Alexander Sotirov

Alexander Sotirov
Alexander Sotirov
	Computer Science

Alexander Sotirov is a computer security researcher. He has been employed by Determina^[1] and VMware.^[2] In 2012, Sotirov co-founded New York based Trail of Bits^[3] with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.

He is well known for his discovery of the

Heap Feng Shui technique^[5] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function^[6]

in December 2008.

Sotirov is a founder and organizer of the

Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08),^[7] and has served on the Black Hat Review Board since 2011.^[8]

He was ranked #6 on

Violet Blue's list of The Top 10 Sexy Geeks of 2009.^[9]

References

^ John Markoff (2006-12-25). "Flaws Are Detected in Microsoft's Vista". The New York Times. Retrieved 2009-01-05.
^ Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". Archived from the original on July 17, 2012. Retrieved 2009-01-05.
^ Bill Brenner. "Trail of Bits: An alliance of #infosec heavyweights". Archived from the original on 2013-01-21. Retrieved 2012-02-14.
^ "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. Archived from the original on 22 January 2009. Retrieved 2009-01-03.
^ Alexander Sotirov. "Heap Feng Shui in JavaScript" (PDF). Archived (PDF) from the original on 5 January 2009. Retrieved 2009-01-03.
^ Sotirov, Alexander; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne Osvik; Benne de Weger (2008-12-30). "MD5 considered harmful today". Archived from the original on 2 January 2009. Retrieved 2009-01-02.
^ "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". Archived from the original on 6 January 2009. Retrieved 2009-01-05.
^ "Black Bat Review Board". Retrieved 2012-06-09.
^ Violet Blue (20 December 2008). "Top10 Sexy Geeks 2009". Retrieved 2008-12-20.

External links

[1] John Markoff (2006-12-25). "Flaws Are Detected in Microsoft's Vista". The New York Times. Retrieved 2009-01-05.

[2] Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". Archived from the original on July 17, 2012. Retrieved 2009-01-05.

[3] Bill Brenner. "Trail of Bits: An alliance of #infosec heavyweights". Archived from the original on 2013-01-21. Retrieved 2012-02-14.

[4] "Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. Archived from the original on 22 January 2009. Retrieved 2009-01-03.

[5] Alexander Sotirov. "Heap Feng Shui in JavaScript" (PDF). Archived (PDF) from the original on 5 January 2009. Retrieved 2009-01-03.

[sslHarmful-6] Sotirov, Alexander; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne Osvik; Benne de Weger (2008-12-30). "MD5 considered harmful today". Archived from the original on 2 January 2009. Retrieved 2009-01-02.

[7] "2nd USENIX Workshop on Offensive Technologies (WOOT '08)". Archived from the original on 6 January 2009. Retrieved 2009-01-05.

[8] "Black Bat Review Board". Retrieved 2012-06-09.

[9] Violet Blue (20 December 2008). "Top10 Sexy Geeks 2009". Retrieved 2008-12-20.

[1]

[2]

[3]

[5]

[6]

[7]

[8]

[9]