Marcos is a Sr. Exploit Writer and has been working at Core Security since 2010. He started out on the Exploit Writer Team QA area, and joined the Exploit Writer Team as an Exploit Writer two and half years later. Since then, he has developed exploits for Microsoft Windows, Linux and OS X. Most of them were stack and heap overflows vulnerabilities. He has also spent time working in exploiting web applications, mostly using command injection vulnerabilities. Additionally, he has spent time working on deserialization vulnerabilities.
Currently, he spends much of his time gathering CVEs and PoCs to create modules for Core Impact.
Marco studied engineering technology at Universidad Tecnologica Nacional (UTN). He specializes in reverse engineering, web application exploiting, cracking, cybersecurity research, vulnerability assessment, research and management, and dongle emulation.
Marcos is active in continuing education and knowledge sharing efforts, including multiple presentations at the Ekoparty Security Conference. His publications on this site include:
- Analysis of Cisco AnyConnect Posture (HostScan) Local Privilege Escalation: CVE-2021-1366 - February 2021
- Cisco AnyConnect Posture (HostScan) Security Service Multiple Vulnerabilities - February 2021 (Advisory for CVE-2021-1366)
- WebExec Revolutions: The strange case of the Update Service…that doesn't update - March 2019
- Bypassing CVE-2018-15442: Another case of DLL Hijacking - November 2018
- Corel Software DLL Hijacking - January 2015 (Advisory for CVE-2014-8393, CVE-2014-8394, CVE-2014-8395, CVE-2014-8396, CVE-2014-8397, CVE-2014-8398)
- Delphi and C++ Builder VCL library Heap Buffer Overflow - September 2014 - (Advisory for CVE-2014-0994)
- Delphi and C++ Builder VCL library Buffer Overflow - August 2014 - (Advisory for CVE-2014-0993)
- IcoFX Buffer Overflow Vulnerability - December 2013 - (Advisory for CVE-2013-4988)
- PDFCool Studio Buffer Overflow Vulnerability - October 2013 - (Advisory for CVE-2013-4986)
- Aloaha PDF Suite Buffer Overflow Vulnerability - August 2013 - (Advisory for CVE-2013-4988)