Photo

Fernando Vañó García

Cybersecurity Researcher

Valencia, Spain

fernando (at) fervagar.com


My main research interests include cybersecurity, memory management in cloud computing, critical infrastructures and virtualization technologies, among others. I have participated in research projects as Co-Investigator. I am author of many articles of computer security in operating systems and cloud computing, and I also contributed on several occasions as a reviewer for top international scientific conferences and reputable scientific journals. I obtained a PhD degree in computer science, cybersecurity at the University of the West of Scotland, United Kingdom. I completed my MSc in cybersecurity at Universidad Carlos III de Madrid, Spain and my BSc Computer Engineering degree at Universitat Politècnica de València.

I love GNU/Linux and the philosophy that surrounds it. I actually believe that the real computer security and the open source code are the formula to achieve a conscious society and, definitely, make the world a better place.

Education

University of the West of Scotland, Paisley, Scotland
2017 - 2020

Ph.D in Cybersecurity

  • Thesis Title: Securing Guest Kernels and Enhancing Host Resource Utilization in Cloud Computing Systems
  • Supervisor: Hector Marco, Ph.D


Universitat Politècnica de València, Valencia, Spain
2016 - 2017

Research Associate

  • Research Topic: Attack-tolerant system based on n-variant redundancy arquitecture
  • Ismael Ripoll, Ph.D


Universidad Carlos III de Madrid, Madrid, Spain
2015 - 2016

Master in Cybersecurity


Universitat Politècnica de València, Valencia, Spain
2010 - 2015

Bachelor’s Degree in Computer Engineering

Projects

Configuration, extension and implantation of a Honeypot

In this work, an open source project of a honeypot (available for the community) has been chosen, with the purpose of setting up, configuring and expanding the functionality in order to avoid bypass and evasion attacks. Afterwards, it has been located under a controlled environment, exposed through a public IP address reachable from the Internet during a month, with the purpose of analysing a posteriori the performed attacks against the system. Advanced knowledge of operating systems (Linux kernel and Loadable Kernel Modules, syscall hooking), the SSH protocol, malware analysis and the configuration and general operation of a honeypot are put into practice.


ROP gadgets finder for ARM architecture

This project deals with the implementation of a program written in C language that, given a ELF executable file of the ARM architecture, locates in it all those code snippets (called Gadgets in ROP) which can be used to prepare a payload. The goal, therefore, is to provide a tool which shows all available gadgets for the production of payloads, as well as the automation of an specific payload which executes a Linux shell. Advanced knowledge of operating systems (calling convention), the assembly language of the ARM architecture, exploitation of programming errors (buffer overflow), and the ELF executable files structure are put into practice.