Objective

Hi! My name is Theodor Arsenij! I’m a Security Researcher/Low-level Developer with a particular focus on fuzzing, binary exploitation, reverse engineering and software development. Currently, I’m studying for M.Sc. in Computer Science and Engineering at the Technical University of Denmark (DTU). My previous degree (B.Sc. with Honors in Information Security, GPA 8.84) I got at the Higher School of Economics (HSE) in Moscow.

I’ve got more than 5 years of hands-on experience in the software engineering and cybersecurity fields. Throughout these years I’ve solved a number of problems in various fields doing research, software development, reverse engineering, fuzzing, binary exploitation and more. This journey has not only boosted my tech skills but has also given me a solid grasp of the ins and outs of the industry, from best practices to the entire development process.

I have experience in C, C++, Python, Rust and Java. My main fields of interest are:

  1. 🔥 Low-level development (Drivers, Compilers, OS, Memory management, Emulators, Symbolic Execution engines, etc.), primary language - C++.
  2. ⚡ High-performance computing.
  3. 🔙 Reverse engineering.
  4. 🗡 Vulnerability research (Fuzzing, Static Analysis, Audits).
  5. 💥 Exploit development.
  6. 🧠 Machine learning.

I’m also interested in academic research in the fields stated above.

Despite the fact, that my main focus is cybersecurity, I also have extensive experience in product development. I have worked on a variety of projects, from small utilities to large-scale systems. In addition, I am very passionate about learning and self-improvement in different directions, so I often participate in various conferences, study the latest technologies and more.

In my spare time I enjoy doing photography, playing CTFs, reading books, riding my MTB and learning new things :)

If you need a full version of my CV, or want to contact me, check the Links below.

Skills (Security researcher)

  • Closed/open-source software vulnerability research using static analysis and fuzzing. In particular - CodeQL, AFL++, LibFuzzer, Triton, Angr and more.
  • Deep understanding of Linux/Windows internals, as well as, strong skills in Systems Programming.
  • Exploits development (Windows/Linux/Android), architectures: x86, ARM.
  • Reverse engineering of applications for various operating systems (linux/windows/android), as well as various architectures: x86, ARM, and more.
  • Experience in using different tools for reverse engineering: IDA-pro, Binary Ninja, Ghidra, JEB, Bindiff, Tenet, Lighthouse, etc.
  • Experience in automating reverse engineering tasks. Plugins development for various re-tools including, but not limited to: IDA pro, pwndbg, windbg.
  • Experience in using various tools for dynamic instrumentation: Frida, DynamoRIO.
  • Skills in working with SAT/SMT solvers, especially Z3 and Bitwuzla.
  • Skills in working with frameworks for symbolic execution ANGR, SymCC, KLEE, Triton.
  • Experience in using LLVM to develop custom checkers/passes for the purposes of static analysis and fuzzing.

Skills (Software engineer)

  • Full cycle software development, adhering to industry-leading best practices, including version control with Git, unit testing and fuzzing, performance profiling, static analysis, comprehensive debugging, and containerization with Docker, among others.
  • Extensive expertise in C++ programming, leveraging the Standard Template Library (STL), Boost, and more. Skilled in working with the LLVM compiler infrastructure with particular focus on developing plugins and passes. Experienced with the CMake for streamlined build processes. Skilled in employing Google Test and Google Benchmark frameworks to ensure code quality and benchmark application performance.
  • Proficient in Python, my go-to scripting language for a wide range of tasks, with specialized expertise in web development using Flask and Django. Skilled with building efficient and scalable applications with GRPC. Familiar with database management using Postgres.
  • Competency in algorithmic solution development.
  • Hands-on experience in the fields of Machine Learning (ML) and Computer Vision (CV), encompassing data preprocessing, model training, and deployment. Proficient in developing solutions for AI-based applications.
  • Additionally, have experience working with Rust.

Projects

  • SASCTF 2024 - Developed binary exploitation challenges: Ubercaged and PHP-Phar unsafe deserialization
  • Added experimental LAF/Compcov support for the WTF snapshot fuzzer (2023): pull-request (C++).
  • Flare-On 9 - Finalist (2023) - writeups
  • All-Russian students Olympiad by Yandex - Ya.Professional “Information and cyber security” - 2nd place across the whole country (2023)
  • Frida-based fuzzer for Firefox IPC (2021)
  • Participant of the “Hypervisor Vulnerability Research 101” one-day intro workshop by Alisa Esage (2021)
  • Advanced C++ memory allocator with GC and heuristic layouting for improved CPU cache locality (2020): memplusplus
  • Paseca CTF (2019) - Developed re/pwn challenges: angry, blind road, hidden malware, beehive, honeyback, dynamic, no_out.
  • C++ implementation of different cheat types (with example project): cheat_examples
  • Data structures and algorithms implemented in C++: ds-and-algos

Findings/Contributions

🐘 Postgres (Postgres Pro)

  1. #16953: OOB access while converting “interval” to char

🦎 Firefox (Independent)

  1. Firefox IPC bug (dup)

🔥 Rizin (ISP RAS)

  1. CVE-2022-36042
  2. CVE-2022-36044
  3. CVE-2022-36039
  4. CVE-2022-36040
  5. CVE-2022-36041
  6. CVE-2022-36043

🦕 Pytorch contributor (ISP RAS)

  1. Pull request #94298
  2. Pull request #94295
  3. Pull request #91401
  4. Pull request #94300
  5. Pull request #94297

🚀 Passware

  1. Upload mode dumper
  2. Tenet - ARM32 support

Working Experience

  • Kaspersky Lab. TAR intern.
    • 01.2020 - 11.2021
  • Postgres Pro. Junior developer (information security department).
    • 09.2020 - 11.2021
  • Developer-researcher, ISP RAS (Sydr team)
    • 11.2021 - 03.2023
  • Independent security researcher
    • 09.2019 - still
  • Security Researcher/Developer, Passware (Mobile)
    • 07.2023 - still

Conference Talks

Education

  • Technical University of Denmark (DTU) - M.Sc. “Computer Science and Engineering”. First-year student (2023 - 2025).
  • Higher School of Economics (HSE) - B.Sc. “Information Security”. Bachelor’s degree (2019 - 2023).
    • GPA: 8.84 (with Honours).

Additional Education and Courses

  • Multiple fintech-oriented programs by Sirius University (Innovations in payment systems, Biometry, Information security) (2021 - 2022).
  • Digital security “Summer of hack” (2021)
  • Information security of the financial sector by Sirius University (2020)
  • SAMSUNG IT school (2019)
  • “Informational security” by Sirius for high school students (2018)
  • Innopolis university project school (2018)
  • CISCO CCNA, 2017
  • CISCO IT Essentials, 2016
  • Coursera: Algorithmic Toolbox
  • Coursera: Data Structures
  1. Linkedin: Linkedin
  2. Github: Github
  3. Telegram: Telegram
  4. Twitter: Twitter
  5. Mastodon: Mastodon