Name: Carlos Andres Ramirez
Profile: Computer Engineer
Email: carlos.engineer
Linkedin: Carlos Andres Ramirez
General Skills
Cyber Security 90%Education
- Research student in AI, The University of Tokyo, Japan.
- Master degree in Risk Engineering, CSS Lab, University of Tsukuba, Japan.
- Computer Systems Engineering degree, Universidad de los Andes, Colombia.
Key Technical Skills
- Application security
- Penetration testing
- Software development | C | Ruby | Python
- Threat hunting
- Fraud prevention and anti-fraud system design
- Incident response & computer forensics
About me
M.Sc.Eng., GCFA, GXPN. Computer systems engineer with over 12 years of working experience. My areas of expertise include cybersecurity, software development, AI, fraud prevention and risk management. I have executed and managed cyber-deception operations and incident response tasks across the globe, including highly sensitive investigations on-site in several countries in Asia, Europe and the Americas.
I am a CVE (Common Vulnerabilities and Exposures) and open source contributor.
Vulnerabilities I have recently discovered and responsibly disclosed:
- Feb, 2021: I have been awarded a bounty by Epic Games at Hacker One. [Confidential]
- CVE-2021-20193 [GNU Tar 1.33 – Memory leak]
◦ My original report to the developer
◦ Severity/Impact: 5.5 See the CVSS v.3.x - Nist Database
◦ Difficulty: Very hard. The tar tool is one of the core components of many Linux/*nix operating systems. As such, tar is always undergoing strict security reviews. It took me more than a week to trigger/discover this vulnerability.
- CVE-2021-26826 [Godot Game Engine - Stack overflow]
◦ My original report to the developer
◦ Severity/Impact: 7.8 See the CVSS v.3.x - Nist Database
◦ Difficulty: Hard. Arbitrary code execution vulnerabilities are always difficult to discover. It is particularly true when attempting to exploit media formats, such as images in this case.
- CVE-2020-14409 [SDL Library - Integer overflow]
◦ My original report to the developer
◦ Severity/Impact: 7.8 See the CVSS v.3.x - Nist Database
◦ Difficulty: Hard.
- CVE-2021-20204 [libgetdata v0.10.0 - Use after free()]
◦ Importance: As stated in the libgetdata homepage, the library is used by several research projects at Caltech, Princeton, NASA and other scientific institutions. The library is used by cutting edge research experiments such as Spider that aims to provide data for understanding the origin of the Universe.
◦ My original report to the Linux community on 2021-01-16
◦ Severity/Impact: 9.8 See the CVSS v.3.x - Nist Database
◦ Difficulty: Hard.
- CVE-2020-14410
- CVE-2021-26825
- Many more...