It's a me, Babush!
I'm Paolo Montesel, Security Researcher from Italy.
I've done a bunch of security-related stuff over the years, but nowadays I mainly mess with IDA Pro, fuzzers and LLVM.
I like wasting time on snapshot-based fuzzers and coming up with new machanisms to provide feedback to them. You can often find me rambling about how symbolic execution doesn't really work (joke).
- CODE BLUE 2020 - "Reflex: you give me a parser, I give you a token generator"
- CVE-2019-16160 - DoS in MikroTik RouterOS 6.43.16 SMB server, found using snapshot-based fuzzing.
Stuff I ideated and created:
- Big Match: my personal research project at rev.ng, ideated and implemented by yours truly. Imagine taking all the C/C++ repos on GitHub and using them to make a search engine that, given a target binary, is able to tell you which open source libraries are embedded in it. That's Big Match. (detailed blog post)
Some things I brag about:
- 3rd place at Singapore University of Technology and Design's Critical Infrastructure Security Showdown 2019: Red-teaming exercise for industrial control systems (SCADA, PLCs, etc...)
- 5th place at DEF CON 27 CTF Finals in 2019 w/ mhackeroni
- 7th place at DEF CON 26 CTF Finals in 2018 as a member of the Italian team mhackeroni
- Naver LINE's 2018 Bug Bounty Hall of Fame
- Telecom Italia's Responsible Disclosure Hall of Fame
- A lot of things I can't share in public :(
Some other security-related things that you might find amusing:
- Together with my boy abiondo, I wrote a LLVM-based deobfuscation script to solve a Google CTF 2017 challenge. It was selected by Google as one of the best writeups of the competition. Here it is.
- I wrote an RSA-based obfuscation pass for LLVM.
- I ported IDA's FLIRT to pure python. It's a straightforward translation from Radare's code, but I'm nonetheless proud of it.
- I'm a member of the CTF team spritzers.
I also did a bit of Machine Learning in the past and I still try to keep up with recent developments. In 2016, together with a team of fellow students from the University of Padova, I scored a 5th place at the Data Science Game. Particularly funny is the fact that nobody of us was specialized in ML. We were two security researchers and two biomedical engineers.
I'm a Vulcanus in Japan alumnus, lived in Tokyo one year and still know a bit of 日本語。 Would love to go back given the right opportunity.
What I can do for you
I'm available for consulting and training gigs in both English and Italian.
Quick list of my areas of expertise:
- Binary Reverse Engineering
- Any kind of fuzzing (snapshot-based, coverage-guided, custom-guided, hybrid, full-system, etc...)
- Android Reverse Engineering and APK patching
- Web security
- Machine Learning
Hit me up if you want my full CV.