SEOver Soufiane
Visit: selmelc.com for more information
I'm a software and cybersecurity enthusiast ! I write software for all types of applications and also provide vulnerability research to help companies secure their software. I have worked with the following companies and software developers to help secure their software : MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone. Among other which prefer to not be named.
When it comes to development I have a particular interest for low-level programming (C and Assembly based projects) either for userland or kernel space software. But I'm very flexible and can adapt technologies or languages.
I'm also a builder and enjoy creating innovating modern solutions through SaaS products mainly developed with FastAPI + SQLModel and React.
CTF player with a focus on reverse engineering and exploitation. Multi-finalist in national competition and active on most of the well known CTF platforms.
Published research (updated list on selmelc.com)
▪ CVE-2025-4373 : Integer overflow in glib leading to buffer under-write.
▪ CVE-2025-0755 : High impact buffer overflow in libbson affecting MongoDB Server.
▪ CVE-2024-6381 : Integer overflow to buffer overflow in MongoDB’s libbson.
▪ CVE-2024-6383 : Heap buffer overflow in MongoDB’s libbson.
▪ CVE-2023-0437 : Integer overflow leading to infinite loop of the MongoDB’s C driver.
▪ CVE-2023-38039: HTTP header allocation DoS in Curl.
▪ CVE-2023-32001: TOCTOU race condition in Curl.
▪ Monero Wallet RPC vulnerability : Discovered a credential leaking vulnerability in Monero’s official wallet software.
▪ Reported and patched multiple none publicly disclosed vulnerability for various clients
▪ Reported multiple vulnerabilities in the website of an educational Belgian company to the
Belgian CERT (CCB), for a preauthentification account takeover + IDOR leading to a
complete break of all the clients confidentiality + a bypass on the content’s paywalls.
Frans
Tweetalig / moedertaal
Engels
Tweetalig / moedertaal
Nederlands
Basiskennis
Grieks
Basiskennis
Uitsluitend remote
Werkt voornamelijk remote
Werkervaring
- SELMELC CybersecurityVulnerability researcher (Self-Employed)juni 2023 - Vandaag (3 jaren)Belgium• Vulnerability research focused on open-source software.• Non-confidential clients: MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone, ZDI.• Confidential clients sectors: banks, fintech, governments, EDR and cybersecurity solution providers, firmware for medical devices, fortune 500 companies.
- CensusApplication Security Engineer (Freelance)januari 2024 - Vandaag (2 jaren en 5 maanden)Greece• Application security.• Consulting for various types of clients and assets.• Research on state of the art cybersecurity solutions
- CensusIntern IT Security Engineernovember 2022 - mei 2023 (6 maanden)Greece• Worked for clients in all the various fields (mobile, software, web applications, pentests) of IT security.
Aanbevelingen
Wees de eerste die Soufiane aanbeveelt
Help deze freelancer om te schitteren door te vertellen hoe het is om met hem of haar te werken.
Deze freelancerprofielen matchen ook met zoekopdracht.
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Opleidingen
- RNCP +7 (Master) Network Information & Systems ArchitectureCampus 19 - 42 Network2025▪ System programming (kernel development) ▪ C / C++ / x86-64 ASM / Python ▪ Malware development (metaphoric virus with anti-debugging, in x86 ASM) ▪ Web and binary exploitation ▪ Generic low-level programming (HTTP server in C, multi-threaded graphical projects) ▪ Cloud deployments, and DevOps concepts (docker, kubernetes, CI/CD, argocd)