About

It's a me, Babush!

I'm Paolo Montesel, Security Researcher from Italy.

I've done a bunch of security-related stuff over the years, but nowadays I mainly mess with IDA Pro, fuzzers and LLVM.

I like wasting time on snapshot-based fuzzers and coming up with new machanisms to provide feedback to them. You can often find me rambling about how symbolic execution doesn't really work (joke).

Talks:

CVEs:

  • CVE-2019-16160 - DoS in MikroTik RouterOS 6.43.16 SMB server, found using snapshot-based fuzzing.

Stuff I ideated and created:

  • Big Match: my personal research project at rev.ng, ideated and implemented by yours truly. Imagine taking all the C/C++ repos on GitHub and using them to make a search engine that, given a target binary, is able to tell you which open source libraries are embedded in it. That's Big Match. (detailed blog post)

Some things I brag about:

  • 3rd place at Singapore University of Technology and Design's Critical Infrastructure Security Showdown 2019: Red-teaming exercise for industrial control systems (SCADA, PLCs, etc...)
  • 5th place at DEF CON 27 CTF Finals in 2019 w/ mhackeroni
  • 7th place at DEF CON 26 CTF Finals in 2018 as a member of the Italian team mhackeroni
  • Naver LINE's 2018 Bug Bounty Hall of Fame
  • Telecom Italia's Responsible Disclosure Hall of Fame
  • A lot of things I can't share in public :(

Some other security-related things that you might find amusing:

  • Together with my boy abiondo, I wrote a LLVM-based deobfuscation script to solve a Google CTF 2017 challenge. It was selected by Google as one of the best writeups of the competition. Here it is.
  • I wrote an RSA-based obfuscation pass for LLVM.
  • I ported IDA's FLIRT to pure python. It's a straightforward translation from Radare's code, but I'm nonetheless proud of it.
  • I'm a member of the CTF team spritzers.

I also did a bit of Machine Learning in the past and I still try to keep up with recent developments. In 2016, together with a team of fellow students from the University of Padova, I scored a 5th place at the Data Science Game. Particularly funny is the fact that nobody of us was specialized in ML. We were two security researchers and two biomedical engineers.

I'm a Vulcanus in Japan alumnus, lived in Tokyo one year and still know a bit of 日本語。 Would love to go back given the right opportunity.

What I can do for you

I'm available for consulting and training gigs in both English and Italian.

Quick list of my areas of expertise:

  • Binary Reverse Engineering
  • Any kind of fuzzing (snapshot-based, coverage-guided, custom-guided, hybrid, full-system, etc...)
  • Android Reverse Engineering and APK patching
  • Web security
  • Machine Learning

Hit me up if you want my full CV.