Kevin van Liebergen

PhD Student in security

IMDEA Software Institute

Biography

Hi! I am a Ph.D. Student at IMDEA Software Institute. I am part of the security group lead by Prof. Juan Caballero. I received my M.Sc in cybersecurity from the Universidad de Alcalá (UAH).

My research focuses on cybercrime, particularly ransom scams, attribution target selection, threat hunting, and threat intelligence approaches. I enjoy participating in CTFs and have a genuine passion for all things related to IT.

My Erdös number is 4 (Juan Caballero -> Geoffrey M. Voelker -> Ronald. L. Graham -> P. Erdös).

I transform coffe into code, and datasets into knowledge… Or at least I try to.

Interests

Cybercrime
Attribution
Threat Hunting
Threat Intelligence

Education

PhD in security, WIP

IMDEA Software Institute
MSc in Cybersecurity, 2022

Universidad de Alcalá
BSc in Computer Engineering, 2020

Universidad de Alcalá

Recent News

[2024/April] Our paper on Ransom Scams has been accepted at NDSS 2025 :)

[2024/April] Our paper on Server Ransom Scams has been accepted at JNIC 2024

[2023/December] Beneficiary of the FPI Espada grant

[2023/October] Part of the Artifact Evaluation Committee (AEC) at Usenix 2024

[2023/September] Our paper on Bitcoin Estimations has been accepted at CCS 2023

[2023/April] Our paper on VirusTotal file feed has been accepted at DIMVA 2023

Recent Publications

Gibran Gomez, Kevin van Liebergen, Juan Caballero (2023). Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage. arXiv.

Cite URL

Gibran Gomez, Kevin van Liebergen, Juan Caballero (2023). Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage. CCS 2023.

Cite URL

Kevin van Liebergen, Juan Caballero, Platon Kotzias, Chris Gates (2023). A Deep Dive into the VirusTotal File Feed. DIMVA 2023.

Cite DOI

Kevin van Liebergen, Juan Caballero, Platon Kotzias, Chris Gates (2022). A Deep Dive into VirusTotal: Characterizing and Clustering a Massive File Feed. arXiv.

Cite DOI URL

Experience

PhD Student

IMDEA Software Institute

Sep 2022 – Present Madrid

Conducted research on cybercrime bitcoin revenue estimation methods, emphasizing methodological variations. Developed a tool replicating diverse approaches, highlighting potential overestimation risks. Developed techniques improving estimation accuracy, exposing existing discrepancies.

Research Intern

IMDEA Software Institute

May 2021 – Aug 2022 Madrid

Full-time internship at the IMDEA Software Institute under the supervision of Prof. Juan Caballero in collaboration with NortonLifeLock Research Group to work on the development of a threat hunting tool using the VirusTotal file feed.

Researcher

Cátedra ISDEFE-UAH

Sep 2018 – Apr 2021 Madrid

Design and teaching of courses on networks and forensics, with a focus on drone technology. Conducted in-depth analysis on anonymization networks (Deep Web, Dark Web, and Dark Net) and homomorphic encryption, to anticipate emerging trends and technologies in the cybersecurity landscape. Generated static code analysis reports to enhance software security and identify vulnerabilities, contributing to robust and secure applications.

System Administrator

Making Science

Sep 2019 – Mar 2020 Madrid

Administration and management of infrastructures and services: Google Cloud Platform and on-premises. Configuration and automation of high-availability system with the philosophy of Infrastructure as code (IaC) with tools such as SaltStack, Terraform and Docker.

Projects

Wallapop crawler

Python web crawler using the Selenium library to extract data from Wallapop’s second-hand application. Automated navigation and data extraction for efficient analysis and monitoring of listings.

Privilege escalation tool

Bachelor’s degree thesis titled ‘Análisis de procedimientos de escalada de privilegios basado en el framework MITRE ATT&CK’ for the Computer Engineering degree from the Universidad de Alcalá.