SEAbout Soufiane
Visit: selmelc.com for more information
I'm a software and cybersecurity enthusiast ! I write software for all types of applications and also provide vulnerability research to help companies secure their software. I have worked with the following companies and software developers to help secure their software : MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone. Among other which prefer to not be named.
When it comes to development I have a particular interest for low-level programming (C and Assembly based projects) either for userland or kernel space software. But I'm very flexible and can adapt technologies or languages.
I'm also a builder and enjoy creating innovating modern solutions through SaaS products mainly developed with FastAPI + SQLModel and React.
CTF player with a focus on reverse engineering and exploitation. Multi-finalist in national competition and active on most of the well known CTF platforms.
Published research (updated list on selmelc.com)
▪ CVE-2025-4373 : Integer overflow in glib leading to buffer under-write.
▪ CVE-2025-0755 : High impact buffer overflow in libbson affecting MongoDB Server.
▪ CVE-2024-6381 : Integer overflow to buffer overflow in MongoDB’s libbson.
▪ CVE-2024-6383 : Heap buffer overflow in MongoDB’s libbson.
▪ CVE-2023-0437 : Integer overflow leading to infinite loop of the MongoDB’s C driver.
▪ CVE-2023-38039: HTTP header allocation DoS in Curl.
▪ CVE-2023-32001: TOCTOU race condition in Curl.
▪ Monero Wallet RPC vulnerability : Discovered a credential leaking vulnerability in Monero’s official wallet software.
▪ Reported and patched multiple none publicly disclosed vulnerability for various clients
▪ Reported multiple vulnerabilities in the website of an educational Belgian company to the
Belgian CERT (CCB), for a preauthentification account takeover + IDOR leading to a
complete break of all the clients confidentiality + a bypass on the content’s paywalls.
French
Native or bilingual
English
Native or bilingual
Dutch
Basic
Greek
Basic
Remote only
Primarily works remotely
Experience
- SELMELC CybersecurityVulnerability researcher (Self-Employed)June 2023 - Today (3 years)Belgium• Vulnerability research focused on open-source software.• Non-confidential clients: MongoDB, Monero, Curl, Fireblocks, Amazon, Hackerone, ZDI.• Confidential clients sectors: banks, fintech, governments, EDR and cybersecurity solution providers, firmware for medical devices, fortune 500 companies.
- CensusApplication Security Engineer (Freelance)January 2024 - Today (2 years and 5 months)Greece• Application security.• Consulting for various types of clients and assets.• Research on state of the art cybersecurity solutions
- CensusIntern IT Security EngineerNovember 2022 - May 2023 (6 months)Greece• Worked for clients in all the various fields (mobile, software, web applications, pentests) of IT security.
Recommendations
Be the first to recommend Soufiane
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- RNCP +7 (Master) Network Information & Systems ArchitectureCampus 19 - 42 Network2025▪ System programming (kernel development) ▪ C / C++ / x86-64 ASM / Python ▪ Malware development (metaphoric virus with anti-debugging, in x86 ASM) ▪ Web and binary exploitation ▪ Generic low-level programming (HTTP server in C, multi-threaded graphical projects) ▪ Cloud deployments, and DevOps concepts (docker, kubernetes, CI/CD, argocd)