Hector Marco, PhD
Lecturer and CyberSecurity researcher- Current : Lecturer and CyberSecurity researcher at UPV
- Contact : hmarcohmarco [PGP Pub Key]
- Keywords : Security, virtualization, Kernel Programming, Assembler, ARM, i386, x86_64, sparcv8, MIPS
Hector Marco is is anassociate professor and cybersecurity researcher at the Universitat Politecnica de Valencia, Spain. He holds a PhD in Computer Science, Cybersecurity, from Universitat Politecnica de Valencia. Hector is senior member of the Institute of Electrical and Electronics (IEEE), and member of the Engineering and Physical Sciences Research Council (EPSRC) in UK. Previously, he was associate professor at University of the West of Scotland, UK and cybersecurity researcher at the Universitat Politecnica de Valencia where he co-founded the cybersecurity research group. Hector was part of the team developing the multi-processor version of the XtratuM hypervisor to be used by the European Space Agency in its space crafts. He participated in multiple research projects as Principal Investigator and Co-Investigator. Hector is author of many papers of computer security and cloud computing. He has been invited multiple times to reputed cybersecurity conferences such as Black Hat and DeepSec. Hector has published more than 10 Common Vulnerabilities and Exposures (CVE) affecting important software such as the Linux kernel. He has received honors and awards from Google, Packet Storm Security and IBM for his security contributions to the design and implementation of the ASLR-NG, a securer Linux ASLR. Hector's professional interests include low level cybersecurity, secure and non-secure world kernel and userland security, virtualization security and applied cryptography.
2015 | PhD in Computer Science, CyberSecurity UPV |
2010 | Master's degree, Industrial Computing and Control Systems UPV |
2009 | Bachelor of Science in Computer Science UPV |
2020 - present | Associate Professor at UPV, Spain |
2016 - 2020 | Lecturer and CyberSecurity researcher at UWS, United Kingdom |
2019 | Researcher visitor at VMware, California |
2009 - 2016 | CyberSecurity Researcher at UPV, Spain |
2014 | Researcher visitor at Czech Technical University at CVUT, Prague |
2007 - 2009 | Researcher fellow at UPV, Spain |
Date | Rewarded by | Description |
Jul. 2016 | IBM Corp. | ASLR for Linux S390 |
Mar. 2016 | Google Inc. | ASLR improvement - Unlimiting the stack not longer disables ASLR |
Sep. 2015 | Google Inc. | ASLR improvement - Fix of the offset2lib weakness |
Aug. 2015 | Google Inc. | ASLR x86_64 improvement - Stack randomization |
Jul. 2015 | Google Inc. | AMD Bulldozer ASLR improvement - Per boot randomization |
Apr. 2014 | Packet Storm Security | Offset2lib: Bypassing Full ASLR On 64bit Linux |
Title | : | Fast and Secure Dynamic Memory Allocator for Multi-Thread Applications | Inventors | : | Hector Marco & Ismael Ripoll |
Date | : | January 2024 |
Status | : | Granted |
Title | : | Renew Stack Smashing Protector (RenewSSP) | Inventors | : | Hector Marco & Ismael Ripoll |
Date | : | August 2013 |
Status | : | Denied |
return-to-csu: A New Method to Bypass 64-bit Linux ASLR
[HTML]
Héctor Marco and Ismael Ripoll.
Black Hat Asia 2018, March 2018.
Abusing LUKS to Hack the System
[+info]
Héctor Marco and Ismael Ripoll.
In-depth security conference 2016 europe, (DEEPSEC 2016).
Exploiting Linux and PaX ASLR's Weaknesses on 32-bit and 64-bit Systems
[HTML]
Héctor Marco and Ismael Ripoll.
Black Hat Asia 2016, March-April 2016.
Bypassing Trusted Code: Hacking GRUB
[HTML]
Héctor Marco and Ismael Ripoll.
IX Jornadas STIC CCN-CERT, November 2015.
On the Effectiveness of Full-ASLR on 64-bit Linux
[+info]
Héctor Marco and Ismael Ripoll.
In-depth security conference 2014 europe, (DEEPSEC 2014).
On the effectiveness of NX, SSP, RenewSSP and ASLR against stack buffer overflows
[PDF]
Héctor Marco and Ismael Ripoll.
The 13th IEEE International Symposium on Network Computing and Applications (IEEE NCA14)
Preventing Memory Error Exploitation Through Emulation-based Processor Diversification
[Book]
Héctor Marco, Ismael Ripoll, Juan-Carlos Ruiz and David De Andrés.
Emerging Trends in ICT Security, 1st Edition (ICT 2013)
Preventing brute force attacks against stack canary protection on networking servers
[PDF]
Héctor Marco and Ismael Ripoll.
