I am Marcos Bajo h3xduck

Systems/Software security researcher

PhD Student at CISPA Helmholtz Center for Information Security

My Talks

Black Hat USA 2025
Black Hat USA 2025
RootedCON Madrid 2023 (ES)
RootedCON Madrid 2023 (ES)

My Work

Publications

Await() a Second: Evading Control Flow Integrity by Hijacking C++ Coroutines
Marcos Bajo, Christian Rossow
USENIX Security 2025

Honorable Mention (Top 6% paper)

Other Works

An analysis of offensive capabilities of eBPF and implementation of a rootkit
Bachelor thesis (2022)

Honours
TaintBlade: A framework for automated protocol reverse engineering and study of malware command and control protocols
Master thesis (2023)

Honours

Open Source Stuff I've made

TripleCross
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
CFOP
The Coroutine Frame-Oriented Programming exploitation technique.
Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
RawTCPLib
A C library for creating and using TCP/IP packets with raw network sockets.
TaintBlade
A protocol reverse engineering framework with a custom Intel PIN multi-color tainting engine.
Greta
Android application for writing and saving encrypted notes.