Andrei Costin

 

Address:
P.O. Box 56701, 3309

Limassol, 3309, Cyprus

E-Mail:

costinandrei@gmail.com 

Phone:
+357-99-863038

Citizenships:

Romanian/EU

 

 

MOST RECENT STUDIES

University 'Politehnica' Bucharest (2000 – 2006)

Computer Science (5 year Dipl.-Ing./Diplom-Ingenieur Degree) in following areas:

-          System programming (OS design and drivers, Security, Compilers design)

-          Networking (Concepts, designs, topologies, programming)

-          Databases

-          Computer graphics

 

Graduation project – Face and facial features detection in color images and video

-          Project grade – 100%

-          Overall average 5 year classes grade – 95%

-          Face detection, face tracking, facial features detection:

1.       Demo1

2.       Demo2

3.       Demo3

4.       Demo4

`

 

WORK EXPERIENCE

Industries involved

IT Security, Software & Hardware, Telecommunications, Billing

Professional Level

6+ years

 

  1. Independent security researcher (Limassol, Cyprus)

Company:         self-employed

Period:              2011-Aug – present

Job description summary:

-          Independent security research

1.       Hardware hacking

2.       Reverse engineering

3.       Penetration testing

4.       Security tasks automation

5.       Security consultancy

-          Regular speaker at security conferences

 

  1. Senior Programmer (Limassol, Cyprus)

Company:         U-TX (Nr. of employees < 50)

Period:              2010-Mar – 2011-Aug

Job description summary:

-          GSM/UMTS, GPS, Embedded and GUI Programming for custom design systems

1.       Research and development for technologies and techniques in GSM/UMTS, GPS, embedded

2.       Functional specifications design & reviews

3.       Detailed design documentation & reviews

4.       Development/implementation and testing support

-          Extracurricular, security-oriented activities:

1.       Security reviews and auditing

2.       Pen-testing

 

  1. Senior Programmer (Limassol, Cyprus)

Company:         Amdocs (Nr. of employees > 17500)

Period:              2006-Sep – 2010-Mar

Job description summary:

-          Telecom Billing, Revenue Management, APRM (Amdocs Partners Settlement/ Relationship Manager) Localization/Customization Team

-          APRM Responsibilities (including end-to-end projects & SDLC activities):

1.       Support for RFI/RFP requests from clients, as well as for POC software demonstrations

2.       Analysis of client’s business processes, translation of business processes and business requirements into qualitative implementation solution

3.       Scoping documentation and requirements gathering with the clients onsite and offsite

4.       Estimating effort and timelines for implementing scoped requirements

5.       Functional Specifications design & reviews

6.       Detailed design documentation & reviews

7.       Development/implementation and testing support

8.       Pre-production support in all phases of the project lifecycle

9.       Documentation preparation and review  for entire SDLC

10.   Production rollout, production servers/software support at client onsite

11.   Support communication with the client

12.   Post-production deliverables and defects management

13.   Change request management (identifying changes in scope and/or current solution and manage customer expectations of scope and subsequent implementation)

14.   Extensive software/data upgrade and migration experience (at least 3 major clients)

-          Extracurricular, security-oriented activities:

1.       Security compliance &  reviews for various APRM implementations, security responses to RFI/RFP requests

2.       Security reviews

3.       Analysis papers

4.       Security auditing

5.       Pen-testing

6.       Amdocs (Cyprus) Application Security presentations & talks

 

  1. Programmer (Bucharest, Romania)

Company:         UBISOFT - Guillemot (Nr. of employees > 3000)

Period:              2005-Mar – 2006-Aug

Job description summary:

-          research & development of new technologies & techniques for current/future projects

-          specification development & application design

-          modules implementation & documentation

-          driver & support software for vendor's hardware gadgets (webcams, WiFi sticks, gamepads & wheels)

-          PS2 & PSP game/application development

-          example project: Real-time video face detection and tracking system in “Webcam Station Evolution” software packages for “Hercules Dualpix” webcams

 

 

PROGRAMMING/ IT SKILLS

-          IT Security related

o   Concepts, research, standards

o   Application security

o   Network security

o   IT & Information security

o   First open-source tool for complete Mifare Classic keys recovery

o   “Hacking MFPs/printers” series of research and talks

-          Printers/MFP technologies

o   Protocols: RAW-9100, IPP

o   Languages: PJL, PCL, PDL, PS

o   In-depth security assessment of printing architectures, designs, protocols

-          CCTV

o   SOHO and DYI systems installation, configuration & administration

o   Architectural knowledge of CCTV hardware, software & overall system

-          Crypto security – research, knowledge and interest

-          Interest and knowledge of reverse engineering

-          Image processing, face detection, face recognition (basic algorithms, OpenCV)