The 12th IEEE International Symposium on Network Computing and Applications (IEEE NCA13)
Preventing Memory Errors in Networked Vehicle Services Through Diversification
[PDF]
Héctor Marco, Juan-Carlos Ruiz, David De Andrés and Ismael Ripoll.
Proceedings of Workshop CARS (2nd Workshop on Critical Automotive applications: Robustness & Safety) of the 32nd
International Conference on Computer Safety, Reliability and Security. (Safecomp 2013)
Date | Attack Name | Description | Platform |
2018 | return-to-csu | Exploit and ropper patch soon. [Black Hat white paper] | 32/64-bit Linux |
2014 | Offset2lib | Bypass 64-bit ASLR in < 1 second | 32/64-bit Linux |
To be pub. | Jmp2non-ssp | Bypass the SSP | 32/64-bit Linux |
Date | Name | Description | Attack mitigated |
2016 | ASLR-NG | Address Space Layout Next Generation | Offset2lib attack |
2013 | RenewSSP | A modification of the Stack Smashing Protector | SSP brute force attacks |
Date | Vendor | Description | Platform | Download |
2015 | Glibc <= 2.22.90 | Bypass Pointer Mangle protection. | Linux | [PoC] |
2015 | Email Android 4.2 | Remote Denial of service in Android Email app. | Android | [exploit] |
2014 | Linux <= 3.18 | Offset2lib: Bypass 64-bit ASLR in < 1 second | Linux | [exploit] |
2014 | Sniffit <= 0.3.7 | Sniffit Stack buffer overflow - root shell | Linux | [exploit] |
2013 | Glibc <= 2.17 | Glibc PTR Mangle encryption useless - PoC | Linux | [PoC] |
Date | Vendor | Description | Vulnerability type |
2014 | Bash <= 4.3 | Root shell | Bash drop privileges failed |
2014 | Bash <= 4.3 | Crash | Bash improper input handling |
2014 | Irssi <= 8.16 | Root shell | Irssi drop privileges failed |
to be pub. | Konica printer | To be pub. | To be pub. |
Date | CVE # | Product | Description | Vulnerability type |
2015 | CVE-2019-9019 | To be disclosed | British Airways Entertainment System Chat App. Crash | To be disclosed |
2016 | CVE-2016-4484 | cryptsetup <= 2:1.7.3-2 | Initrd root Shell | Not failing securely |
2016 | CVE-2016-3672 | Linux <= 4.5 | Disable ASLR | ASLR Weakness |
2015 | CVE-2015-8370 | Grub2 <= 2.02 | Authentication Bypass | Integer Underflow |
2015 | CVE (pending) | Glibc <= 2.22.90 | Bypass Pointer guard | Dynamic loader weakness |
2015 | CVE (pending) | Linux ASLR <= 4.0 | AMD Linux ASLR weakness | Improper alignment |
2015 | CVE (pending) | Linux ASLR <= 3.18 | Reduced mmap entropy | Improper mask manipulation |
2015 | CVE-2015-1593 | Linux ASLR <= 3.19 | Reduced stack entropy | Integer overflow |
2015 | CVE-2015-1574 | Google Email 4.2.2 | Denial of Service | Incorrect headers handling |
2015 | CVE (pending) | Android | To be disclosed | To be disclosed |
2014 | CVE-2014-5439 | sniffit <= 0.3.7 | Root shell | Stack buffer overflow |
2014 | CVE-2013-6825 | DCMTK <= 3.6.1 | Root Privilege escalation | Drop privileges failed |
2014 | CVE-2014-1226 | s3dvt <= 0.2.2 | Root shell (II) | Drop privileges failed |
2013 | CVE-2013-6876 | s3dvt <= 0.2.2 | Root shell (I) | Drop privileges failed |
2013 | CVE-2013-4788 | Glibc <= 2.17 | Bypass pointer guard | No pointer protection |
2017 - 2020 | Slicenet - H2020-ICT-2016-2 NATS |
2017 - 2020 | 5G Video Lab NATS |
2014 - 2015 | Virtualisation Techniques applied to Computing Security ITI |
2012 - 2015 | High Integrity Partitioned Embedded Systems UPV |
2010 - 2012 | System Impact of Distributed Multicore systems (EADS) UPV |
2009 - 2011 | Securization of embedded systems UPV |
2008 - 2009 | TECOM: Trusted Embedded Computing UPV |
2008 - 2009 | Securization of distributed embedded systems UPV |
Title: | NEXX: an hypervisor for ARM |
Description: | A tiny (and incomplete) ARM hypervisor which enables you to run both bare and Linux partitions. I developed NEXX to learn operating systems internals and hardware programming. |
Title: | STP: A Secure Trusted Partition |
Description: | Research prototype to merge TPM (Trusted Platform Modules) concepts into a MILS (Multiple Interdependent Levels of Security/Safety) in a partitioned architecture implemented by means of hypervisor technology. |