Objective

Hi! My name is Theodor Arsenij! I’m a Security Researcher/Low-level Developer with a particular focus on fuzzing, binary exploitation, reverse engineering and software development. Currently I’m studying for M.Sc. in Computer Science and Engineering at the Technical University of Denmark (DTU). My previous degree (B.Sc. with Honors in Information Security, GPA 8.84) I got at the Higher School of Economics (HSE) in Moscow. I’ve got more than 4 years of hands-on experience in the software engineering and cybersecurity fields, and my overall work experience spans over 5.5 years. Throughout these years I’ve solved a number of problems in various fields doing research, software development, reverse engineering and more. This journey has not only boosted my tech skills but has also given me a solid grasp of the ins and outs of the industry, from best practices to the entire development process.

I have experience in C, C++, Python, Rust and Java. My main fields of interest are:

  1. 🔥 Low-level development (Drivers, Compilers, OS, Memory management, Emulators, Symbolic Execution engines, etc.), primary language - C++.
  2. ⚡ High-performance computing.
  3. 🔙 Reverse engineering.
  4. 🗡 Vulnerability research (Fuzzing, Static Analysis, Audits).
  5. 💥 Exploit development.
  6. 🧠 Machine learning.

I’m also interested in academic research in the fields stated above.

Despite the fact, that my main focus is cyber security, I also have extensive experience in product development. I have worked on a variety of projects, from small utilities to large-scale systems. In addition, I am very passionate about learning and self-improvement in different directions, so I often participate in various conferences, study the latest technologies and more.

If you need a full version of my CV, or want to contact me, check the Links below.

Skills (Security researcher)

  • Closed/open-source software vulnerability research using static analysis and fuzzing. In particular - CodeQL, AFL++, LibFuzzer, Triton, Angr and more.
  • Deep understanding of Linux/Windows internals, as well as, strong skills in Systems Programming.
  • Exploits development (Windows/Linux/Android), architectures: x86, ARM.
  • Reverse engineering of applications for various operating systems (linux/windows/android), as well as various architectures: x86, ARM, and more.
  • Experience in using different tools for reverse engineering: IDA-pro, Binary Ninja, Ghidra, JEB, Bindiff, Tenet, Lighthouse, etc.
  • Experience in automating reverse engineering tasks. Plugins development for various re-tools including, but not limited to: IDA pro, pwndbg, windbg.
  • Experience in using various tools for dynamic instrumentation: Frida, DynamoRIO.
  • Skills in working with SAT/SMT solvers, especially Z3 and Bitwuzla.
  • Skills in working with frameworks for symbolic execution ANGR, SymCC, KLEE, Triton.
  • Experience in using LLVM to develop custom checkers/passes for the purposes of static analysis and fuzzing.

Skills (Software engineer)

  • Full cycle software development, adhering to industry-leading best practices, including version control with Git, unit testing and fuzzing, performance profiling, static analysis, comprehensive debugging, and containerization with Docker, among others.
  • Extensive expertise in C++ programming, leveraging the Standard Template Library (STL), Boost (to a lesser extent), and more. Skilled in working with the LLVM compiler infrastructure with particular focus on developing plugins and passes. Experienced with the CMake for streamlined build processes. Skilled in employing Google Test and Google Benchmark frameworks to ensure code quality and benchmark application performance.
  • Proficient in Python, my go-to scripting language for a wide range of tasks, with specialized expertise in web development using Flask and Django. Skilled with building efficient and scalable applications with GRPC. Familiar with database management using Postgres.
  • Competency in algorithmic solution development.
  • Hands-on experience in the fields of Machine Learning (ML) and Computer Vision (CV), encompassing data preprocessing, model training, and deployment. Proficient in developing solutions for AI-based applications.
  • Additionally, have experience working with Rust.

C++ projects

  • Added LAF/Compcov support for the WTF snapshot fuzzer: pull-request (C++).
  • Advanced C++ memory allocator with GC and heuristic layouting for improved CPU cache locality: memplusplus
  • Informational security competition tasks development: Paseca CTF. (Tasks developed by me: angry, blind road, hidden malware, beehive, honeyback, dynamic, no_out).
  • C++ implementation of different cheat types (with example project): cheat_examples
  • Data structures and algorithms implemented in C++: ds-and-algos
  • C++ implementation of advanced data embedding technique: reversible-data-hiding

Findings/Contributions

🐘 Postgres (Postgres Pro)

  1. #16953: OOB access while converting “interval” to char

🦎 Firefox (Independent)

  1. Firefox IPC bug (dup)

🔥 Rizin (ISP RAS)

  1. CVE-2022-36042
  2. CVE-2022-36044
  3. CVE-2022-36039
  4. CVE-2022-36040
  5. CVE-2022-36041
  6. CVE-2022-36043

🦕 Pytorch contributor (ISP RAS)

  1. Pull request #94298
  2. Pull request #94295
  3. Pull request #91401
  4. Pull request #94300
  5. Pull request #94297

🚀 Passware

  1. Upload mode dumper
  2. Tenet - ARM32 support

Working Experience

  • Kaspersky Lab. TAR intern.
    • 01.2020 - 11.2021
  • Postgres Pro. Junior developer (information security department).
    • 09.2020 - 11.2021
  • Developer-researcher, ISP RAS (Sydr team)
    • 11.2021 - 03.2023
  • Independent security researcher
    • 09.2019 - still
  • Security Researcher/Developer, Passware (Mobile)
    • 07.2023 - still

Education

  • Higher School of Economics (HSE) - B.Sc. “Information Security”. Bachelor’s degree (2019 - 2023).
    • GPA: 8.84 (with Honours).
  • Technical University of Denmark (DTU) - M.Sc. “Computer Science and Engineering”. First-year student (2023 - 2025).
    • GPA: ???

Conferences participation

  • 2019 - Positive Hack Days, OffZone, Zeronights
  • 2021 - Zeronights, ISP RAS Open
  • 2022 - Positive Hack Days, ISP RAS Open, VolgaCTF-Conf
  • 2023 - Positive Hack Days, Nordic Fintech Week

Conference Talks

Certificates

Participant in various educational programs/competitions in the IT field

  • CISCO IT Essentials, 2016
  • CISCO CCNA, 2017
  • 🚀 Participation in various CTFs, 2017 - till now
  • Innopolis university project school, 2018
  • “Informational security” by Sirius, 2018
  • SAMSUNG IT school, 2019
  • “Information security of the financial sector” by Sirius university, 2020
  • 🚀 Hypervisor Vulnerability Research 101 (By Alisa Esage) (Part of the full course), June 2021
  • 🚀 Digital security “Summer of hack” (Firefox IPC fuzzing), July 2021
  • Fintech programs by Sirius University:
    • Information security of the financial sector, 2021
    • Biometry, 2021
    • Innovations in payment systems, 2022
  • 🚀 FLARE-ON #9 Finalist, 2022
  • All-Russian students Olympiad by Yandex - Ya.Professional “Information and cyber security” - 2nd place across the whole country, 2023

Extracurricular activities

  • Freshmans’ curator, 2019 - 2022
  • Organizer of the cultural and educational events, 2019 - 2022
    • Curators school, 2022
    • Faculty day, 2022
    • Whole faculty party (350+ people), 2021, 2022
  • 🚣‍♀️ HSE rowing team member
  • Street photographer
  • Cyclist (MTB/road)
  • 💻 CTF team captain
  1. Linkedin: Linkedin
  2. Github: Github
  3. Telegram: Telegram
  4. Twitter: Twitter
  5. Mastodon: Mastodon