husky photo

revskills

Vulnerability Research

Hello, I'm Francisco Alonso, an Independent Security Researcher. Working in Zero-day research since 2003. These are my main areas of interest (no particular order) :

  • Zero-Day Exploits In The Wild
  • iOS, macOS Kernel LPE & userspace
  • Browsers and JavaScript Engines RCE and Sandbox Escape
  • Fuzzing: Hardware-Traced, Emulation/Hypervisor snapshot, Custom instrumentation and custom Sanitizers (including Kernels). Structure aware mutators, Optimized Schedulers. Binary coverage-guided, distributed.
  • Hardware & Firmware Security: Baseband, Wi-Fi, Bluetooth, USB Restricted Mode, Bootloaders
  • In-memory Anti-Forensics
  • Security Mitigations
  • GNU/Linux Kernel
  • Reverse Engineering
  • Static and Dynamic Analysis
  • Rust, C/C++, Python, JavaScript/TypeScript
I don't focus on public research, but I've disclosed vulnerabilities (some I remember and have a CVE assigned): Public talks :