- Penetration tests: Web applications/services, network vulnerability scanning
- Evaluate attack vectors/surfaces
- Code reviews (mainly PHP, Java, JavaScript)
- Architecture design reviews
- Create, implement and communicate security requirements
- Develop and hold inhouse security workshops
- Maintain security concepts
- Technical consultancy aimed at securing the global infrastructure of the Scout24 Group
Profile
Victor Dorneanu
Security Engineer
Name:Victor Dorneanu
Date of birth:1988
Address:Berlin
Email:info __ÄÄT__ dornea.nu
If I had to describe myself in one word, that would be: diversity. I love/live life in its entirety! Life’s so terribly short, so don’t waste your time :) Originally I come from Romania Oneşti jud. Bacău), but nowadays I live in Berlin, Germany. At the moment I work as an Application Security Specialist at the biggest broadband cable Internet provider in Germany. Typical computer enthuasiast, you say? Farfetched! Indeed my main and most important affection are computer systems, networks and security etc. Yet there are some domains like Code Auditing, IT Security, Unix/Linux Kernel/Network/System programming and last but not least Software Engineering I’m especially interested in.
Work Experience
- Penetration tests
- Code reviews
- Scan automation
- Implementing own application vulnerability management system
Link: http://vodafone.de
- Penetration tests
- Code reviews
- Scan automation
- Implementing own application vulnerability management system
Research for my Bachelor final degree thesis “Technische Aspekte bei der Portierung einer Gebäudemanagement-Software“‘ (engl. “Technical aspects regarding the migration of a bulding management software”) done for IBM and a global player specialized on building management and automation.
- Research work for seminar contents
- Penetration tests of own infrastructure
- Server hardening
- Web development using Drupal
Link: http://dgi-ag.de/
- Server / Network / RAID administration
- IT assistance / technical support for the students at the institute
- Expansion and support of internal IT infrastructure
- Penetration tests
- Development of own in-house security scanner for web applications
- Code reviews
Link: http://www.meinvz.net/
- Resposible for the backend
- XML/XSD/XSLT/XQuery/XPath
- SQL / pgSQL / PostgreSQL / pgBash / Dynamic SQL
- DB / Server administration
Papers
Feb 2012 -
Jul 2012
Binary analysis – Brief overview
This article was written during an IT security related seminar at the university. It deals with several binary analysis techniques and introduces the BitBlaze project. Also have a look at the final presentation.
Read the article at
Sep 2011 -
Dec 2011
Concurrent annotations
The article introduces a new way to “convert” sequential programming languages to non-sequential ones using concurrent annotations. It looks at CEiffel (Concurrent Eiffel) and JAC (Declarative Java Concurrency) for language specific annotations to establish the concurrency aspect. Also have a look at the final presentation.
Read the article at
2007 -
2007
Viral infections under Linux
This skilled work from 2007 deals with malware (especially viruses) on Linux. You’ll get a pretty good introduction to the world of viruses, how they work and how they are built. Finally my work focuses on ELF (Executable and Linking Format) since this is de-facto the standard for executable files not only for Linux. This is was my final paper in order to get my school leaving examination (german: Abitur).
Read the work at
Activities
Jan 2015 -
Dec 2015
2015
- Released smalisca a static code analysis tool for Smali files
- Started learning for my CCNA
- Wrote about securing OpenVPN (OpenVPN for paranoids)
- Participated at the usd AG hacker day in Hamburg citty (write-up)
- Moved the SVN repo at dl.dornea.nu/svn to git.dornea.nu
Jan 2014 -
Dec 2014
2014
- Monitored and sniffed my Android phone for 24h. Read the article here and here. Also mentioned on iphone-ticker.de.
- netgrafio – a network traffic visualization tool has been released
- BerlinSides 0x5
- Wrote several blog posts on analyzing mobile applications
- Read my personal 2014 review
Jan 2013 -
Dec 2013
2013
- BerlinSides 0x4
- 2. Cyber-Sicherheits-Tag in Darmstadt
- iXKeyLog – a X11 based keylogger for Unix has been released
Jan 2012 -
Jan 2012
2012
- Participated at the Linux Day; represented NetBSD
- 29C3: Chaos Computer Club 29th Congress (own impressions)
Jan 2010 -
Dec 2010
2010
- Participated at the Linux Day; represented NetBSD
- Became member of nullsecurity.net
Contact info
AddressBerlin
Emailinfo __ÄÄT__ dornea.nu
Websitehttp://blog.dornea.nu