Gerardo Peña is a security-focused software engineer with 13 years of experience in research and development across computer and network security, from Ethernet and wireless to mainframe and phone systems. He blends deep systems knowledge—Unix/Linux bastioning, Windows hardening, SDLC and Common Criteria—with hands-on exploit and penetration testing expertise. Gerardo has a strong developer background in server-side technologies (Samba, Apache, PHP, Perl, .NET/Mono, MySQL/Postgres) and has meaningfully contributed to high-profile open-source projects like Mono and radare2, improving core UTF-8 handling and AVR reverse-engineering support. Based in Barcelona, he pairs low-level reverse-engineering skills with practical deployment and administration experience, making him adept at turning security research into robust, production-ready fixes. An understated strength is his focus on encoding and analysis subtleties—areas that often hide the root cause of critical vulnerabilities.
Mono open source ECMA CLI, C# and .NET implementation.
Role in this project:
Back-end Developer
Contributions:27 commits in 3 months
Contributions summary:Gerardo primarily refactored and optimized core coder and decoder functions within the Mono runtime, specifically focusing on UTF-8 encoding and decoding. They also implemented new methods and addressed bugs related to character handling and fallback mechanisms, demonstrating a deep understanding of character encoding principles. These changes significantly improved error handling and addressed limitations in existing UTF-8 processing functions. Additionally, they contributed by fixing several bugs and limitations, and improving error handling.
UNIX-like reverse engineering framework and command-line toolset
Role in this project:
Back-end Developer
Contributions:32 commits, 37 PRs, 2 pushes in 3 months
Contributions summary:Gerardo primarily contributed to the AVR (Atmel AVR) analysis plugin, focusing on reverse engineering tasks within the radare2 framework. Their work involved adding new opcodes, implementing new instructions like FMUL, FMULS, and ICALL, and improving the analysis of AVR assembly code. Furthermore, they refactored and fixed several bugs in existing AVR analysis code. The commits include changes to ESIL (esil), which suggests involvement in radare2's ESIL scripting engine.
unixbinary-analysissecurityradare2forensics
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.