Alvaro Muñoz

Security Researcher at XBOW

Madrid, Community of Madrid, Spain
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Alvaro Muñoz is a seasoned security researcher with 13+ years of experience uncovering critical vulnerabilities and hardening enterprise software, having held principal research roles at GitHub, Micro Focus and HPE and now based in Madrid. He combines deep application and web security expertise with hands-on exploit development and tooling—publicly demonstrating research at BlackHat, DEF CON, RSA and major OWASP events and responsibly disclosing RCEs in platforms like Microsoft, Oracle, Apache Struts and Spring. His work spans both research and engineering: contributing to high-profile open source projects such as CodeQL, Neovim and radare2, and enhancing offensive tooling like ysoserial.net and QIRA integrations. Trained as an MS engineer in Electronics and Telecommunication from Universidad Politécnica de Madrid, he pairs rigorous academic grounding with practical security impact across commercial and open ecosystems. An uncommon blend of offensive insight and developer-focused contributions means he not only finds bugs but also ships fixes and tooling that improve developer workflows and security scanning.
code13 years of coding experience
job18 years of employment as a software developer
bookEngineering degree MS in Electronics and Telecommunication Telematic, Engineering degree MS in Electronics and Telecommunication Telematic at Universidad Politécnica de Madrid
github-logo-circle

Github Skills (56)

ls10
javascript10
tree-sitter10
python10
plugin-development10
it-security10
css10
net10
dotnet10
ui-design10
plugin10
codeql10
security10
webui10
neovim10

Programming languages (28)

C#CSchemeGoHTMLGroovyJupyter NotebookTypeScript

Github contributions (5)

github-logo-circle
pwntester/ysoserial.net

Sep 2017 - Jun 2022

Deserialization payload generator for a variety of .NET formatters
Role in this project:
userBack-end Developer
Contributions:30 releases, 16 reviews, 170 commits in 4 years 10 months
Contributions summary:Alvaro's primary contributions focused on enhancing the `ysoserial.net` repository, which is designed to generate deserialization payloads for .NET formatters. They added new features, specifically the ability to generate payloads for "WindowsIdentity" and "Xaml" formatters, integrating with existing gadget chains. The user also refactored existing code, including the introduction of an `IsSupported` method, and removed non-working gadget/formatter combinations for improved usability and accuracy.
dotnetdeserializationpayloadcsharppayload-generator
hteso/iaito

Apr 2017 - Apr 2017

This project has been moved to:
Role in this project:
userFront-end Developer
Contributions:16 commits, 8 PRs, 11 pushes in 25 days
Contributions summary:Alvaro primarily worked on the front-end of the application, focusing on the graph view. They refactored the graph view, adding support for a dark theme and extracting common CSS code. The user also made minor fixes and added a minimap feature to the graph view, enhancing its usability.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Alvaro Muñoz - Security Researcher at XBOW