-` marco@github
.o+` ─────────────────────────────
`ooo/ OS: CachyOS (btw)
`+oooo: Role: Cybersecurity Working Student · SOC/VulnMgmt
`+oooooo: Edu: B.Sc. Computer Science @ HHU Düsseldorf
-+oooooo+: Uptime: fuzzing since ~2024
`/:-:++oooo+: Shell: AFL++ | Ghidra | Python | C
`/++++/+++++++: CVE: 1 (Assimp X-file parser, OOB write)
`/++++++++++++++: Hobbies: ebike-hacking, 3d-printing, home-assistant
`/+++ooooooooooooo/` Packages: too-many-side-projects (AUR)
./ooosssso++osssssso+` ─────────────────────────────
.oossssso-````/ossssss+` $ whoami
-osssssso. :ssssssso. > I take software apart until it admits
:osssssss/ osssso+++. > to memory corruption — and hardware
/ossssssss/ +ssssooo/- > apart until it accepts open-source firmware.
`/ossssso+/:- -:/+osssso+-
`+sso+:-` `.-/+oso:
`++:. `-/+/
.` `/
- 🐛 Fuzzing campaigns with AFL++ against C/C++ parsers (3D file formats, multimedia decoders) on dedicated fuzzing infrastructure
- 🚲 Open-source tooling for the OpenSourceEBike community — reverse engineering the APT Burn Tool and building a free cross-platform implementation for Linux/macOS
- 🛡️ Vulnerability management at scale — aggregating and prioritizing findings from multiple scanners across thousands of assets
- 📧 Phishing triage automation using the Microsoft Graph API
| What | Details |
|---|---|
| CVE: Assimp Out-of-Bounds Write | OOB write (CWE-787) in the X-file parser of the Assimp 3D library, found via AFL++, responsible disclosure through GitHub Security Advisory |
| FFmpeg HEVC | Integer overflow analysis in the HEVC decoder |
| Approach | Coverage-guided fuzzing → crash triage → root cause analysis → disclosure |
class Marco:
def weekend(self):
return random.choice([
"tear down a TSDZ2 mid-drive and flash OSF",
"feed the Bambu Lab P1S (PETG, ASA, PA6)",
"build Home Assistant automations nobody needs but everyone wants",
"tune the balcony solar setup for zero-export",
"go fishing (the fish fuzz back)",
])
"Undefined behavior is just behavior you haven't defined yet."