SecDocs Feed for author Alexander Sotirov

[Slides] Hotpatching and the Rise of Third-Party Patches

Wed, 11 Jan 2012 06:40:32 +0100

Authors: Alexander Sotirov
Tags: reverse engineering
Event: Black Hat USA 2006

[Paper] Heap Feng Shui in JavaScript

Thu, 21 Jul 2011 00:04:28 +0200

Authors: Alexander Sotirov
Tags: Javascript
Event: Black Hat EU 2007

[Slides] Heap Feng Shui in JavaScript

Wed, 20 Jul 2011 23:58:00 +0200

Authors: Alexander Sotirov
Tags: Javascript
Event: Black Hat EU 2007

[Paper] Heap Feng Shui in JavaScript

Sun, 19 Jun 2011 21:24:10 +0200

Authors: Alexander Sotirov
Tags: browser Javascript
Event: Black Hat USA 2007

[Slides] Heap Feng Shui in JavaScript

Sun, 19 Jun 2011 21:23:38 +0200

Authors: Alexander Sotirov
Tags: browser Javascript
Event: Black Hat USA 2007

[Video] How To Impress Girls With Browser Memory Protection Bypasses

Mon, 02 Aug 2010 06:12:14 +0200

Authors: Alexander Sotirov Mark Dowd
Tags: memory exploiting browser
Event: Black Hat USA 2008

[Slides] How To Impress Girls With Browser Memory Protection Bypasses

Mon, 02 Aug 2010 06:12:11 +0200

Authors: Alexander Sotirov Mark Dowd
Tags: memory exploiting browser
Event: Black Hat USA 2008

[Paper] How To Impress Girls With Browser Memory Protection Bypasses

Sun, 01 Aug 2010 06:11:40 +0200

Authors: Alexander Sotirov Mark Dowd
Tags: memory exploiting browser
Event: Black Hat USA 2008

[Audio] How To Impress Girls With Browser Memory Protection Bypasses

Sun, 01 Aug 2010 06:11:39 +0200

Authors: Alexander Sotirov Mark Dowd
Tags: memory exploiting browser
Event: Black Hat USA 2008

[Slides] Is Exploitation Over? Bypassing Memory Protections in Windows 7

Mon, 14 Dec 2009 11:45:00 +0100

Authors: Alexander Sotirov
Tags: buffer overflow Windows memory exploiting Windows 7

[Slides] Breaking the security myths of Extended Validation SSL Certificates

Tue, 22 Sep 2009 02:22:00 +0200

Authors: Alexander Sotirov Mike Zusman
Tags: X.509 SSL
Event: Black Hat USA 2009

[Paper] Breaking the security myths of Extended Validation SSL Certificates

Tue, 22 Sep 2009 02:20:00 +0200

Authors: Alexander Sotirov Mike Zusman
Tags: X.509 SSL
Event: Black Hat USA 2009

[Slides] Blackbox Reversing Of XSS Filters

Wed, 22 Apr 2009 03:18:00 +0200

Authors: Alexander Sotirov
Tags: security XSS
Event: REcon 2008
Abstract: Many of us limit ourselves to what we already know and don't look for new challanges. I've spent a long time reversing x86 code, but there are a lot of other interesting targets out there. Cross site scripting vulnerabilities and web security in general are perceived to not be interesting enough for hardcode reversers, but this talk aims to dispel this notion. We all know that web apps are the future, but where do we, reversers, fit in this brave new world? I will present the challanges of blackbox reversing and the beauty of reconstructing complicated algorithms based on nothing but some well chosen inputs and outputs. I will demonstrate the tools I've written to make this easier and perhaps drop a few 0days as well :-)

[Video] Blackbox Reversing Of XSS Filters

Wed, 22 Apr 2009 03:18:00 +0200

[Slides] MD5 considered harmful today

Wed, 28 Jan 2009 14:24:00 +0100

Authors: Alexander Sotirov
Tags: vulnerability SSL
Event: Chaos Communication Congress 25th (25C3) 2008