Alexander Sotirov | |
---|---|
Born | |
Other names | Alex Sotirov |
Citizenship | United States, Bulgaria |
Alma mater | University of Alabama |
Known for | Pwnie award organizer, Black Hat Briefings Review Board Member |
Scientific career | |
Fields | Computer Science |
Alexander Sotirov is a computer security researcher. He has been employed by Determina [1] and VMware. [2] In 2012, Sotirov co-founded New York based Trail of Bits [3] with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.
He is well known for his discovery of the ANI browser vulnerability [4] as well as the so-called Heap Feng Shui technique [5] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function [6] in December 2008.
Sotirov is a founder and organizer of the Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08), [7] and has served on the Black Hat Review Board since 2011. [8]
He was ranked #6 on Violet Blue's list of The Top 10 Sexy Geeks of 2009. [9]
In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.
The MD5 message-digest algorithm is a widely used hash function producing a 128-bit hash value. MD5 was designed by Ronald Rivest in 1991 to replace an earlier hash function MD4, and was specified in 1992 as RFC 1321.
In cryptography, SHA-1 is a hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest – typically rendered as 40 hexadecimal digits. It was designed by the United States National Security Agency, and is a U.S. Federal Information Processing Standard. The algorithm has been cryptographically broken but is still widely used.
A heap overflow, heap overrun, or heap smashing is a type of buffer overflow that occurs in the heap data area. Heap overflows are exploitable in a different manner to that of stack-based overflows. Memory on the heap is dynamically allocated at runtime and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage and uses the resulting pointer exchange to overwrite a program function pointer.
Address space layout randomization (ASLR) is a computer security technique involved in preventing exploitation of memory corruption vulnerabilities. In order to prevent an attacker from reliably redirecting code execution to, for example, a particular exploited function in memory, ASLR randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries.
In cryptography, a collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack where a specific target hash value is specified.
Alexander Peslyak, better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes.
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft Windows. It was released to manufacturing on November 8, 2006, and over the following two months, it was released in stages to business customers, original equipment manufacturers (OEMs), and retail channels. On January 30, 2007, it was released internationally and was made available for purchase and download from the Windows Marketplace; it is the first release of Windows to be made available through a digital distribution platform.
In computer security, executable-space protection marks memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit, or in some cases software emulation of those features. However, technologies that emulate or supply an NX bit will usually impose a measurable overhead while using a hardware-supplied NX bit imposes no measurable overhead.
Cain and Abel was a password recovery tool for Microsoft Windows. It could recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Cryptanalysis attacks were done via rainbow tables which could be generated with the winrtgen.exe program provided with Cain and Abel. Cain and Abel was maintained by Massimiliano Montoro and Sean Babcock.
VMware Workstation Player, formerly VMware Player, is a virtualization software package for x64 computers running Microsoft Windows or Linux, supplied free of charge by VMware, Inc. VMware Player can run existing virtual appliances and create its own virtual machines. It uses the same virtualization core as VMware Workstation, a similar program with more features, which is not free of charge. VMware Player is available for personal non-commercial use, or for distribution or other use by written agreement. VMware, Inc. does not formally support Player, but there is an active community website for discussing and resolving issues, as well as a knowledge base.
There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.
Windows Vista, an operating system released by Microsoft for consumers on January 30, 2007, has been widely criticized by reviewers and users. Due to issues with new security features, performance, driver support and product activation, Windows Vista has been the subject of a number of negative assessments by various groups.
The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees are announced yearly at Summercon, and the awards themselves are presented at the Black Hat Security Conference.
In computer security, heap feng shui is a technique used in exploits to facilitate arbitrary code execution. The technique attempts to manipulate the layout of the heap by making heap allocations of carefully selected sizes. It is named after feng shui, an ancient Chinese system of aesthetics that involves the selection of precise alignments in space.
Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference. First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
In computer security, virtual machine escape is the process of a program breaking out of the virtual machine on which it is running and interacting with the host operating system. A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". In 2008, a vulnerability in VMware discovered by Core Security Technologies made VM escape possible on VMware Workstation 6.0.2 and 5.5.4. A fully working exploit labeled Cloudburst was developed by Immunity Inc. for Immunity CANVAS. Cloudburst was presented in Black Hat USA 2009.
Matthieu Suiche, also known as Matt and under the username msuiche, is a French hacker and entrepreneur widely known as the founder of MoonSols, and co-founder of CloudVolumes before it was acquired by VMWare in 2014. In March 2014, Suiche was highlighted as one of the 100 key French developers in a report for French minister Fleur Pellerin.
In computer security and programming, a buffer over-read is an anomaly where a program, while reading data from a buffer, overruns the buffer's boundary and reads adjacent memory. This is a special case of violation of memory safety.
Dr. ir. Marc Stevens is a cryptology researcher most known for his work on cryptographic hash collisions and for the creation of the chosen-prefix hash collision tool HashClash as part of his master's degree thesis. He first gained international attention for his work with Alexander Sotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger in creating a rogue SSL certificate which was presented in 2008 during the 25th annual Chaos Communication Congress warning of the dangers of using the MD5 hash function in issuing SSL certificates. Several years later in 2012, according to Microsoft, the authors of the Flame malware used similar methodology to that which the researchers warned of by initiating an MD5 collision to forge a Windows code-signing certificate. Marc was most recently awarded the Google Security Privacy and Anti-abuse applied award. Google selected Stevens for this award in recognition of his work in Cryptanalysis, in particular related to the SHA-1 hash function.