Profile

Victor Dorneanu

Professional Security Engineer

Name:Victor Dorneanu

Date of birth:1988

Address:Berlin

Email:no-spam__ÄÄT__ dornea.nu

Website:http://blog.dornea.nu

If I had to describe myself in one word, that would be: diversity. I love/live life in its entirety! Life’s so terribly short, so don’t waste your time 🙂 Originally I come from Romania Oneşti jud. Bacău), but nowadays I live in Berlin, Germany. At the moment I work as an Application Security Specialist at the biggest broadband cable Internet provider in Germany. Typical computer enthuasiast, you say? Farfetched! Indeed my main and most important affection are computer systems, networks and security etc. Yet there are some domains like Code Auditing, IT Security, Unix/Linux Kernel/Network/System programming and last but not least Software Engineering I’m especially interested in.

Resume

Activities

Jan 2018 - Dec 2018

2018

Returned from my sabbatical in August
Started dealing with AWS at Scout24

Jan 2017 - Dec 2017

2017

I’ve married 🙂
I’ve started my sabbatical together with my wife (you can read more on our coffeebanana.de blog)

Jan 2016 - Dec 2016

2016

I’ve left VODKA and started working for ImmobilienScout24
Visited the AWS Summit in Berlin
Visited the Digital Future event in Berlin
My very first time at the hack.lu conference
I did a lot of ringzer0 CTFs
I did some fuzzing on the conntrack tools

Jan 2015 - Dec 2015

2015

Released smalisca a static code analysis tool for Smali files
Started learning for my CCNA
Wrote about securing OpenVPN (OpenVPN for paranoids)
Participated at the usd AG hacker day in Hamburg citty (write-up)
Moved the SVN repo at dl.dornea.nu/svn to git.dornea.nu

Jan 2014 - Dec 2014

2014

Monitored and sniffed my Android phone for 24h. Read the article here and here. Also mentioned on iphone-ticker.de.
netgrafio – a network traffic visualization tool has been released
BerlinSides 0x5
Wrote several blog posts on analyzing mobile applications
Read my personal 2014 review

Jan 2013 - Dec 2013

2013

BerlinSides 0x4
2. Cyber-Sicherheits-Tag in Darmstadt
iXKeyLog – a X11 based keylogger for Unix has been released

Jan 2012 - Jan 2012

2012

Participated at the Linux Day; represented NetBSD
29C3: Chaos Computer Club 29th Congress (own impressions)

Jan 2010 - Dec 2010

2010

Participated at the Linux Day; represented NetBSD
Became member of nullsecurity.net

Papers

Feb 2012 - Jul 2012

Binary analysis – Brief overview

This article was written during an IT security related seminar at the university. It deals with several binary analysis techniques and introduces the BitBlaze project. Also have a look at the final presentation.

Read the article at

FU Berlin

Sep 2011 - Dec 2011

Concurrent annotations

The article introduces a new way to “convert” sequential programming languages to non-sequential ones using concurrent annotations. It looks at CEiffel (Concurrent Eiffel) and JAC (Declarative Java Concurrency) for language specific annotations to establish the concurrency aspect. Also have a look at the final presentation.

Read the article at

FU Berlin

2007 - 2007

Viral infections under Linux

This skilled work from 2007 deals with malware (especially viruses) on Linux. You’ll get a pretty good introduction to the world of viruses, how they work and how they are built. Finally my work focuses on ELF (Executable and Linking Format) since this is de-facto the standard for executable files not only for Linux. This is was my final paper in order to get my school leaving examination (german: Abitur).

Read the work at

dl.dornea.nu/pdf

Work Experience

Mar 2016 - present

Immobilien Scout GmbH

Professional Security Engineer

Penetration tests: Web applications/services, network vulnerability scanning
Evaluate attack vectors/surfaces
Code reviews (mainly PHP, Java, JavaScript)
Architecture design reviews
Create, implement and communicate security requirements
Develop and hold inhouse security workshops
Maintain security concepts
Technical consultancy aimed at securing the global infrastructure of the Scout24 Group

Sep 2015 - Feb 2016

Vodafone Kabel Deutschland GmbH

Application Security Specialist

Penetration tests
Code reviews
Scan automation
Implementing own application vulnerability management system

Link: http://vodafone.de

Dec 2012 - Sep 2015

Kabel Deutschland GmbH

Application Security Specialist

Penetration tests
Code reviews
Scan automation
Implementing own application vulnerability management system

Link: http://www.kabeldeutschland.de/

Jun 2012 - Jun 2012

IBM Deutschland GmbH

Working student

Research for my Bachelor final degree thesis “Technische Aspekte bei der Portierung einer Gebäudemanagement-Software“‘ (engl. “Technical aspects regarding the migration of a bulding management software”) done for IBM and a global player specialized on building management and automation.

Link: http://www.ibm.com/de/de/

Oct 2011 - Aug 2012