Andrey Konovalov is a seasoned Linux kernel security engineer with 13 years of experience, currently based in Munich and leading security work through xairy.io and Xairy Labs. He brings deep hands-on expertise in kernel hardening and exploitation—contributing KASan improvements, symbolizer tooling, USB fuzzing enhancements in syzkaller, and multiple proof-of-concept kernel exploits that demonstrate practical vulnerability analysis. A former long-term Google engineer, he combines production-scale engineering discipline with a research-oriented approach to root cause analysis and debugging of low-level memory bugs. Notably, his contributions have improved kernel sanitizer usability and fuzzing coverage for USB subsystems, bridging offensive research and defensive tooling in open source.
13 years of coding experience
5 years of employment as a software developer
Moscow Institute of Physics and Technology (State University) (MIPT)
Contributions:12 commits, 3 PRs, 21 pushes in 6 years 2 months
Contributions summary:Andrey contributed multiple proof-of-concept exploits for the Linux kernel, demonstrating expertise in kernel exploitation techniques. The commits involve adding and refining exploits for various CVE vulnerabilities, including CVE-2017-6074, CVE-2017-1000112, CVE-2017-7308, and CVE-2017-18344. These exploits showcase the user's ability to bypass security mechanisms and achieve root privileges within the kernel.
syzkaller is an unsupervised coverage-guided kernel fuzzer
Role in this project:
Back-end Developer
Contributions:95 reviews, 699 commits, 541 PRs in 7 years 1 month
Contributions summary:Andrey primarily contributed to the syzkaller project's fuzzing capabilities, focusing on enhancing the USB subsystem. Their work involved implementing and testing new USB-related pseudo-syscalls like syz_usb_connect, syz_usb_io_control, syz_usb_ep_read and syz_usb_disconnect, which are crucial for emitting USB packets. They added support for the USB HID and CDC Ethernet classes, enhancing coverage, as well as improved the bisection process to detect multiple guilty programs.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.