The Shellcoder's Handbook：Discovering and Exploiting Security Holes

ChrisAnleyisafounderanddirectorofNGSSoftware,asecuritysoftware,consultancy,andresearchcompanybasedinLondon,England.HeisactivelyinvolvedinvulnerabilityresearchandhasdiscoveredsecurityflawsinawidevarietyofplatformsincludingMicrosoftWindows,Oracle,SQLServer,IBMDB2,SybaseASE,MySQL,andPGP.JohnHeasmanistheDirectorofResearchatNGSSoftware.Heisaprolificsecurityresearcherandhaspublishedmanysecurityadvisoriesinenterpriselevelsoftware.HehasaparticularinterestinrootkitsandhasauthoredpapersonmalwarepersistenceviadevicefirmwareandtheBIOS.Heisalsoaco-authorofTheDatabaseHacker’sHandbook:DefendingDatabaseServers(Wiley2005).Felix“FX”LinderleadsSABRELabsGmbH,aBerlin-basedprofessionalconsultingcompanyspecializinginsecurityanalysis,systemdesigncreation,andverificationwork.Felixlooksbackat18yearsofprogrammingandoveradecadeofcomputersecurityconsultingforenterprise,carrier,andsoftwarevendorclients.Thisexperienceallowshimtorapidlydiveintocomplexsystemsandevaluatethemfromasecurityandrobustnesspointofview,eveninatypicalscenariosandonarcaneplatforms.Inhissparetime,FXworkswithhisfriendsfromthePhenoelithackinggroupondifferenttopics,whichhaveincludedCiscoIOS,SAP,HPprinters,andRIMBlackBerryinthepast.GerardoRichartehasbeendoingreverseengineeringandexploitdevelopmentformorethan15yearsnon-stop.Inthepast10yearshehelpedbuildthetechnicalarmofCoreSecurityTechnologies,whereheworkstoday.HiscurrentdutiesincludedevelopingexploitsforCoreIMPACT,researchingnewexploitationtechniquesandotherlow-levelsubjects,helpingotherexploitwriterswhenthingsgethairy,andteachinginternalandexternalclassesonassemblyandexploitwriting.Asresultofhisresearchandasahumblethankyoutothecommunity,hehaspublishedsometechnicalpapersandopensourceprojects,presentedinafewconferences,andreleasedpartofhistrainingmaterial.Hereallyenjoyssolvingtoughproblemsandreverseengineeringanypieceofcodethatfallsinhisreachjustforthefunofdoingit.