urlscan.io logo urlscan.io
SecurityTrails logo

www.phreedom.org Open in urlscan Pro
52.217.38.3  Public Scan

Back to summary
URL: http://www.phreedom.org/research/
Submission: On November 11 via manual from CA — Scanned from CA

Form analysis 1 forms found in the DOM

GET http://www.google.com/cse

<form class="search" action="http://www.google.com/cse" method="get">
  <div>
    <input type="hidden" name="cx" value="015960576831297768215:tprxtx55gig"><input type="hidden" name="ie" value="UTF-8"><input id="search-text" type="text" name="q" size="20" maxlength="256" title="Search query"
      style="color: rgb(128, 128, 128);"><input id="search-image" type="image" name="sa" value="Search" src="../images/find.png" alt="Submit">
  </div>
</form>

Text Content

SECURITY RESEARCH

by Alexander Sotirov


NAVIGATION

 * Blog
 * Research
 * Presentations
 * Software
 * About




RESOURCES


LATEST POSTS

 * Assured Exploitation 2011
 * You Should Work for Symantec
 * CSAW final challenge
 * CSAW reversing challenge
 * Darknet design


ARCHIVES

 * 2011 | 2010 | 2009 | 2008


FOLLOW

 * Twitter
 * Blog feed


CONTACT

 * alex@sotirov.net
 * PGP key


MEET ME AT

 * CanSecWest
   
   Vancouver, Mar 9-11

 * Infiltrate
   
   Miami Beach, Apr 16-17


RESEARCH


PROJECTS

 * Creating a rogue CA certificate
   
   I was a member of an international team of researchers who successfully
   executed a practical MD5 collision attack and were able to create a rogue CA
   trusted by all common browsers. This allows us to perform transparent
   man-in-the-middle attacks against SSL connection.

 * Bypassing browser memory protections in Windows Vista
   
   An in-depth analysis of the exploitation mitigations in Windows Vista and
   multiple techniques for bypassing them using browser plugins.

 * Blackbox reversing of XSS filters
   
   Finding security vulnerabilities in XSS filters in web applications using an
   iterative model generation approach.

 * Heap Feng Shui in JavaScript
   
   A technique for precise manipulation of the browser heap using specific
   sequences of JavaScript allocations, allowing for the reliable exploitation
   of heap corruption vulnerabilities.

 * TinyPE
   
   Creating the smallest possible PE executable.

 * Third-party patches
   
   Using reverse engineering to create patches for critical vulnerabilities
   before the official vendor patches are released.

 * Automatic vulnerability detection using static source code analysis
   
   My thesis on a technique for static source code analysis for vulnerability
   detection and its implementation as an extension to GCC.

 * Honeynet reverse challenge
   
   I won fourth place in the the reverse engineering contest organized by the
   Honeynet Project in 2002.


VULNERABILITIES

Jan 8, 2008 OpenPegasus PAM authentication buffer overflow Jun 12, 2007 Internet
Explorer URLMON class factory uninitialized memory vulnerability May 8, 2007
Exchange calendar MODPROPS denial of service Mar 29, 2007 Windows ANI header
buffer overflow Jan 27, 2007 Internet Explorer ActiveX bgColor property denial
of service [UNPATCHED] Dec 15, 2006 Windows CSRSS message box double free Jan 5,
2006 Windows Metafile infinite loop vulnerability [UNPATCHED] Feb 8, 2005
Multiple vulnerabilities in Operator Shell Aug 8, 2002 OpenLDAP KBIND
authentication buffer overflow


EXPLOITS

Mar 26, 2004 Windows ASN.1 bitstring heap corruption Oct 15, 2003 ProFTPd ASCII
translation heap overflow Sep 17, 2002 Apache OpenSSL heap overflow Aug 7, 2002
OpenLDAP KBIND authentication buffer overflow Oct 10, 2000 Solaris locale format
string bug