drift to a specific build input · down to the exact Dockerfile layer. What would otherwise require manual bisecting collapses into one command. CI gate via exit codes: 0 for clean, 1 for identified drift, 2 for unattributed drift.
AWS Nitro Enclaves PCR Analysis Supply Chain Integrity EIF Format Python
SUPPLY CHAIN SECURITY · CI/CD
Build Provenance Verifier
Deploy time gate for container supply chain integrity. Verifies that an image is signed by an allowed identity, carries a SLSA provenance attestation, was built by an allowed builder, and originates from an allowed source repository. Designed to run as a CI step before deploy or wired into a Kubernetes admission controller. The third leg of the supply chain story behind Mizan and Lexora · alongside the attestation verifier and PCR baseline diff.
SLSA Provenance Cosign · Sigstore Supply Chain Integrity Kubernetes Python
AI/ML SECURITY · PYTHON
Prompt Injection Fuzzer
Black box fuzzer for LLM endpoints. Sends a corpus of prompt injection payloads across 8 attack categories · direct override, role confusion, encoding smuggling, indirect injection, tool abuse, prompt leak, jailbreak, and gradual escalation · scores each response for compromise indicators, and produces a CI compatible pass/fail report. Supports custom corpora and works against both Anthropic and OpenAI format endpoints. Built to catch system prompt regressions before they ship.
Prompt Injection LLM Security Fuzzing AI/ML Security Python
Technical Writing

Writing it down.

The Nitro Enclave Gotcha That Cost Me 90 Minutes: vsock and a Port That Lied
A deep debugging session from building Mizan. The parent EC2 instance connected to the enclave over vsock without error · but nothing was actually listening. This is the story of how "connected" and "live" are two different things at the transport layer, and the health check pattern that fixes it.
Read on Dev.to
Capability Matrix

Tools of the trade.

Software Engineering
JavaScript · ES Modulesproduction
Node.js · Serverlessproduction
Vercel · Edge Caching · Blobproduction
Leaflet · Interactive Mapsproduction
REST · OData APIsproduction
MLS/IDX Data & Complianceproduction
SEO · Schema.org & OGproduction
Gitproduction
Reactsolid
Pythonsolid
PostgreSQL · MongoDBsolid
Linux · Bashsolid
Security Background
Application Securityproduction
Auth · JWT & Access Scopingproduction
Threat Modellingsolid
Confidential Computing · TEEssolid
Cryptographic Attestationsolid
AI/ML Securitysolid
Supply Chain Integritysolid
AWS · Azure Securitysolid
Wireshark · nmapworking
Kali Linuxworking
Background

Education & training.

SEC
Cybersecurity Bootcamp
Springboard  ·  Sept 2025 – March 2026
BA
Bachelor of Arts, Psychology
McMaster University  ·  Sept 2017 – June 2022
SEC+
CompTIA Security+
March 2026   CISSP · In Progress

I took an unusual route here: a psychology degree, then security engineering, then client work that put my code in production. That path built an engineer who thinks about the user, the maintainer, and the attacker at the same time. Certifications tell you part of the story · the better evidence is live. massrealtyinc.ca is my work, end to end. Judge me on that.

Establish Contact

Let's talk.

Open to Software Engineer roles.
I design, build, ship, and maintain production software for real clients · frontend, backend, data pipelines, and the admin tooling behind them · with security built in from the first commit. If you need an engineer who can own a product end to end, I want to talk.
Get In Touch
One More Thing

Wanna play a game?

are you technical?