GEORGI
GUNINSKI
Contact
Information:
Email:
gguninski@gmail.com |
guninski@guninski.com
Website:
guninski.com | Blog:
j.ludost.net
LinkedIn:
LinkedIn
Profile |
Papers
on researchgate
Professional
Summary
I
am security researcher and consultant and developer. Discovered
over
110
high profile security
vulnerabilities,
some of which exceptional. Broke some AI. Have a passion for
experimental mathematics. Currently
seeking remote opportunities in security, mathematics,
or AI.
Key Achievements
Security Research:
Discovered over 110 vulnerabilities, including 50+ CVEs in prominent software.
Notable findings:
Discoverer of DLL hijacking CVE-2000-0854: design flaw in windows when loading dynamic libraries from current working directory, efficient exploit vector in malware. Disclosed in 2000, still alive till at least 2025. Source
The first expoitable qmail bugs Source
Remote root in Ubuntu via apt-key Source
Remote OpenBSD denial of service in IP6 (very rare) Source
Design flaw in windows when digitally signing buggy mobile code (ActiveX) Source
In 2023 and 2025 in AI security, published vulnerabilities in chatGPT and Google Bard and Deepseek, the novelty of these is that the AI writes insecure code which is *textbook example* of the XSS vulnerability. AI is tried to be used for writing secure code.
Several Linux kernel vulnerabilities.
The series of Internet Explorer and Microsoft Office vulnerabilities got wide coverage.
Contributions recognized in media (CNET, The Register microsoft.com github.com).
According to leaked CIA documents, CIA had my exploit in their arsenal.
Open Source Contributions:
Contributor of Firefox, Wireshark and sagemath projects. Open source evangelist. Reported vulnerabilities and advice to numerous open source projects.
Mathematics & Cryptography:
Active contributor to MathOverflow (top 124 overall), user
“joro”.
Design flaw in cryptography RFC-2631 Diffie-Hellman, LibreSSL fixed it Source
Math papers include topics from counterexample of graph theory conjecture, primality function, algorithm for integer factorization given bounds for the factor.
In Coq proof assistant, found two critical inconsistencies which allow proving $False$, acknowledged by the developers. Coq is used in formal verification.
Technical Skills
Programming Languages: sagemath, Python, C, JavaScript
Operating Systems: Linux, basic *BSD
Expertise: IT Security, Experimental Mathematics, QA
Professional Experience
Self-employed | 2009 - Present
Conducted independent research in mathematics and cybersecurity, leading to significant discoveries and publications.
Independent
Security Consultant
Netscape
and Mozilla Corporation (1999-2009)
Conducted security research leading to critical browser vulnerability discoveries.
Python
Developer (Speech Recognition)
(2022)
Developed Python-based applications focused on speech recognition algorithms.
IT
Expert
Technologica
Ltd. (1996-1999)
Delivered IT solutions and supported enterprise systems.
Clipper
Developer
ACTA
Ltd. (1995-1996)
Developed bank software leveraging Clipper programming.
Education
MA
in International Economic Relations
University
of National and World Economy, Sofia, Bulgaria (1991-1995)
GPA:
5.38/6.00
Gold
Medal Graduate
114
English Language School "Liliana Dimitrova" (1986-1991)
Additional Information
Open to remote work only.
Revision: Feb 28 09:32:38 AM UTC 2025