Whoami

Whoami

Hero image

👋 Hi!

I’m Victor Contreras (aka EvilMachine), a Telematics Engineer with knowledge in computer architecture (x86, x64), software development (C/C++, Java, C#, JavaScript, Python), cybersecurity (Product Security Testing, Penetration Testing, Vulnerability Analysis, Reverse Engineering, Exploit Development, Malware Analysis, Threat Analysis) and computer networks (CISCO Routing and Switching). More than eight years of experience across multiple cybersecurity domains.

Fields of Action, Known Technologies, and Others

Reverse Engineering

  • Experience performing reverse engineering for vulnerability research and malware analysis using tools such as IDA Pro, WinDbg, x64dbg, GDB, pwndbg, GEF, dnSpy, JD‑GUI, Eclipse, Frida.
  • Skilled in dynamic analysis, static analysis, debugging, behavior tracing, SMT (Satisfiability Modulo Theories), and Symbolic Execution.

Exploit Development

  • Experience in C/C++, x86, and x64.
  • Focused primarily on Windows userland vulnerabilities, including:
    • ASLR bypass
    • DEP bypass
    • Buffer overflows
    • Memory leaks
    • Format‑string issues
    • Memory‑corruption vulnerabilities (OOB R/W, UAF, etc.)
  • Currently expanding into Windows kernel exploitation.
  • Reproduced CVE‑2018‑5701 (LPE) and researching additional vulnerable drivers and LOLDrivers as part of ongoing specialization.

Web & API Security

  • Experience conducting security reviews of web applications and API services.
  • Covers both client‑side and server‑side components, including:
    • Architectural design
    • Authentication flows
    • Authorization logic
    • Input validation
    • Session management
    • Insecure configurations
    • Vulnerabilities across modern frameworks and architectures

Programming Languages

  • C/C++, Java, C#, Python, ASM (x86/x64), JavaScript.
  • Applied for:
    • Source‑code review
    • Vulnerability identification
    • Reverse engineering
    • Recreation of critical functionalities and custom protocols
    • Encryption/decryption
    • Automation

Technologies

Extensive use of technologies for cybersecurity purposes, including but not limited to:

  • Web Servers: Apache, IIS
  • DNS, DHCP
  • Web Frameworks, NodeJS, Docker
  • Fuzzers: AFL, IOCTLbf
  • Semgrep, Snort rules, YARA rules
  • Wireshark, Process Monitor, RegShot, INetSim, Process Explorer, Burp Suite

Competitive Programming and CTFs

  • Participated in multiple regional and national programming contests.
  • Former member of the CTF team “Mayas”, competing regularly.
  • Achievements:
    • 1st Place – CSAW Finals 2018
    • 3rd Place – HackDef Finals 2018 (earned as a solo competitor against teams of four)

Certifications

  • Certified AI/ML Pentester (C‑AI/MLPen) – Merith — Oct. 2025
  • OffSec Web Expert (OSWE)Mar. 2025
  • OffSec Web Assessor (OSWA)Oct. 2023
  • OffSec Exploit Developer (OSED)Jul. 2023
  • OffSec Certified Professional (OSCP)Aug. 2022

Languages

  • Spanish: Native
  • English: B2