Ruben Boonen

Mobile Security Researcher at ▓▓▓▓▓

Spain
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Ruben Boonen is a mobile security researcher and hands-on offensive specialist with a decade of experience building post-exploitation tooling, reverse engineering complex systems, and discovering memory-level vulnerabilities. He has led R&D and capability development for high-profile teams at IBM and FireEye and founded Calypso Heavy Industries to deliver bespoke offensive research to industry partners. Ruben’s open-source contributions span tooling used by the security community—PowerSploit, Capstone and Keystone bindings, and numerous post-exploitation suites—reflecting deep systems programming and Windows internals expertise. He combines kernel- and user-land exploit development with practical detection-focused research, often instrumenting ETW and Yara for operational monitoring. Based in Spain with a background in English literature and ancient philosophy from UC Berkeley, he brings an unusual blend of rigorous technical craft and scholarly curiosity to tough engineering problems.
code10 years of coding experience
job10 years of employment as a software developer
bookEnglish Literature: John Milton, English Literature: John Milton at University of California, Berkeley
languagesEnglish, English, Dutch, French, German
github-logo-circle

Github Skills (52)

process-injection10
tokenize10
debug10
system-programming10
wp-api10
vulnerability10
net10
etw10
dotnet10
winapi10
manipulation10
x8610
security10
binding10
netframework10

Programming languages (9)

C#PowerShellTypeScriptC++CSSCValaRuby

Github contributions (5)

github-logo-circle
My musings with PowerShell
Role in this project:
userBack-end Developer & Security Engineer
Contributions:91 commits, 1 PR, 96 pushes in 6 years
Contributions summary:Ruben's contributions primarily revolve around the development of a PowerShell script, "Invoke-Runas.ps1," which functions similarly to the Windows "runas.exe" utility. They have added and refined functionality, including the use of Advapi32::CreateProcessWithLogonW to create processes with different credentials. Furthermore, the user has created a script "Conjure-LSASS.ps1" to duplicate the LSASS access token. In addition, the user has created scripts like "Invoke-MS16-032.ps1", "Detect-Debug.ps1", "Get-TokenPrivs.ps1", "Get-SystemModuleInformation.ps1", "Get-ProcessMiniDump.ps1", "UAC-TokenMagic.ps1", "Export-LNKPwn.ps1" and "Start-Eidolon.ps1" which demonstrates the creation of tools commonly used by security engineers for testing and exploitation.
powershell-modulespowershellpowershell-modulemusings
mandiant/SilkETW

Mar 2019 - Mar 2021

Role in this project:
userBack-end Developer & Security Engineer
Contributions:3 releases, 8 commits, 8 pushes in 2 years
Contributions summary:Ruben contributed significantly to SilkETW, a tool for collecting ETW events. They introduced version updates, refactored existing code, fixed typos, and improved the event logging mechanism. The user also integrated Yara rules for threat detection and added output options like writing to event logs, indicating a focus on security and system monitoring. Moreover, they modified the service to address issues with event source retargeting and data truncation.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Ruben Boonen - Mobile Security Researcher at ▓▓▓▓▓