by Alexander Sotirov
I was a member of an international team of researchers who successfully executed a practical MD5 collision attack and were able to create a rogue CA trusted by all common browsers. This allows us to perform transparent man-in-the-middle attacks against SSL connection.
An in-depth analysis of the exploitation mitigations in Windows Vista and multiple techniques for bypassing them using browser plugins.
Finding security vulnerabilities in XSS filters in web applications using an iterative model generation approach.
Creating the smallest possible PE executable.
Using reverse engineering to create patches for critical vulnerabilities before the official vendor patches are released.
My thesis on a technique for static source code analysis for vulnerability detection and its implementation as an extension to GCC.
I won fourth place in the the reverse engineering contest organized by the Honeynet Project in 2002.
|Jan 8, 2008||OpenPegasus PAM authentication buffer overflow|
|Jun 12, 2007||Internet Explorer URLMON class factory uninitialized memory vulnerability|
|May 8, 2007||Exchange calendar MODPROPS denial of service|
|Mar 29, 2007||Windows ANI header buffer overflow|
|Jan 27, 2007||Internet Explorer ActiveX bgColor property denial of service [UNPATCHED]|
|Dec 15, 2006||Windows CSRSS message box double free|
|Jan 5, 2006||Windows Metafile infinite loop vulnerability [UNPATCHED]|
|Feb 8, 2005||Multiple vulnerabilities in Operator Shell|
|Aug 8, 2002||OpenLDAP KBIND authentication buffer overflow|
|Mar 26, 2004||Windows ASN.1 bitstring heap corruption|
|Oct 15, 2003||ProFTPd ASCII translation heap overflow|
|Sep 17, 2002||Apache OpenSSL heap overflow|
|Aug 7, 2002||OpenLDAP KBIND authentication buffer overflow|
|Oct 10, 2000||Solaris locale format string bug|