- My best project so far (More than 650 downloads wow!) , a tiny OS for the PIC18 plataform Picix
- SmartMap (J2ME, for cell phones). This is not my best project in my opinion, but it has >200 downloads per day, so surely is the most popular.
- GDB Patches, some small gdb patches to add functionality and missing commands.
- Google Android Debugging Utilites, including gdb, strace and bash, indispensable tools for android hax0ring.
- My FPGA page, some projects involving a not very small FPGA that i bought some time ago.
- I have crafted my own linux distro for this board, I call it: virtex-linux !
- Some heavy algorithms implemented on a couple of tiny and slow devices:
- PIC18 RSA, implementation of the RSA public-key algorithm for PIC18 and dsPIC30 microcontrollers.
- Reed Solomon, implementation of the Reed Solomon error correction scheme, for PIC18 and dsPIC30 devices.
- Eccchain - Error correction chain, this is a simulator for my thesis project
- Talks and articles that I managed to appear or contribute in some way.
- Vacuum Tube Headphone Amp, a retro-hardware project.
Security:
As an exploit writer of Core Security, I have discovered and exploited some security bugs. My speciality is open-source software vulnerabilities:
- ProFTPD "mod_ctrld" privilege scalation
- Synce Remote command Injection (Oren Isacson did the exploit in this one)
- Firebird Multiple Vulnerabilites (Did some research to help Damian Frizza in this one)
- MPlayer 1.0rc2 buffer overflow vulnerability (Together with Damian Frizza too)
- GNU ED heap buffer overflow (It was hard, considering the small source code of ED )
- Vinagre "vinagre_utils_show_error()" Format String Vulnerability
- Qemu and KVM VNC server remote DoS
- Amaya multiple Stack buffer overflows : Dan Crowley found the first bug, I just did the detailed analysis and found a couple of additional bugs (more like 50 overflows), most of them still exists. I recommend Amaya as a tutorial for vulnerability research, because is written very very badly.
- Multiple VNC Clients Multiple Integer Overflow Vulnerabilities I just did a small analysis for this bug, the credit must remain on Futo and Fernando, they did most of the work.
- And my "Attention whore" bugs :)
- OpenBSD's IPv6 mbufs remote kernel buffer overflow (Gerardo Richarte did much of the exploit design) (It made to slashdot!)
- Multiple vulnerabilities in Google's Android SDK (This was a hard one) (It made to slashdot too!)
- NASA CDF stack overflow: Simple bug, but very fun!
- NASA BigView stack overflow: I don't think that this one is "Highly critical" but anyway, it was a little hard to exploit.
BIOS Rootkit Attack (With Anibal Sacco) Yess! another hit on Slashdot. This is not even a vulnerability, but hey, we made the PoC, it really works, and was the result of two research weeks of pure fun.
Personal and pictures:
BlackHat/Defcon 2007, great times!
Pictures Here!
If you can read spanish, take a look at my "Curriculum"
Ok, this is my real Curriculum in LinkedIn
Some papers that I made in the past.
The infamous "coplitas" (A prank that I and a couple of friends made 10 years ago in high school)
Also, I have a small bike, pics here.
http://picix.sourceforge.net/electricangel
Links to friend's pages:
exploiting.wordpress.com - The adventures of Anibal Sacco
http://breakingcode.wordpress.com/ - Because is not broken enough
ret2libc.blogspot.com - The evil blog of Sebastian "Topo" Muñiz
La pilita de Gutes - Gutes' stack
