profile_picture
Ruben A. Gonzalez
Ph.D. Candidate, Radboud University
mail@ruben-gonzalez.de [GPG key]
Security Researcher, Neodyme AG
ruben@neodyme.io [GPG key]

Interests

  • Post-Quantum Cryptography
  • Post-Quantum Protocols
  • Efficient Crypto Implementation
  • Vulnerability Research & Hacking

Publications

Academic Publications
High-assurance zeroization, 2023, TCHES
R Gonzalez , S Arranz Olmos , G Barthe , B Grégoire , V Laporte , J Léchenet , T Oliveira , P Schwabe
KEMTLS vs. Post-quantum TLS: Performance on Embedded Systems, 2022, SPACE 2022
R Gonzalez , T Wiggers
Verifying Post-Quantum Signatures in 8 kB of RAM, 2021, PQCrypto 2021
R Gonzalez , A Hülsing , M Kannwischer , J Krämer , T Lange , M Stöttinger , E Waitz , T Wiggers , Bo-Yin Yan

Security Research

Advisories, Popular Science and Non-Academic Publications
Rambox TLS Plaintext Recovery - CVE-2023-43972, 2023, MITRE
Ruben Gonzalez
Croc Full Plaintext Recovery - CVE-2021-31603, 2021, MITRE/RedRocket Blog
Ruben Gonzalez , Aaron Kaiser
Kyber - How does it work? The Inner Workings of the Post-Quantum KEM, 2021, Cryptopedia Blog
Ruben Gonzalez
Reversing and Hacking Age of Empires 2: Definitive Edition, 2021, Microsoft/RedRocket Blog
Ruben Gonzalez , F. Stotz
TinyDTLS Full Key Recovery - CVE-2021-34430, 2021, NIST/Eclipse
Ruben Gonzalez
BigBlueButton Local File Inclusion/Privilege Escalation - CVE-2020-12112, 2020, BigBlueButton/RedRocket Blog
L. Schauer , Ruben Gonzalez

Academic Work

Courses, Seminars and other Academic Work
  • Cry.College: Online Lecture on Modern Cryptography , H-BRS, Start 2021.
  • WebSecSeminar: Research Seminar on Web Security , H-BRS, Start 2021.
  • HookFTW: A Windows Hooking Library , Master Project Supervision, H-BRS, 2021.
  • Syntax Aware Fuzzing For Indentifying Parser Differentials , Bachelor Thesis Supervision, H-BRS, 2020.
  • Reviewer , Paper on Improving Schindler Style Error Correction, CARDIS, 2019
  • Offensive Security: Online Lecture on Hacking Techniques , H-BRS, Start 2019.
  • Tutor for Lecture Operating Systems , HTWG Konstanz 2016.

Talks

Presentations Held (Selection)
  • Hacking Cryptography , DEFCON, Las Vegas
  • Better Information Security Management in Hospital , DMEA
  • Hacking Cryptography , Hack in The Box, Amsterdam
  • Attacking Companies: How does it work? , SecIT, Hannover
  • Post-Quantum Migration , BDEW Bundesverband der Energie- und Wasserwirtschaft/German Association of Energy and Water Supply
  • Security Threat’s for Judges and Prosecutors , Deutscher Juristentag/German Attorneys Association
  • Web Application Security , Malta Information Technology Agency
  • Kyber and Post-Quantum Crypto - How does it work? , Chaos Communication Congress, rc3 2021
  • Foundations of Modern Cryptography , Fraunhofer Academy Training.
  • Laymen’s Guide to Information Security , Fraunhofer Academy Training.
  • Information Security for Endusers , German Farmers Day 2021
  • Curveball - Mircosoft’s Crypto Screwup , Cooleleute.live, 2020.
  • Real World Crypto in The Actual Real World , DS Lunch Colloquium, Radboud University, 2021.
  • How to Learn (and Teach) Hacking , OWASP AppSec, 2019.
  • News On Error Correction Methods for SPA on Blinded Modular Exponentiation , JIL Hardware-Related Attacks Subgroup, Brussels, 2018
  • AI, Heuristics and NP in Laymen’s Terms , Datenburg, 2018.
  • Hosting CTFs with Berlyne , FrOSCon, 2017.

Projects

Involved Projects
Chairman - RedRocket Hacking Club
Co-Organizer - CyberSecurityRumble Germany Hacking Competition
Full Member - Nachwuchsförderung IT-Sicherheit e.V.
Hackfest - Problem Based Learning Platform for Interactive Course Work
Edu25519 - Curve25519 Implementation Optimized For Readability
Cry.College-Lib - Python Library implementing many crypto primitives.
eccfun - Python Library For Interactively Exploring Elliptic Curves
IKEFOO - Test suite for IKE/IPSec implementations

Press

Selection Of Interviews And Press Coverage

CTF Tasks

Hacking Challenges Authored
BfLol, 2020, CyberSecurityRumble
Binary Exploitation, Brainfuck Interpreter PWNing, 300/500
Blow, 2020, CyberSecurityRumble
Crypto, Inavlid Curve Attack On Faulty JWT Usage, 500/500
CyberWall, 2020, CyberSecurityRumble
Web, Code Injection, 100/500
DLog, 2020, CyberSecurityRumble
Crypto, Invalid Point Submission Attack, 200/500
DTls, 2020, CyberSecurityRumble
Crypto, Exploit Faulty DTLS Implementation, 400/500
EzDSA, 2020, CyberSecurityRumble
Crypto, EcDSA Nonce Reuse Attack, 200/500
Secure Secret Sharing, 2020, CyberSecurityRumble
Web, NoSQL Injection Attack, 300/500
CityRSA, 2018, P.W.N. University CTF
Crypto, Exploit Faulty RSA-CRT Implementation, 300/500
Converter, 2018, P.W.N. University CTF
Crypto, Exploit CBC Padding Oracle, 200/500
H!pster Startup, 2018, P.W.N. University CTF
Web, ArangoDB Injection Attack, 300/500
Whistle, 2018, P.W.N. University CTF
Crypto, Exploit Invalid Padding via Coppersmith Attack, 300/500