A new information security operation is up and running, led by some very notable industry stars. The company is called Trail of Bits, and is comprised of CEO Dan Guido, CTO Dino Dai Zovi, and Chief Scientist Alexander Sotirov. Here’s how they describe the company on the website: “Founded in 2012, Trail of Bits is an independent information security company that leverages its world-class experience in security research, red teaming and incident response to enable enterprises to make better strategic defense decisions. We combine ongoing monitoring of attacker techniques, tools and incentives with proprietary research and data to provide timely and specific risk advice. Our objective is to serve a small number of the most advanced enterprise security organizations.” These gentlemen are well known and respected in the community. Here’s a bit of Dai Zovi’s resume: Notable published research projects include: – Vitriol (2006), a hyper-jacking rootkit for Mac OS X using the Intel VT-x hardware virtualization extensions. – KARMA (2004), a framework for attacking 802.11 clients by implementing a “promiscuous” access point, multi-protocol man-in-the-middle attacks, and client-side application exploits. – Viha (2002), a Mac OS X monitor-mode packet capture driver for AirPort 802.11b cards. Co-author of both “The Mac Hacker’s Handbook” (Wiley, Feb. 2009) and “The Art of Software Security Testing” (Addison-Wesley Professional, Nov. 2006). Alexander Sotirov’s recent work includes exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. Currently he is working as an independent security consultant in New York. He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards. Dan Guido also has a long, distinguished resume. According to the company site, he “leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in such massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries.” Best of luck, guys. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe