Rosario Valotta

Rosario Valotta is an IT security professional with over 13 years experience. He has been actively finding vulnerabilities and exploits since 2007 and has released a bunch of advisories and new attack techniques including:

– Abusing browser user interfaces (presented at HITB 2013, PHDays 2013, Nuit Du Hack 2013): a research presenting a couple of effective tricks to fool users into running code on their browsers, leveraging some UI weaknesses
– Nduja Fuzzer (presented at DeepSec 2012): an innovative fuzzer levaraging on DOM Level 2 and 3 APIs that proved to be effective in discovering several 0-day in major browsers
– Cookiejacking, a new attack technique to steal any cookie on Internet Explorer (presented at HITB 2011 AMS and Swiss Cyber Storm 2011)
– Nduja connection, the first cross webmail XSS worm
– Memova exploit, affecting over 40 millions users worldwide
– Outlook web access for Exchange CSRF vulnerability
– Information gathering through Windows Media Player vulnerabilities

The complete list is on the blog:

Related Sessions

View full schedule