David Bors

David Bors, Security Research Engineer Enthusiast about anything CS-related. Interested in cybersecurity, both black-box and white-box scenarios. I love to work in teams with interesting people, but I’m not afraid to do things on my own either.- ® davidbors.carrd.co ‡ davidxbors Ó- Bucharest, Romania PROGRAMMING LANGUAGES Python C Haskell Java C++ Bash Javascript Golang EDUCATION Faculty of Automatic Control and Computer Science University Politehnica of Bucharest 2020 – 2024 Bucharest, Romania High School National College "Vasile Alecsandri" 2016 – 2020 Galat, i, Romania EXPERIENCE SECURITY RESEARCH ENGINEER PENTEST-TOOLS.COM October 2022 - Present • Member of Sniper automated exploitation tool developer team. Here I develop stable and high-performance software designed to identify and detect vulnerabilities within software products. I research ways to exploit known vulnerabilities and then write software that automates their exploitation. • For every new exploit, I also write its description, risk description, evidence, and recommendations, having this way experience in writing assessment reports. • In addition, I improved the tool capabilities and worked cross-team to improve other tools. Lately, I started also working on a tool that detects remotely • • • • • • exploitable vulnerabilities and misconfigurations in Kubernetes clusters. I also authored technical cybersecurity articles and videos showcasing the work I’ve done: https://pentest-tools.com/blog/xz-utils-backdoor-cve- https://pentest-tools.com/blog/how-to-get-rce-confluence-cves https://www.youtube.com/watch?v=UwifLZ5a2dA https://www.youtube.com/watch?v=KWjuzxGoq-Y https://www.youtube.com/watch?v=mDcls4NGxVk SECURITY RESEARCH INTERN PENTEST-TOOLS.COM July 2022 - October 2022 • Started working as a member of Sniper automated exploitation tool developer team. SECURITY RESEARCH INTERN MALUS SECURITY December 2021 - June 2022 • Working on iExtractor-manager, a tool that extracts useful information from IPSWs. WEB DEVELOPER INVATAMANTUL GALATEAN August 2019 - April 2020 • Creating multiple news websites for them. WEB DEVELOPER CNVA Galat, i February 2018 - June 2020 • Working on various websites for this high-school, one of them being their main website cnva.eu. Note that I’m not responsible of any updates that oc- cured since I stopped working on this project. CERTIFICATIONS eJPT Credential ID:- Smart Contracts Hacking Course Credential ID:b0bce20aaac578d72ea98b9e5e5c87915a9813e8d1ba049ad1cc2d319db9bd5c OTHER ACTIVITIES AND PROJECTS - SNIPPETS OF MY PERSONAL PROJECTS Bug-Bounty Open-Source Code Auditing I enjoy hunting for vulnerabilities in bug I look over open-source projects and try to find bounty programs. I look mostly into web vulnerabilities in the codebase. Pursuing this enapplications and network services, but endeavor I’ve managed to find vulnerabilities such joy dabbling in code-audit, especially for as XSS, Open-Redirects, and RCE via Deserialsmart contracts as well. I’ve even managed ization. to contribute to security programs such as https://www.cyber.gouv.qc.ca/en/report/contributors. Security Summer School Training Last year I started taking part in organising Security Summer School. I had to oversee classes about SQL Injections and End-to-End attacks. This meant preparing the slides, presenting the information to the students, and then helping them with their hands-on assignments. LANGUAGES Romanian Mother tongue English Proficient Speaker - CPE Certificate German Advanced Level