Thomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Cyber Security. He is interested automotive security, security research, and various types of security testing in vehicles, embedded devices, and low-level software.

He holds OSCP and OSCE certifications and has responsibly disclosed several zero-day vulnerabilities and web vulnerabilities to prominent companies like Google, Qualcomm, AT&T, IBM, Acronis, and Xiaomi. Additionally, he dedicates a significant portion of his time to independent research for security conferences and personal use.

In his role as the Technical Director of Auxilium Cyber Security, Sermpinis applies his extensive knowledge and experience in the Automotive Cyber Security industry to contribute towards making the world and its streets safer, in collaboration with his team of over 20 researchers. Having conducted over 100 penetration tests in some of the leading OEMs and Tier 1 suppliers over the years, he also spearheads the research operations of the organization.

In the past, he has held various positions in security and blockchain in both research and private sectors. Finally, he is deeply involved in the cybersecurity and open-source communities, maintaining a strong social media presence with regular blog and YouTube posts.

Academic

  • Master’s Degree on Informatics and Management - Aristotle University of Thessaloniki (AUTH)
  • Bachelor’s Degree on Administration and Economics - University of Applied Sciences of Central Macedonia

Experience

  • Technical Director - Auxilium Cyber Security
  • Automotive Penetration Testing Lead - Auxilium Cyber Security
  • Senior Cyber Security Consultant - Auxilium Cyber Security
  • Cyber Security Consultant - Auxilium Cyber Security
  • Security Researcher / Founder - Cr0w’s Place
  • Cyber Security Analyst - Auxilium Cyber Security
  • Blockchain Engineer - Aristotle University of Thessaloniki (AUTH)
  • Security Workshop Instructor - HAKIN9 MEDIA SP
  • IT Assistant - Thessaloniki International Film Festival - TIFF
  • Magazine Editor - Parabing Creations

Talks

  • Horror Stories from the Automotive Industry - DeepSec 2023
  • Horror Stories from the Automotive Industry - Chaos Computer Camp 2023
  • Horror Stories from the Automotive Industry - TROOPERS23
  • UDS Fuzzing and the Path to Game Over - TROOPERS23
  • Integration of Near Field Communication technology into Warehouse Management Systems - 12th Student Conference on Management Science and Technology
  • Integration of Augmented Reality technology into Warehouse Management Systems - 12th Student Conference on Management Science and Technology
  • Traceability Decentralization in Supply Chain Management Using Blockchain Technologies - 4th Olympus International Conference on Supply Chains

Publications

  • DeTRACT: a decentralized, transparent, immutable and open PKI certificate framework - International Journal of Information Security (Springer)
  • Traceability Decentralization in Supply Chain Management Using Blockchain Technologies - 4th Olympus International Conference on Supply Chains

CVEs

  • [CVE-2021-29507] Improper Input Validation leads to buffer overflow in dlt-daemon
  • [CVE-2020-26800] Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client
  • [CVE-2020-24807] File Type Restriction Bypass in Socket.io-file NPM module
  • [CVE-2020-15779] Path Traversal in Socket.io-file NPM module

Skills

  • OSCE - Offensive Security Certified Expert
  • OSCP - Offensive Security Certified Professional
  • Penetration Testing
  • Security Analysis and Research
  • Automotive Security
  • Blockchain Security
  • Programming and Scripting (Python, C, Solidity, Go, Bash)
  • Blockchain Technologies (Ethereum, Hyperledger Fabric)
  • Supply Chain Management

Acknowledgements - References