Security Researcher

Personal Information

Date of birth
17 March 1993
romainthomasc at gmail dot com

Work Experience


Security Researcher at QuarksLab

from September 2015

My works are focus on:

  • Code obfuscation
  • Reverse engineering
  • Android
  • Software protections (Packing...)

Internship at QuarksLab

from April 2015 to July 2015

During this internship, I worked on a compiler code obfuscator

  • I used LLVM compiler infrastructure.
  • I developed a code coverage tool based on Trtion
  • I studied the Obfuscator-LLVM security with Triton

Internship at QuarksLab

from July 2014 to August 2014

During my internship, I studied the JTAG and how to discover its ports. I used various devices like router, 4G Internet key.

  • I developed a JTAG testing tool – Available my GitHub page.
  • I used the Bus Blaster and the JTAGulator with the openOCD library.

Internship at ATACAMA Compagny

August 2013 to November 2013

Web developper

I developed the company's website by using Model–view–controller architecture .

  • PHP5
  • MySQL
  • JQuery


2011 - 2016


Engineering Studies

Engineering student in fourth year

2014 - 2015

École Polytechnique de Montréal

Bachelor’s degree, Computer Science

2010 - 2011

Lycée Maurice Ravel


Scientific Baccalauréat in Lycée Maurice Ravel mention Bien equivalent to an A level.


LIEF - Library to Instrument Executable Formats

The purpose of this project is to provide a cross platform library which can parse, modify and abstract ELF, PE and MachO formats.

Main features:

  • Parsing: LIEF can parse ELF, PE, MachO and provides an user-friendly API to access to format internals.
  • Modify: LIEF enables to modify some parts of these formats
  • Abstract: Three formats have common features like sections, symbols, entry point... LIEF factors them.
  • API: LIEF can be used in C, C++ and Python

Quantum Mechanics project : The quantum eraser

During the three months project, we studied the studied the quantum eraser experiment which include :

  • Quantum spin
  • Ramsey interferometry
  • Entangled states

Implementation of the One-Wire protocol in a FPGA

We implemented the One-Wire protocol designed by Dallas Semiconductor to communicate between thermometers.

Optimization of Dijkstra’s algorithm

We programmed the Dijkstra’s algorithm in C then we optimized it by using :

  • A* search algorithm
  • Binary heap


Inria FR-JP - 25 April. 2017

LIEF: Library to Instrument Executable Formats

When analyzing executable, the first layer of information is the format in which the executable is wrapped. It turns out that a lot of tools and libraries exist to analyze and instrument machine code wrapped by the format, but there is not such library to handle the three mainstream executable formats and to both read and modify these formats. LIEF has been developed to that end.

In the talk we will explain the rationale behind LIEF architecture choices, what LIEF allows to do and have a look at use cases.

LIEF is a cross platform library and it can be used through a Python, C++ and C API. The library enables to parse standard structures as well as more complex ones like PE Signature (Authenticode) and ELF hash table. As use cases we can inject code into a binary or a library, we can also redirect the control flow to hook functions and it can be used to obfuscate some parts of a binary. Another feature of LIEF is that common characteristics of these formats are factorized so that we can develop a single script which works for the three formats.

CSAW SOS 2016 - 10 nov. 2016

How Triton can help to reverse virtual machine based software protections

With Jonathan Salwan

The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work together. Then, the second part will include demonstrations on how it's possible to reverse virtual machine based protections using taint analysis, symbolic execution, SMT simplifications and LLVM-IR optimizations.

St'Hack 2016 - 8 avril 2016

Dynamic Binary Analysis and Obfuscated Codes

With Jonathan Salwan

At this presentation we will talk about how a DBA (Dynamic Binary Analysis) may help a reverse engineer to reverse obfuscated code. We will first introduce some basic obfuscation techniques and then expose how it's possible to break some stuffs (using our open-source DBA framework - Triton) like detect opaque predicates, reconstruct CFG, find the original algorithm, isolate sensible data and many more... Then, we will conclude with a demo and few words about our future work.

MISC magazine - 82 (2015)

How Triton may help to analyse obfuscated binaries

With Jonathan Salwan

Binary obfuscation is used to protect software's intellectual property. There exist different kinds of obfucation but roughly, it transforms a binary structure into another binary structure by preserving the same semantic. The aim of obfuscation is to ensure that the original information is "drown" in useless information that will make reverse engineering harder. In this article we will show how we can analyse an ofbuscated program and break some obfuscations using the Triton framework




Native speaker
TOEIC: 865 - TOEFL ITP: 567
Basic communication skills.

IT skills

Dynamic Instrumentation Code obfuscation Reverse Engineering [x86|x64|ARM] Android Internals
Programming languages
C/C++ Python VHDL ASM [x86|68k] Java Php/MySQL
Z3 Scikit-learn Boost IDA Pro Sage Maple


Write up crypto 300 - HITB 2015

Write up crypto 400 - HITB 2015