Pwnie award organizer, Black Hat Briefings Review Board Member
Scientific career
Fields
Computer Science
Alexander Sotirov is a computer security researcher. He has been employed by Determina[1] and VMware.[2] In 2012, Sotirov co-founded New York based Trail of Bits[3] with Dino Dai Zovi and Dan Guido, where he currently serves as co-CEO.
He is well known for his discovery of the ANI browser vulnerability[4] as well as the so-called Heap Feng Shui technique[5] for exploiting heap buffer overflows in browsers. In 2008, he presented research at Black Hat showing how to bypass memory protection safeguards in Windows Vista. Together with a team of industry security researchers and academic cryptographers, he published research on creating a rogue certificate authority by using collisions of the MD5 cryptographic hash function[6] in December 2008.
Sotirov is a founder and organizer of the Pwnie awards, was on the program committee of the 2008 Workshop On Offensive Technologies (WOOT '08),[7] and has served on the Black Hat Review Board since 2011.[8]
He was ranked #6 on Violet Blue's list of The Top 10 Sexy Geeks of 2009.[9]
^John Markoff (2006-12-25). "Flaws Are Detected in Microsoft's Vista". The New York Times. Retrieved 2009-01-05.
^Dennis Fisher. "VMWare loses top security researcher Sotirov and exec Mulchandani". Archived from the original on July 17, 2012. Retrieved 2009-01-05.
^Bill Brenner. "Trail of Bits: An alliance of #infosec heavyweights". Archived from the original on 2013-01-21. Retrieved 2012-02-14.
^"Vulnerability Note VU#191609: Microsoft Windows animated cursor stack buffer overflow". United States Computer Emergency Readiness Team. 2007-03-29. Archived from the original on 22 January 2009. Retrieved 2009-01-03.
^Alexander Sotirov. "Heap Feng Shui in JavaScript" (PDF). Archived (PDF) from the original on 5 January 2009. Retrieved 2009-01-03.
^Sotirov, Alexander; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne Osvik; Benne de Weger (2008-12-30). "MD5 considered harmful today". Archived from the original on 2 January 2009. Retrieved 2009-01-02.
^"2nd USENIX Workshop on Offensive Technologies (WOOT '08)". Archived from the original on 6 January 2009. Retrieved 2009-01-05.
^"Black Bat Review Board". Retrieved 2012-06-09.
^Violet Blue (20 December 2008). "Top10 Sexy Geeks 2009". Retrieved 2008-12-20.
AlexanderSotirov is a computer security researcher. He has been employed by Determina and VMware. In 2012, Sotirov co-founded New York based Trail of...
theater in New York City. The Pwnie Awards were founded in 2007 by AlexanderSotirov and Dino Dai Zovi following discussions regarding Dino's discovery...
4515....1S. doi:10.1007/978-3-540-72540-4_1. ISBN 978-3-540-72539-8. AlexanderSotirov; et al. (2008-12-30). "Creating a rogue CA certificate". Archived...
(February 2008). "GnuTLS Considered Harmful". LDAP Mailing List. AlexanderSotirov; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne...
contest with an exploit for Adobe Flash co-written by Shane Macaulay, AlexanderSotirov, and Derek Callaway. After the contest, Adobe disclosed that they...
their response was considered adequate by the authors of the exploit (AlexanderSotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne...
May 2021. {{cite journal}}: Cite journal requires |journal= (help) AlexanderSotirov; Marc Stevens; Jacob Appelbaum; Arjen Lenstra; David Molnar; Dag Arne...
Retrieved 19 June 2018. Heap Feng Shui in JavaScript - Whitepaper by AlexanderSotirov Heap Feng Shui in JavaScript - Slides of the BlackHat presentation...
with which the surrogate driver was signed. Security researchers AlexanderSotirov and Mark Dowd have developed a technique that bypasses many of the...
Award for Most Innovative Research. The MD5 collision attack, with AlexanderSotirov, Marc Stevens, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne...
Smith, professor at UA who later served as Alabama state geologist AlexanderSotirov, computer security researcher Robert Van de Graaff, physicist know...
released by the security auditing firm Trail of Bits (co-founded by AlexanderSotirov). 48 technical issues were reported (plus 31 threat model findings...
from the original on 2022-09-05. Retrieved 2019-05-29. Marc Stevens, AlexanderSotirov, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik and...
Mallet alumni include: Mark Childress, author of Crazy in Alabama AlexanderSotirov, computer security researcher Honorary members include:[citation needed]...
information without permission. German tank problem § Historical problem AlexanderSotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne...
Abramoff Nikolai Sotirov as Victor Chertoff Emil Markov as Misha Marianna Stanisheva as Alla Teodor Yordanov as Vladimir Alexander Tsitkilov as Pushkin...
Talkington as Katie Jayne Wisener as Amy Kate Maberly as Jennifer Nikolai Sotirov and Vladimir Yossifov as Boogeyman Tobin Bell as Dr. Mitchell Allen (Voice)...
like. His ideas find support among some amateur historians as PhD. Georgi Sotirov (financier), professor Asen Chilingirov (culturologist), professor Yordan...
Małgorzata Braunek, Tanya Shahova, Lyuben Chatalov, Ilia Karaivanov, Nikolai Sotirov, Juozas Budraitis, Ivan Kondov, Ventzislav Bozhinov, Krasimir Mashev and...
August 9, the railway section was officially opened by Prime Minister Alexander Malinov, ministers, engineers, journalists and representatives of local...