Wexford, PA Public copy; phone number redacted https://seanpesce.github.io Sean Pesce [email protected]

Employment Security Researcher Software Engineering Institute, 2018 – Present Carnegie Mellon University Platform Insight Team • (Android APKs, device firmware, native binaries, proprietary network protocols, web services, etc.) • Vulnerability research and proof-of-concept (PoC) exploit development • Network traffic analysis • Technical reporting in the form of monthly slides for DoD customers

Digital Services Clerk Westhampton Free 2011 – 2018 • In-house software assistance and computer maintenance • Customer service and instruction at a public helpdesk • Database entry, upkeep, and maintenance

Education Stony Brook University 2013 – 2018 • B.S. in Computer Science

Professional Certifications Offensive Security Certified Professional (OSCP) 2021 • Certification ID: OS-101-34893

Other Technical Experience Personal Projects • OnlineSuite Analysis (2021). Performed analysis of the Square Enix OnlineSuite web API (used by a number of games). Discovered a customer information disclosure, misconfigured authentication, and logic vulnerabil- ities with the potential to modify or delete arbitrary player profiles and obtain infinite premium currency. All findings were responsibly disclosed via private correspondence. • MolWear (2018). Lead developer on an Android app for archaeological research purposes. Worked closely with a PhD candidate and research assistant to determine GUI layout and data requirements for recording and analysing molar wear on deceased individuals. Awarded “Best Poster” at the 2018 AAPA national conference. Java, XML, Android SDK • Dark Souls Overhaul Project (2017 – 2020). Co-lead developer on an unofficial game patch for Dark Souls™: Prepare to Die Edition. Tasks included reverse-engineering of undocumented file types, data structures, and engine bytecode to develop bug-fixes and enhancements. ++, assembly, Windows API, STL, WireShark, IDA, other binary analysis utilities • Audium (2017). (Undergraduate senior project) Worked in a team to develop a music streaming service similar to Spotify. Personal responsibilities included database design, optimization, and population, as well as front- end and back-end web development. Java, MySQL, JavaScript, TypeScript, HTML, CSS, Angular • DirectX 9 Overlay (2017). Developed a generic DirectX 9 overlay framework to ease creation of third-party extensions and enhancements for DirectX 9 applications. Features an in-game CLI and plugin support. C++, DirectX SDK, Windows API, STL, MS Detours, SeqAn

Languages and Technologies • Java, Python, Bash, LaTeX, MySQL, C, C++, x86 assembly, HTML, CSS, JavaScript, TypeScript • , IDA Pro, JEB , 010 Editor, Frida (binary instrumentation), static & dynamic analysis