• United States



Trail of Bits: An alliance of #infosec heavyweights

Feb 14, 20123 mins
Data and Information SecurityIT Leadership

A new information security operation is up and running, led by some very notable industry stars. The company is called Trail of Bits, and is comprised of CEO Dan Guido, CTO Dino Dai Zovi, and Chief Scientist Alexander Sotirov.

Here’s how they describe the company on the website:

“Founded in 2012, Trail of Bits is an independent information security company that leverages its world-class experience in security research, red teaming and incident response to enable enterprises to make better strategic defense decisions. We combine ongoing monitoring of attacker techniques, tools and incentives with proprietary research and data to provide timely and specific risk advice. Our objective is to serve a small number of the most advanced enterprise security organizations.”

These gentlemen are well known and respected in the community.

Here’s a bit of Dai Zovi’s resume:

Notable published research projects include:

– Vitriol (2006), a hyper-jacking rootkit for Mac OS X using the Intel VT-x hardware virtualization extensions.

– KARMA (2004), a framework for attacking 802.11 clients by implementing a “promiscuous” access point, multi-protocol man-in-the-middle attacks, and client-side application exploits.

– Viha (2002), a Mac OS X monitor-mode packet capture driver for AirPort 802.11b cards.

Co-author of both “The Mac Hacker’s Handbook” (Wiley, Feb. 2009) and “The Art of Software Security Testing” (Addison-Wesley Professional, Nov. 2006).

Alexander Sotirov’s recent work includes exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. Currently he is working as an independent security consultant in New York.

He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.

Dan Guido also has a long, distinguished resume. According to the company site, he “leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in such massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries.”

Best of luck, guys.