SEÀ propos de Soufiane
Visit: selmelc.com for more information
I'm a software and cybersecurity enthusiast ! I write software for all types of applications and also provide vulnerability research to help companies secure their software. I have worked with the following companies and software developers to help secure their software : MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone. Among other which prefer to not be named.
When it comes to development I have a particular interest for low-level programming (C and Assembly based projects) either for userland or kernel space software. But I'm very flexible and can adapt technologies or languages.
I'm also a builder and enjoy creating innovating modern solutions through SaaS products mainly developed with FastAPI + SQLModel and React.
CTF player with a focus on reverse engineering and exploitation. Multi-finalist in national competition and active on most of the well known CTF platforms.
Published research (updated list on selmelc.com)
▪ CVE-2025-4373 : Integer overflow in glib leading to buffer under-write.
▪ CVE-2025-0755 : High impact buffer overflow in libbson affecting MongoDB Server.
▪ CVE-2024-6381 : Integer overflow to buffer overflow in MongoDB’s libbson.
▪ CVE-2024-6383 : Heap buffer overflow in MongoDB’s libbson.
▪ CVE-2023-0437 : Integer overflow leading to infinite loop of the MongoDB’s C driver.
▪ CVE-2023-38039: HTTP header allocation DoS in Curl.
▪ CVE-2023-32001: TOCTOU race condition in Curl.
▪ Monero Wallet RPC vulnerability : Discovered a credential leaking vulnerability in Monero’s official wallet software.
▪ Reported and patched multiple none publicly disclosed vulnerability for various clients
▪ Reported multiple vulnerabilities in the website of an educational Belgian company to the
Belgian CERT (CCB), for a preauthentification account takeover + IDOR leading to a
complete break of all the clients confidentiality + a bypass on the content’s paywalls.
Français
Bilingue ou natif
Anglais
Bilingue ou natif
Néerlandais
Notions
Grec
Notions
En télétravail uniquement
Travaille majoritairement à distance
Expériences
- SELMELC CybersecurityVulnerability researcher (Self-Employed)juin 2023 - Aujourd'hui (3 ans)Belgium• Vulnerability research focused on open-source software.• Non-confidential clients: MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone, ZDI.• Confidential clients sectors: banks, fintech, governments, EDR and cybersecurity solution providers, firmware for medical devices, fortune 500 companies.
- CensusApplication Security Engineer (Freelance)janvier 2024 - Aujourd'hui (2 ans et 5 mois)Greece• Application security.• Consulting for various types of clients and assets.• Research on state of the art cybersecurity solutions
- CensusIntern IT Security Engineernovembre 2022 - mai 2023 (6 mois)Greece• Worked for clients in all the various fields (mobile, software, web applications, pentests) of IT security.
Recommandations
Soyez le premier à recommander Soufiane
Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.
Ces profils de freelance correspondent également à vos critères
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formations
- RNCP +7 (Master) Network Information & Systems ArchitectureCampus 19 - 42 Network2025▪ System programming (kernel development) ▪ C / C++ / x86-64 ASM / Python ▪ Malware development (metaphoric virus with anti-debugging, in x86 ASM) ▪ Web and binary exploitation ▪ Generic low-level programming (HTTP server in C, multi-threaded graphical projects) ▪ Cloud deployments, and DevOps concepts (docker, kubernetes, CI/CD, argocd)