- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Trail of Bits: An alliance of #infosec heavyweights
A new information security operation is up and running, led by some very notable industry stars. The company is called Trail of Bits, and is comprised of CEO Dan Guido, CTO Dino Dai Zovi, and Chief Scientist Alexander Sotirov.
Here's how they describe the company on the website:
"Founded in 2012, Trail of Bits is an independent information security company that leverages its world-class experience in security research, red teaming and incident response to enable enterprises to make better strategic defense decisions. We combine ongoing monitoring of attacker techniques, tools and incentives with proprietary research and data to provide timely and specific risk advice. Our objective is to serve a small number of the most advanced enterprise security organizations."
These gentlemen are well known and respected in the community.
Here's a bit of Dai Zovi's resume:
Notable published research projects include:
- Vitriol (2006), a hyper-jacking rootkit for Mac OS X using the Intel VT-x hardware virtualization extensions.
- KARMA (2004), a framework for attacking 802.11 clients by implementing a "promiscuous" access point, multi-protocol man-in-the-middle attacks, and client-side application exploits.
- Viha (2002), a Mac OS X monitor-mode packet capture driver for AirPort 802.11b cards.
Co-author of both "The Mac Hacker's Handbook" (Wiley, Feb. 2009) and "The Art of Software Security Testing" (Addison-Wesley Professional, Nov. 2006).
Alexander Sotirov's recent work includes exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. Currently he is working as an independent security consultant in New York.
He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.
Dan Guido also has a long, distinguished resume. According to the company site, he "leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in such massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries."
Best of luck, guys.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government
- Thwarting DDoS Attacks with Cloud Defenses
- Data Center Insight: 6 ways to Prevent Mistakes that Have Cost others Millions
- HP & CIO: Making virtualization strategic
- Bridging the IT Gap: A Fresh Approach to Infrastructure Management
- IBM PureFlex and Flex System: Infrastructure for IT Efficiency
- Accelerating Solution Deployment with IBM PureFlex and Flex System