Alexander Sotirov | |
---|---|
Born | |
Other names | Alex Sotirov |
Citizenship | United States, Bulgaria |
Alma mater | University of Alabama |
Known for | Pwnie award organizer, Black Hat Briefings Review Board Member |
Scientific career | |
Fields | Computer Science |
Alexander Sotirov is a computer security researcher. He has been employed by Determina[1] and VMware.[2] In 2012, Sotirov co-founded New York based Trail of Bits[3] with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.
He is well known for his discovery of the ANI browser vulnerability[4] as well as the so-called Heap Feng Shui technique[5] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function[6] in December 2008.
Sotirov is a founder and organizer of the Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08),[7] and has served on the Black Hat Review Board since 2011.[8]
He was ranked #6 on Violet Blue's list of The Top 10 Sexy Geeks of 2009.[9]
References
- ↑ John Markoff (2006-12-25). "Flaws Are Detected in Microsoft's Vista". The New York Times. Retrieved 2009-01-05.
- ↑ Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". Archived from the original on July 17, 2012. Retrieved 2009-01-05.
- ↑ Bill Brenner. "Trail of Bits: An alliance of #infosec heavyweights". Archived from the original on 2013-01-21. Retrieved 2012-02-14.
- ↑ "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. Archived from the original on 22 January 2009. Retrieved 2009-01-03.
- ↑ Alexander Sotirov. "Heap Feng Shui in JavaScript" (PDF). Archived (PDF) from the original on 5 January 2009. Retrieved 2009-01-03.
- ↑ Sotirov, Alexander; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne Osvik; Benne de Weger (2008-12-30). "MD5 considered harmful today". Archived from the original on 2 January 2009. Retrieved 2009-01-02.
- ↑ "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". Archived from the original on 6 January 2009. Retrieved 2009-01-05.
- ↑ "Black Bat Review Board". Retrieved 2012-06-09.
- ↑ Violet Blue (20 December 2008). "Top10 Sexy Geeks 2009". Retrieved 2008-12-20.