blog.pentests.pl |

Marcin Gebarowski – Security Researcher

• OSCP and OSCE certified
• winner of SANS 660 and 760 CTF competition
• skilled mobile, thick client and web application vulnerability researcher
• worked with POS terminals and ATMs
• “ex” developer

 

Certs & Trainings

• CEHv8
• SANS 660
• Xipiter: Practical ARM exploitation
• SANS 760
• OSCP
• OSCE
• Corelan “Advanced”

 

Skills

• mobile app testing
• Android and iOS – security & hacking
• application developer
• binary exploitation
• reverse engineering
• binary protocols
• Java, C, C++, C#, Python, Assembly, OpenCL, CUDA

 

Tools

• IDA Pro
• Ghidra
• Frida
• 010 Editor
• Atom

 

Projects

Java

• TCP/UDP Proxy
• Numerous Burp extensions
• Android applications deobfuscator
• Web app for sending big files through email (Struts2, Hibernate)
• CMS (Struts2, Hibernate)
• Tiny CA web app (Struts2)
• Web app for resume creation, result: http://marcing.com.pl (Struts2, Hibernate)
• App for generating usernames from gathered information
• App for enumerating users using SMTP

C/C++

• Android hooking library
• Linux hooking library – LD_PRELOAD
• Bluetooth HID proxy
• Fuzzy logic autopilot for Orbiter Space Flight Simulator

Python

• Client-server architecture using email for data exchange utilizing PGP

 

Education

Wroclaw University of Technology, Poland

2011 - Bachelor of Engineering
2012 - Master of Science in Engineering
Information Systems in Control Engineering

 

Experience

Commonwealth Bank of Australia, Sydney, Australia

Penetration Tester – Senior Penetration Tester
May 2015 – October 2018 – Present

• handling technically demanding projects
• working across multiple areas
• Albert POS device and ATM systems

 

Wroclaw Centre for Networking and Supercomputing, Wroclaw, Poland

Java Web and Application Developer, System Administrator
July 2010 – August 2014

• responsible for designing, developing and maintaining of web applications
• identifying vulnerabilities
• investigating incidents
• system administration: Solaris, RedHat, CentOS, Ubuntu, Debian

 

Wroclaw Centre for Networking and Supercomputing, Wroclaw, Poland

OpenCL Developer in project PRACE
March 2011 – June 2014

• writing benchmarks to test computing hardware and frameworks, porting the existing algorithms (written in CUDA, Fortran or C) to OpenCL

 

Wroclaw Centre for Networking and Supercomputing, Wroclaw, Poland

Java Developer in project “Implementation of public key infrastructure for PIONIER network users”
April 2010 – July 2014

• responsible for integrating and customizing open source CA EJBCA