Skip to main content

·
Anthony Alonso
Author
Anthony Alonso
A lazy (but curious) computer engineer

About Me
#

From the Racetrack to the Keyboard
#

I spent about a decade racing motorcycles, starting at 5 years old, until I eventually focused more on my studies. Physics initially caught my attention, but after the mandatory Catalan exam portion of the PAU (equivalent to the SATs in the US) completely tanked my average, I couldn’t enter physics… After exploring mechanical/electrical engineering for 1 year and energy engineering for another, I stumbled upon computer engineering. This field wasn’t my first choice, but I always had some interest in it and ended up enjoying it a lot.

My coding journey began with front-end web development, which I chose to learn while earning my Bachelor’s degree in computer engineering. But I soon realized two things:

  1. My “design skills” belong in a museum of modern horrors.
  2. JavaScript and I don’t mix.

Then, I discovered Cybersecurity through TryHackMe (THM), and it clicked. Malware development and anything related to penetration testing and red teaming became my obsessions, and I haven’t stopped learning since. I was pretty focused on learning stuff through the HackTheBox (HTB) platform, especially while I was preparing to take the exam for my OSCP certification and finishing my Bachelor’s thesis. My Bachelor’s thesis is titled: Ethical Hacking Framework for File System Hot-Swapping, and it’s a project in which I developed a framework for testing an interesting concept referred to as “USB file system hot-swapping”.

Shortly after earning my Bachelor’s degree and OSCP certification, I jumped into a Master’s degree in Cybersecurity and am currently working on my thesis, which investigates antivirus evasion techniques. I also joined the Maldev Academy, which has been an incredibly useful resource for learning about this field and doing my Master’s thesis.

Where I Am Now
#

After a 4-year internship as an IT engineer at Uniphore, I pivoted to Cybersecurity at Applus+ Laboratories, where I perform security evaluations. My days consist of some pretty cool activities, such as:

  • Reviewing smartcard OS/applet source code and finding flaws
  • Running fault injection attacks, which basically consist of shooting lasers at the card’s chip while it’s in use
  • Testing Android/iOS digital wallet solutions, HCE SDKs, and Software Protection Tools (SPTs) for vulnerabilities

In short, I get paid to break things - legally, of course.