Ivan Fratric

Staff Information Security Engineer Security Researcher

Zurich, Zurich, Switzerland
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Ivan Fratric is a Staff Information Security Engineer and researcher with nine years at Google, currently contributing to Project Zero from Zurich where he hunts high-impact vulnerabilities across major platforms. He blends deep systems and low-level expertise—demonstrated by contributions to high-profile fuzzing tools like Jackalope, Domato, WinAFL and the TinyInst instrumentation library—with practical engineering that improves stability, coverage and crash handling. His work spans backend development, full-stack fuzzing grammar generation, and dynamic instrumentation, reflecting a rare mix of research rigor and production-grade engineering. Previously a Ph.D. researcher and teaching assistant at the University of Zagreb, he brings an academic foundation to pragmatic exploit discovery and defensive tooling. Notably, his commits often target subtle build, exception-handling and coverage-improvement areas that materially increase a fuzzer’s effectiveness in real-world testing.
code9 years of coding experience
job16 years of employment as a software developer
bookPh.D., Computer science, Ph.D., Computer science at University of Zagreb, Faculty of Electrical Engineering and Computing
github-logo-circle

Github Skills (34)

c-language10
python10
dynamic10
instrumentation10
binarydiff10
security10
grammar10
low-level-programming10
grammars10
code-generation10
dom10
dynamic-analysis10
afl-fuzz10
fuzzing10
cprogramming-language10

Programming languages (6)

C++CRustJavaScriptHTMLPython

Github contributions (5)

github-logo-circle
googleprojectzero/TinyInst

Apr 2020 - Dec 2022

A lightweight dynamic instrumentation library
Role in this project:
userBack-end Developer
Contributions:46 reviews, 136 commits, 28 PRs in 2 years 7 months
Contributions summary:Ivan appears to be focused on the development and enhancement of a dynamic instrumentation library. Their commits reflect work on build files, and various fixes, suggesting a deep involvement in the library's core functionality. This included addressing persistence issues related to DLL unloading and adding attach mode features. These contributions likely involved low-level programming and interaction with the target process.
instrumentationdynamic-instrumentationinspection
googleprojectzero/Jackalope

Dec 2020 - Dec 2022

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android
Role in this project:
userBack-end Developer & Fuzzing Engineer
Contributions:3 reviews, 79 commits, 8 PRs in 2 years
Contributions summary:Ivan primarily contributed to the `jackalope` fuzzer by fixing compile errors and warnings in the codebase. They added new exception types to the instrumentation, expanding the fuzzer's ability to detect and report various runtime issues. Furthermore, the user made several modifications to improve the fuzzer's sample processing, adding support for generators and custom minimizers, as well as improving the handling of sample sizes. These changes indicate a focus on improving the fuzzer's stability and efficiency.
coverage-guidedwindowssecurityfuzzingfuzzer
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Ivan Fratric - Staff Information Security Engineer Security Researcher