AboutCVEsCertificationsAchievementsProjectsExperienceEducation
Dimitrie-Toma Furdui
Low-Level Software Engineer
Specialized in low-level engineering with a focus on driver development, OS internals, and embedded systems. Expert in binary exploitation and reverse engineering, supported by a strong technical foundation in full-stack web and mobile application development.
// CVEs
CVE-2022-48481
CVSS 7.8
HIGH
Dylib injection in macOS JetBrains Toolbox application
JetBrains Toolbox before version 1.28 is vulnerable to dylib injection, allowing attackers to abuse TCC permissions (Transparency, Consent and Control) granted to the application.
// Certifications
Hack The Box Certified Penetration Testing Specialist (CPTS)
Hack The Box
2026
  • Web Application Exploitation
  • Active Directory Security
  • Privilege Escalation
  • Pivoting & Tunneling
  • Network Penetration Testing
Hack The Box Certified Defensive Security Analyst (CDSA)
Hack The Box
2025
  • Digital Forensics
  • IDS/IPS Usage
  • Incident Handling
  • Malware Analysis
  • SOC Operations
  • Elastic Stack
  • Splunk
OffSec Exploit Developer (OSED)
OffSec
2024
  • Reverse Engineering
  • Stack-Based Buffer Overflows
  • Return-Oriented Programming (ROP)
  • Format String Specifier Attacks
  • ASLR/DEP Bypasses
  • WinDbg
  • IDA Pro
  • x86 Assembly
OffSec macOS Researcher (OSMR)
OffSec
2023
  • Mach Injection
  • Dylib Injection
  • XPC Exploitation
  • Sandbox Escape
  • Privilege Escalation
  • TCC Bypass
  • ARM64 Assembly
OffSec Experienced Penetration Tester (OSEP)
OffSec
2022
  • Active Directory Exploitation
  • Antivirus Evasion
  • Lateral Movement
  • Process Injection
  • SQL Server Exploitation
  • AppLocker/CLM Bypass
OffSec Certified Professional (OSCP)
OffSec
2022
  • Network Penetration Testing
  • Web Application Exploitation
  • Active Directory Exploitation
  • Privilege Escalation
// Achievements
Part of the National Romanian cybersecurity team for ECSC 2022 and 2025
ECSC is a major annual cybersecurity CTF competition organized by ENISA, where I was selected as a member of the national team to compete against other countries in Europe in advanced Attack/Defense and Jeopardy-style hacking challenges.
Part of > r0/dev/null CTF team
As a core member of> r0/dev/null, currently the #2 ranked CTF team in Romania, I contributed to major victories, including 1st place in World Wide CTF 2025, 3rd place in N0PSctf 2025 and 3rd place in D-CTF 2025.
Null CTF 2025
Core organizer and challenge author for Null CTF 2025 with my team > r0/dev/null, a major cybersecurity event featuring over 1000 registered teams.
Former captain of the CTF team of Technical University of Cluj-Napoca
Managed the university's competitive cybersecurity program, highlighting by securing 4th place in Hack The Box University CTF 2023.
TFC CTF 2021 and 2022
Core organizer and infrastructure lead for TFC CTF 2021 and 2022, authoring technical challenges and developing a custom competition platform featuring on-demand challenge instances, scaling the event to over 1000 teams.
// Projects
Some projects are undergoing a major refactoring and will be publicly available on GitHub soon
Palisade (Process Injection-based EDR)
Kestrel (Behavioral Heuristic-based EDR)
Ghost (Hack The Box Machine)
Sorcery (Hack The Box Machine)
MiniOS (Operating System)
MiniHV (Hypervisor)
Portfolio (This Website)
UBB Schedule (UBB University Timetable)
TFC CTF 2021/2022 (CTF Infrastructure)
PROCESS INJECTION-BASED EDR
Palisade
Palisade is a real-time security agent built on top of Apple Endpoint Security Framework (ES) that performs deep process introspection through dynamic dylib injection and API hooking. Beyond process-level monitoring, the tool implements a policy engine that evaluates and denies unwanted system events based on user rules, and shows live events in a structured activity table.
  • Dylib injection using entrypoint manipulation
  • API hooking by patching instruction memory
  • Detection engine based on API calling contexts
  • Rule-based policy engine capable of blocking any ES event
  • Granular event subscription feed
Apple Endpoint Security
Dylib Injection
API Hooking
Code (coming soon)
BEHAVIORAL HEURISTIC-BASED EDR
Kestrel
Kestrel is an Apple Endpoint Security Framework client, capable of proactively identifying and blocking malicious activity. It features a sophisticated behavioral detection engine based on modular heuristics, filtering and chaining complex system events in real time.
  • Heuristic-based behavioral detection engine
  • Interoperability with Sigma rules
  • Over 95% detection rate against the Atomic Red Team test suite
  • Capability of chaining multiple events and heuristics simultaneously
Apple Endpoint Security
Behavioral Detection Engine
Code (coming soon)
HACK THE BOX MACHINE
Ghost
Ghost is a retired Insane Windows Active Directory machine. It is currently rated 4.7/5 stars and has over 1000 system flag solves.