-          Computer Vision related

o   Face detection, face tracking, facial features detection:

Demo1 Demo2 Demo3 Demo4

o   Open C V – knowledge and experience under Windows, Linux, Cygwin, iPhone

o   Image processing, pattern recognition and computer vision related algorithms

o   Gpu C V and nVidia CUDA – interest in massive parallel processing of images and matrices for computer vision tasks

-          Scripting

o   Unix shells

o   Windows batch and WSH

-          Database technologies:

o   SQL standard

o   Oracle SQL, SQL*Plus and PL/SQL

o   MySQL

o   DBA, application performance tuning

-          Networking:

o   Concepts, technologies

o   Configuration, protocols, services

-          Visual C++/MFC (development, testing)

-         Web programming experience:

o   PHP – DB processing, web-services-like processing, forms processing, back-end logic, proof of concept web exploit scripts

-          JavaScript,  XML technologies, Web services (AXIS), AJAX

-          C/C++ (development, testing)

-          Java + experience in JMF, J2EE, JSP, XML-RPC (development, testing). Some examples:

o   Java-based MPEG4/XVID encoder/decoder and network broadcaster in JMF for the “Webcam Station Evolution

o   ActiveX-based MPEG4/XVID encoder/decoder and network broadcaster in JMF for the “Webcam Station Evolution

-          Technologies of interest and various levels of knowledge for:

o   Software Defined Radios (SDR)

o   GNUradio and USRP

o   RFID systems (security, applications, standards)

o   GSM systems (architecture, ETSI/ITU standards, security)

o   GPS/Galileo systems

-          Assembly language and reverse engineering experience

-         OS knowledge: power user Windows NT/2K/XP, *NIX (SunOS, HP-UX, AIX)

-         Tools knowledge:

o   Paros, WebScarab, WatchFire – application security tool(s)

o   Mercury/HP Quality Center – testing management tool(s)

o   Documentum – documents management tool(s)

-         Experience with Software and IT processes, methodologies

 

 

PUBLISHED PAPERS, CONFERENCES

-          Security conference 28C3Hacking MFPs Part2 – PostScriptum, you’ve been hacked” (Berlin, 2011)

-          Security conference 28C3 “Harvesting boarding passes” (Berlin, 2011)

-          (invited talk) Security conference HashDays 2011“Hacking MFPs: 10 years down the road” (Luzerne, 2011)

-          Security conference phNeutral 2011“Hacking MFPs: 10 years down the road” (Berlin, 2011)

-          (invited talk) Security conference HackCon 2011“Hacking printers for fun and profit” (Oslo, 2011)

-          Security conference T2 InfoSec 2010  presentation “Hacking printers for fun and profit – Now, do you trust your printers anymore?” (Helsinki, 2010)

-          Security conference Hack.lu 2010  presentation “Hacking printers for fun and profit” (Luxembourg, 2010)

-          Security conference SEC-T 2010  presentation “Exploiting printers: Let me make your printer the hacker’s superstar” (Stockholm, 2010)

-          Security conference SyScan Taipei 2010  presentation “Hacking printers for fun and profit” (Taipei, 2010)

-          Security conference EuSecWest 2010  presentation “Hacking printers for fun and profit” (Amsterdam, 2010)

 

 

AWARDS,

CONTESTS,

CERTIFICATIONS

-          Google Security Hall of Fame (Reward Winner) (December 2011)

-          Amdocs Worldwide 1st prize winner of “Application Security – Hackers are watching you” contest ran by Hacktics for Amdocs (2007)

-          Amdocs Best SME 2007 & Excelence Award (Amdocs Cyprus)

-          Cisco’s CCNA Certification (97.5% percentage, Bucharest, 2004)

-          High-school – “First in class” graduation award (Chisinau, 2000)

-          High-school – Runner-up prize at National Olympiad of Informatics (Chisinau, 2000)

-          Oracle Course&Lab Completion Certification (Polytechnics Bucharest, 2003)

 

 

 

Known languages (speaking / reading / writing)

-          English – fluent / excellent / excellent

-          Romanian – native / native / native

-          Russian – native / native / native

-          Greek – very basic / very basic / very basic

 

Personal skills

-          Dynamic and sociable person

-          Strong analytical, logical and out-of-box-thinking skills

-          Excellent presentation and communication skills

-          Open to/able to quickly learn new technologies & areas

-          Client oriented

-          Strong team as well as individual player

-          Committed to motivational work

-          Strong technical documentation & explanation skills

-          Willingness and adaptation to travel-oriented jobs

-          Interest for various foreign languages & cultures (Hebrew, Hindi, Japanese)