Thomas Barabosch is a cybersecurity-focused engineer based in Madrid with over a decade of hands-on experience and 15+ years in the security domain. He specializes in binary and firmware analysis, contributing notable back-end and security work to projects like FACT_core and the cwe_checker tool that detect CWEs in ELF executables and integrate with IDA Pro. Comfortable from low-level machine code to tooling integration, he builds robust analysis plugins, JSON pipelines, and automated acceptance tests to surface hard-to-find vulnerabilities. His work demonstrates a pragmatic blend of research and productionization—refactoring legacy code, adding targeted partial analyses, and fixing Docker and parsing edge cases to make tools reliable in CI. Educated at the University of Bonn, he brings a systems-minded approach and a passion for things that compile down to machine code.
cwe_checker finds vulnerable patterns in binary executables
Role in this project:
Security Engineer
Contributions:1 release, 56 commits, 33 PRs in 11 months
Contributions summary:Thomas primarily contributed to enhancing the `cwe_checker` tool, which analyzes binary executables for security vulnerabilities. Their work involved refactoring the codebase, creating a module for JSON-related functions, implementing a partial analysis feature to run specific CWE checks, and adding acceptance tests for various CWEs, including CWE215, CWE243, and CWE476. Additionally, the user expanded the tool's capabilities by introducing support for new CWE checks, such as CWE560, and improving the cwe_checker_to_ida tool for integration with IDA Pro.
Contributions:38 commits, 16 PRs, 14 pushes in 1 year 10 months
Contributions summary:Thomas primarily contributed to the `cwe_checker` plugin within the repository. Their work involved implementing and refining the plugin, which analyzes ELF executables for Common Weakness Enumeration (CWE) vulnerabilities, demonstrating a focus on security. The commits show the user updating the plugin to parse the output in JSON format, addressing Docker-related issues, and fixing parsing errors. The user also contributed to the `input_vectors` plugin demonstrating experience in code analysis and vulnerability assessment.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.