  • Source code review
  • Linux and Windows joined workstations
  • DNS Spoofing
  • Active Directory Federation Services
  • Bidirectional domain trust
Hack The Box
Insane Machine
Windows
Active Directory
Machine
HACK THE BOX MACHINE
Sorcery
Ghost is an active Insane Linux machine. It is currently rated 4.6/5 stars and has over 1000 system flag solves.
  • As per Hack The Box Rules, information about the attack path cannot be disclosed until its retirement.
Hack The Box
Insane Machine
Linux
Machine
OPERATING SYSTEM
MiniOS
x86 64-bit operating system featuring a terminal console and some external hardware support.
  • ATA PIO mode support
  • Heap allocator
  • Intel SMP support
  • Synchronization primitives
  • Scrollable console
Operating System
x86_64
ATA
SMP
Code (coming soon)
HYPERVISOR
MiniHV
Intel VT-X hypervisor capable of booting modern operating systems and support for non-instructive guest introspection.
  • Capable of booting Windows through PXE
  • Guest-host two way communication via VMCALL
  • Guest introspection (e.g. process enumeration, process launch callback)
Hypervisor
Intel VT-X
Introspection
Code (coming soon)
THIS WEBSITE
Portfolio
This is my personal website (that you are currently browsing). It was built to showcase my security research, bug bounties and software projects. It is open-source so anyone can see how it's put together, check my coding style, or fork it for personal use.
  • Built with the latest web technologies
  • Interactive, physics-driven hover states
Next.js
TypeScript
Canvas Animations
Code
UBB UNIVERSITY TIMETABLE
UBB Schedule
UBB Schedule is an iOS timetable app for the Babes-Bolyai University. Because the university website does not offer any API, the application parses the HTML tables and organizes them in the app.
  • iOS SwiftUI native application adhering to Apple Human Interface Guidelines
  • Live timetable HTML parsing
  • Ability to select year, group, semigroup
  • Ability to cherry-pick courses shown in the UI
  • Core Data for efficient caching
iOS
Swift
SwiftUI
Core Data
Code
CTF INFRASTRUCTURE
TFC CTF 2021/2022
I created the infrastructure from scratch for TFC CTF 2021 and 2022, providing a robust alternative to known services like CTFd. It successfully served over 1000 teams at each CTF edition. The source code is not public due to licensing restrictions.
  • Individual challenge containers for each player with Windows support
  • Built with the latest technologies at that time
  • Support for custom challenge types, such as multiple answers
Remix.js
Prisma
Docker
// Experience
2021 - Present
Kernel Developer (Windows), Security Researcher @ Bitdefender
  • Contributing on the development of the anti-exploit module, focusing on the integration between the kernel-mode driver and user-mode filter and creating new detections to intercept advanced attack vectors
  • Analyzing and authoring 0-day PoCs to validate detection efficacy and improve the EDR against emerging exploits
  • Refined antivirus detection capabilities using live threat telemetry, playing a key role in achieving the maximum score at AV-Comparatives ATP 2025
C/C++
x86/ARM Assembly
Windows Drivers
Malware Analysis
Reverse Engineering
Binary Exploitation
2025 - 2026
Teaching assistant @ Babes-Bolyai University of Cluj-Napoca
  • Instructed undergraduate students on x86 Assembly fundamentals and CPU internals, guiding students through low-level memory management, register manipulation and instruction set architecture
  • Designed and graded technical assignments focused on manual memory management, efficient register usage and implementing algorithms at instruction level
x86 Assembly
CPU Internals
Teaching
2020 - 2022
Penetration Tester, Software Developer @ Institute of Advanced Research in Artificial Intelligence (IARAI)
  • Served in dual capacity as a Security Researcher and Full-Stack Developer, engineering production-grade software and internal tooling
  • Conducted deep-dive white-box assessments, ensuring security considerations were integrated in the development lifecycle
White-box penetration testing
PHP
React
2020 - 2022
Penetration Tester, Software Developer @ Antimony (Startup)
  • Co-founded and led a startup, balancing mobile/web engineering with rigorous penetration testing
  • Engineered production-level application and website, and implemented robust defensive strategies based on findings from self-conducted vulnerability research
White-box penetration testing
Swift
Kotlin
Flutter
Next.js
// Education
Aug. 2023 - Oct. 2025
Master’s Degree in Cybersecurity
  • Windows Driver Development
  • OS Development
  • Hypervisor Development
  • Malware Analysis
  • Forensic Analysis and Incident Response
  • Penetration Testing
  • Network Security
C
Assembly
Oct. 2020 - July 2023
Bachelor’s Degree in Computer Science
  • Operating Systems
  • Cybersecurity
  • x86 Assembly
C
Assembly