Hector Marco

Concluding PhD in Computer Science, Cyber Security


My name is Hector Marco. I am concluding a computer science Ph.D on Security systems at UPV. Currently I am working as a security researcher at CyberSecurity UPV.

My research aims to identify and thwart critical security threats focusing on servers and smartphone platforms. I am interested on design and the study of low level protection mechanism to improve it. I particularly enjoyed hacking the libraries and the kernel of Linux.

I am fortunate to be advised by Prof. Ismael Ripoll who is supervising my thesis.

Education

Present PhD in Computer Science, Cyber Security UPV
2010 Master's degree, Industrial Computing and Control Systems UPV
2009 Bachelor of Science in Computer Science UPV

Professional background

2010 - present Cyber-Security researcher UPV
2014 - 2014 Researcher visitor at Czech Technical University in Prague CVUT
2007 - 2010 Researcher fellow UPV

Patents

Title :   Renew Stack Smashing Protector (RenewSSP)
Inventors :   Hector Marco & Ismael Ripoll
Date :   August 2013
Status :   Patentability analysis


Awards

Title :   Offset2lib: Bypassing Full ASLR On 64bit Linux
Description :   Packet Storm Bug Bounty Program
Classification :   1-day
Researches :   Hector Marco & Ismael Ripoll
Date :   April 2014


Publications

On the Effectiveness of Full-ASLR on 64-bit Linux [+info]
Héctor Marco and Ismael Ripoll.
In-depth security conference 2014 europe, (DEEPSEC 2014)

On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows [PDF]
Héctor Marco and Ismael Ripoll.
The 13th IEEE International Symposium on Network Computing and Applications (IEEE NCA14)

Preventing Memory Error Exploitation Through Emulation-based Processor Diversification [Book]
Héctor Marco, Ismael Ripoll, Juan-Carlos Ruiz and David De Andrés.
Emerging Trends in ICT Security, 1st Edition (ICT 2013)

Preventing brute force attacks against stack canary protection on networking servers [PDF]
Héctor Marco and Ismael Ripoll.
The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13)

Preventing Memory Errors in Networked Vehicle Services Through Diversification [PDF]
Héctor Marco, Juan-Carlos Ruiz, David De Andrés and Ismael Ripoll.
Proceedings of Workshop CARS (2nd Workshop on Critical Automotive applications: Robustness & Safety) of the 32nd International Conference on Computer Safety, Reliability and Security. (Safecomp 2013)



Code Vulnerability Analysis



Published CVE's

Date CVE # Product Description Vulnerability type
2015 CVE (pending) Android To be disclosed To be disclosed
2015 CVE (pending) Grub2 To be disclosed To be disclosed
2015 CVE (pending) Linux ASLR <= 4.0 Reduced mmapped files entropy Improper alignment
2015 CVE (pending) Linux ASLR <= 3.18 Reduced mmap entropy Improper mask manipulation
2015 CVE-2015-1593 Linux ASLR <= 3.19 Reduced stack entropy Integer overflow
2015 CVE-2015-1574 Google Email 4.2.2 Denial of Service Incorrect headers handling
2014 CVE-2014-5439 sniffit <= 0.3.7 Root shell Stack buffer overflow
2014 CVE-2013-6825 DCMTK <= 3.6.1 Root Privilege escalation Drop privileges failed
2014 CVE-2014-1226 s3dvt <= 0.2.2 Root shell (II) Drop privileges failed
2013 CVE-2013-6876 s3dvt <= 0.2.2 Root shell (I) Drop privileges failed
2013 CVE-2013-4788 Glibc <= 2.17 No pointer protection Incorrect implementation

Other Vulnerabilities

Date Product Description Vulnerability type
2014 Bash <= 4.3 Root shell Bash drop privileges failed
2014 Bash <= 4.3 Crash Bash improper input handling
2014 Irssi <= 8.16 Root shell Irssi drop privileges failed
to be disclosed Konica printer To be disclosed To be disclosed

Published Attacks

Date of disclose Attack Name Description Platform
2014 Offset2lib Bypass 64-bit ASLR in < 1 second 32/64-bit Linux
To be disclosed Jmp2non-ssp Bypass the SSP 32/64-bit Linux
To be disclosed CRTµROP Bypass the ASLR 32/64-bit Linux

Published exploits

Date Vendor Description Affected Download
2015 Email Android 4.2 Remote Denial of service in Android Email app. Android [exploit]
2014 Linux <= 3.18 Offset2lib: Bypass 64-bit ASLR in < 1 second Linux [exploit]
2014 Sniffit <= 0.3.7 Sniffit Stack buffer overflow - root shell Linux [exploit]
2013 Glibc <= 2.17 Glibc PTR Mangle encryption useless - PoC Linux [PoC]

Published Protection techniques

Date Name Description Attack mitigated
To be published ASLR-NG Address Space Layout Next Generation Offset2lib attack
2013 RenewSSP A modification of the Stack Smashing Protector SSP brute force attacks


Projects with active participation (most relevant)

2012 - 2014 High Integrity Partitioned Embedded Systems UPV
2010 - 2012 System Impact of Distributed Multicore systems (EADS) UPV
2009 - 2011 Securization of embedded systems UPV
2008 - 2009 TECOM: Trusted Embedded Computing UPV
2008 - 2009 Securization of distributed embedded systems UPV

Other research activities

Date Journal/Conference Activity Website
2014 ETACMOS Collaborating as a journal reviewer ETACMOS 2014
2014 20th IEEE RTAS Collaborating as a journal reviewer RTAS 2014
2012 6th LADC Collaborating as a paper reviewer LADC 2013