Marcos Bajo

PhD Student And Researcher At The System Security Group at CISPA Helmholtz Center for Information Security

Dortmund, North Rhine-Westphalia, Germany
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Marcos Bajo is a cybersecurity researcher and PhD student at CISPA with a decade of hands-on experience in software and systems security. He invents and implements cutting-edge offensive techniques—most notably CFOP, a novel binary exploitation method accepted to USENIX Security 2025—and builds advanced malware research platforms like the eBPF rootkit TripleCross, which has attracted significant community attention (1800+ GitHub stars) and conference exposure. His work straddles academia and practice: all projects are open source and reproducible, and he regularly presents at major security venues. Comfortable across low-level kernel work, network tooling and taint analysis, he brings both rigorous research methodology and production-grade engineering to offensive security problems. Based in Dortmund, he combines formal academic training with real-world exploit development and a penchant for making complex techniques accessible via code and blog posts.
code10 years of coding experience
job1 year of employment as a software developer
bookCharles III University of Madrid (Universidad Carlos III de Madrid)
languagesEnglish, Spanish, German
github-logo-circle

Github Skills (11)

c1710
it-security10
c1110
networking10
ebpf10
security10
tcp9
linux-kernel9
network-security9
kernel9
ip9

Programming languages (6)

TypeScriptJavaShellCPHPPython

Github contributions (5)

github-logo-circle
h3xduck/TripleCross

Oct 2021 - Jul 2022

A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Role in this project:
userBack-end Developer & Security Engineer
Contributions:1 release, 208 commits, 13 pushes in 8 months
Contributions summary:Marcos has been actively contributing to a Linux eBPF rootkit, focusing on implementing and testing features. Their work included implementing XDP filters, creating C&C clients, and integrating them within the rootkit. The user is also responsible for integrating a library injection mechanism into the rootkit.
kernelbackdoorinjectionsecurityebpf
h3xduck/RawTCP_Lib

Mar 2021 - May 2022

A C library for creating and using TCP/IP packets with raw network sockets
Contributions:2 releases, 38 commits, 4 PRs in 1 year 1 month
packetsc-librarysocketsnetwork-programmingtcp-ip
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Marcos Bajo - PhD Student And Researcher At The System Security Group at CISPA Helmholtz Center for Information Security