[infosec-course] выступление специалистов из Trend Micro’s Zero Day Initiative на ВМК МГУ

Dennis Gamayunov gamajun at seclab.cs.msu.su
Fri Nov 18 12:03:32 UTC 2016


Добрый день!

Приглашаем на доклад специалистов по исследованию защищенности
программных систем и поиску уязвимостей, который состоится в понедельник
на ВМК МГУ.

Выступление на английском языке. Ниже аннотация:

Our adversaries are becoming more sophisticated and the battleground
is constantly changing. Trend Micro’s Zero Day Initiative is at the
frontlines of this arms race by finding, disclosing, and remediating
more vulnerabilities then any other research team in the world. In this
talk, we will take a look back at the last three years and cover the
most interesting trends and highlight some of the innovative research
that has come from Trend Micro’s Zero Day Initiative and its community
of security researchers.

The talk will be around 40-50 min. and will involve 3 speakers,
including myself. The speaker bio's:

Brian Gorenc (USA):

Brian Gorenc is the senior manager of Vulnerability Research with
Trend Micro. In this role, Gorenc leads the Zero Day Initiative (ZDI)
program, which represents the world’s largest vendor-agnostic bug bounty
program.
His focus includes analyzing and performing root-cause analysis on
hundreds of zero-day vulnerabilities submitted by ZDI researchers
from around the world. The ZDI works to expose and remediate weaknesses
in the world’s most popular software. Brian is also responsible for
organizing the ever-popular Pwn2Own hacking competitions.

Abdul-Aziz Hariri (Canada):

Abdul-Aziz Hariri is a security researcher with the Zero Day
Initiative program. In this role, Hariri analyzes and performs
root-cause analysis on hundreds of vulnerabilities submitted to the Zero
Day Initiative (ZDI) program, which is the world's largest
vendor-agnostic bug bounty program. His focus includes performing
root-cause analysis, fuzzing and exploit development. Prior to joining
ZDI, Hariri worked as an independent security researcher and threat
analyst for Morgan Stanley emergency response team. During his time as
an independent researcher, he was profiled by Wired magazine in their
2012 article, Portrait of a Full-Time Bug Hunter. In 2015, Abdul was
part of the research team that submitted "Breaking Silent Mitigations -
Gaining code execution on Isolated Heap and MemoryProtection hardened
Internet Explorer" to the Microsoft bounty program. Their submission
netted the highest payout to date from the Microsoft bounty program
where the proceeds went to many STEM organizations.

Jasiel Spelman (USA):

Jasiel Spelman is a vulnerability analyst and exploit developer for
the Zero Day Initiative (ZDI) program. His primary role involves
performing root cause analysis on ZDI submissions to determine
exploitability, followed by developing exploits for accepted cases.
Prior to being part of ZDI, Jasiel was a member of the Digital Vaccine
team where he wrote exploits for ZDI submissions, and helped develop the
ReputationDV service from TippingPoint. Jasiel's focus started off in
the networking world but then shifted to development until transitioning
to security. He has a BA in Computer Science from the University of
Texas at Austin.

Дата      21 ноября(понедельник),
Время     16:20,
Аудитория П-14,
Факультет ВМК МГУ,
Адрес: Ленинские горы, д.1, стр.52, вход со стороны ГлавногоЗдания,
https://cs.msu.ru/contacts

С уважением,

Денис Гамаюнов




More information about the course mailing list