www.phreedom.org
Open in
urlscan Pro
52.217.38.3
Public Scan
URL:
http://www.phreedom.org/research/
Submission: On November 11 via manual from CA — Scanned from CA
Submission: On November 11 via manual from CA — Scanned from CA
Form analysis
1 forms found in the DOMGET http://www.google.com/cse
<form class="search" action="http://www.google.com/cse" method="get">
<div>
<input type="hidden" name="cx" value="015960576831297768215:tprxtx55gig"><input type="hidden" name="ie" value="UTF-8"><input id="search-text" type="text" name="q" size="20" maxlength="256" title="Search query"
style="color: rgb(128, 128, 128);"><input id="search-image" type="image" name="sa" value="Search" src="../images/find.png" alt="Submit">
</div>
</form>
Text Content
SECURITY RESEARCH by Alexander Sotirov NAVIGATION * Blog * Research * Presentations * Software * About RESOURCES LATEST POSTS * Assured Exploitation 2011 * You Should Work for Symantec * CSAW final challenge * CSAW reversing challenge * Darknet design ARCHIVES * 2011 | 2010 | 2009 | 2008 FOLLOW * Twitter * Blog feed CONTACT * alex@sotirov.net * PGP key MEET ME AT * CanSecWest Vancouver, Mar 9-11 * Infiltrate Miami Beach, Apr 16-17 RESEARCH PROJECTS * Creating a rogue CA certificate I was a member of an international team of researchers who successfully executed a practical MD5 collision attack and were able to create a rogue CA trusted by all common browsers. This allows us to perform transparent man-in-the-middle attacks against SSL connection. * Bypassing browser memory protections in Windows Vista An in-depth analysis of the exploitation mitigations in Windows Vista and multiple techniques for bypassing them using browser plugins. * Blackbox reversing of XSS filters Finding security vulnerabilities in XSS filters in web applications using an iterative model generation approach. * Heap Feng Shui in JavaScript A technique for precise manipulation of the browser heap using specific sequences of JavaScript allocations, allowing for the reliable exploitation of heap corruption vulnerabilities. * TinyPE Creating the smallest possible PE executable. * Third-party patches Using reverse engineering to create patches for critical vulnerabilities before the official vendor patches are released. * Automatic vulnerability detection using static source code analysis My thesis on a technique for static source code analysis for vulnerability detection and its implementation as an extension to GCC. * Honeynet reverse challenge I won fourth place in the the reverse engineering contest organized by the Honeynet Project in 2002. VULNERABILITIES Jan 8, 2008 OpenPegasus PAM authentication buffer overflow Jun 12, 2007 Internet Explorer URLMON class factory uninitialized memory vulnerability May 8, 2007 Exchange calendar MODPROPS denial of service Mar 29, 2007 Windows ANI header buffer overflow Jan 27, 2007 Internet Explorer ActiveX bgColor property denial of service [UNPATCHED] Dec 15, 2006 Windows CSRSS message box double free Jan 5, 2006 Windows Metafile infinite loop vulnerability [UNPATCHED] Feb 8, 2005 Multiple vulnerabilities in Operator Shell Aug 8, 2002 OpenLDAP KBIND authentication buffer overflow EXPLOITS Mar 26, 2004 Windows ASN.1 bitstring heap corruption Oct 15, 2003 ProFTPd ASCII translation heap overflow Sep 17, 2002 Apache OpenSSL heap overflow Aug 7, 2002 OpenLDAP KBIND authentication buffer overflow Oct 10, 2000 Solaris locale format string bug