CV - Andras Gemes

András Gémes

shadowshell.io | github.com/gemesa | linkedin.com/gemesa | gemesa@protonmail.com

Summary

Security researcher with 8 years of experience. Hands-on experience in malware analysis, reverse engineering and vulnerability research. Certified in Sec+, CASP+/SecX, CEH and others. LLVM compiler engineering (code obfuscation) and embedded systems background. Open to roles in malware analysis, reverse engineering and vulnerability research.

Work experience

Security Researcher @ HighTec EDV-Systeme GmbH - Budapest, Hungary Feb 2023 – Present

Analyzing Windows, Linux and Android malware, writing detection rules and config extractors (Ghidra, Python)
Implementing custom LLVM-based code obfuscator pass plugins based on malware research
Evaluating security impact of reported LLVM vulnerabilities as a member of the LLVM security group
Hardening the Rust toolchain binaries against reverse engineering

Application Security Engineer @ Knorr-Bremse - Budapest, Hungary May 2018 – Jan 2023

Implemented and evaluated static application security testing across embedded C codebases
Resolved embedded systems vulnerabilities discovered through code review and AFL++ fuzzing
Developed embedded C software (memory, RTOS and communication modules)
Built iOS and Android apps for real-time vehicle data visualization

Technical skills

Reverse engineering (static): DiE, Ghidra, IDA, ILSpy, dnSpy, Binwalk, Apktool, jadx, otool, ipsw

Reverse engineering (dynamic): x64dbg, Sysinternals, LLDB, GDB, Frida, ADB, QEMU, Qiling, VirtualBox, strace

Detection engineering: YARA, Sigma, Suricata, capa

Programming languages: C, C++, Rust, Objective-C, Swift, Python 3, Java, Assembly (ARM64, x86-64), Bash

Vulnerability research: checksec, ROPgadget, AFL++

Network analysis and protocols: Wireshark, Zeek, FakeNet-NG, INetSim

Platforms and DevOps tools: Linux (Fedora, Ubuntu), macOS, Windows, Git, Docker, GitHub Actions, Jenkins

Certifications

CompTIA Security+, CompTIA CASP+/SecurityX, EC-Council CEH, TCM Security PMAT, Invoke RE IMBT and others.

Open source contributions

ghidra: contributing bug reports and patches to Ghidra, focusing on the BSim, Debugger and FunctionID features
threat-detection-rules: publishing YARA, Sigma and Suricata rules for analyzed malware families
ghidra-scripts | reversing-scripts: developing custom scripts to support reverse engineering
phantom-pass: implementing custom LLVM-based code obfuscator pass plugins
rust-arm64: writing a Rust book about analyzing Rust-to-ARM64 compilation

Education

MSc in Mechatronics Engineering @ Budapest University of Technology and Economics Feb 2016 – June 2018

BSc in Mechatronics Engineering @ University of Pannonia Sept 2012 – Jan 2016

Continuous education

Currently learning on Mobile Hacking Lab (Android and iOS application security courses).