About varocarbas.com


About me


Contact me


Visit customsolvers.com, my main website


Valid markup


Valid CSS


© 2015-2018 Alvaro Carballo Garcia


URL friendly


Optimised for 1920x1080 - Proudly mobile unfriendly

All projects in full-screen mode


Project 10

Project 9

Project 8

FlexibleParser code analysis:




Chromatic encryption

(v. 1.3)

Pages in customsolvers.com:

Upcoming additions

Failed projects

Active crawling bots:

Ranking type 2


FlexibleParser raw data:

Unit conversion (UnitParser)

Compound types (UnitParser)

Timezones (DateParser)

Currently active or soon to be updated:

Domain ranking

Project 10 is expected to be the last formal project of varocarbas.com. I will continue using this site as my main self-promotional R&D-focused online resource, but by relying on other more adequate formats like domain ranking.
Note that the last versions of all the successfully completed projects (5 to 10) will always be available.
Completed (26 days)
Completed (47 days)
Completed (19 days)
Completed (14 days)
Security implications of open CoreCLR (CoreRun.exe)
Completed on 05-Feb-2016 (26 days) -- Updated on 23-Nov-2016

Some of the conclusions of this project aren't applicable anymore.
To know more about all this, read "OVER-8-MONTH-LATER UPDATE" in the Open .NET & CoreCLR section.

Project 8 in full-screenProject 8 in PDF

As explained in the previous section, a CoreRun.exe-based threat is very unlikely to happen due to the associated difficulties. No real threat means no problem and, consequently, no solution is strictly required.

Nevertheless, the following ideas can further improve CoreRun.exe's security:
  • Constraining its utilisation even more. For example: being able to only deal with executables built on a specific .NET version or to only be run on certain Windows version.
  • Exclusively dealing with properly-identified .NET executables. They might be identified by forcing some of its defining features to meet specific conditions (e.g., including certain copyright reference or version).
  • Rather than releasing a standalone application and its source code, relying on a cloud-based approach. It might consist in a simple webpage accepting the given inputs (i.e., .NET executable and modified libraries) and delivering the final result (i.e., what is output by this executable when relying on the modified libraries).