Rafel_Resume_heb by panniuniu

VIEWS: 459 PAGES: 22

									                                         ‫קורות חיים – רפאל איבגי‬
                                                                                   :‫פרטים אישיים‬

                                                                                      ‫שם: רפאל איבגי‬
                                                                                      032689051 :.‫ת.ז‬
                                                                             29.07.1986 :‫תאריך לידה‬
                                                                                   ‫מצב משפחתי: רווק‬

                                                            rafi@defensia.co.il :‫דואר אלקטרוני‬

                                                                                  054-2221294 :‫טלפון‬

                                                                                   :‫ניסיון תעסוקתי‬

                                                                             CEO - ‫0102 - דיפנסיה‬

                                                   VP Technologies – ‫9002 - סיטאדל טכנולוגיות‬

            ,‫למידה והתמקצעות מתמשכת של כלל הטכנולוגיות השונות בעולם התקשורת‬          
                                                  ‫הרשתות, הפיתוח ואבטחת המידע‬

                                             :‫התמחות מעמיקה בטכנולוגיות ובמוצרי‬      

                                                               Firewalls o

                                              Web Application Firewalls o

                                                    Database Firewalls o

                                                          VOIP Firewalls o

                                         NAC – Network Access Controls o

            SDL (Secure Development Lifecycle) & Code Analysis              o
                                                                  Tools

                                                    -1-


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                    Office: +972-37364480 • Fax: +972-153-37364480
                                                                         info@defensia.co.il • www. defensia.co.il
                                    Web Access Control & Content-Filtering o

                                            DLP – Data Leakage Prevention o

                                         IDS – Intrusion Detection Systems o

                                         IPS – Intrusion Prevention Systems o

                                                    Corporate Anti-Viruses o

                                 Single Sign-On, E-SSO, GLS, ESOE & CAS o

                                               IDM - Identity Management o

              SIM - Security information management, SEM - Security             o
                Event Management, SIEM (Security Information, Event
                   Management) and SOC - Security Operations Center

                                         UTM – Unified Threat Management o

                   ISMS - Information Security Management System &              o
              Corporate Security Best Practices such as SANS, OWASP
                                                                  and etc…

                          Application & OS Memory Run-Time Protection           o
                                                               Mechanisms

                             :‫פיתוח מתודולוגיות מבדקי חוסן, חדירה ושיטות עבודה לטובת‬     

                                                         )SDL( ‫ פיתוח מאובטח‬o

                                                               ‫ אתרי אינטרנט‬o

                                                              ‫ רשתות חיצוניות‬o

                                                               ‫ רשתות פנימיות‬o
                                                        -2-


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                        Office: +972-37364480 • Fax: +972-153-37364480
                                                                             info@defensia.co.il • www. defensia.co.il
                                                                ‫‪ o‬רשתות ‪VOIP‬‬

                                                ‫‪ o‬ארכיטקטורת רשתות מאובטחות‬

                                                     ‫‪ o‬תקיפות אפליקציה ושרתים‬

                                                               ‫‪ o‬מתקפות לוגיות‬

                                                           ‫‪ o‬ניצול דריסות זיכרון‬

                                                                     ‫מחקרים נוספים‬       ‫‪‬‬

                                                               ‫‪ o‬מערכות הפעלה‬
                                                                     ‫‪ o‬דפדפנים‬
                                                                ‫‪ o‬תוכנות דוא"ל‬
                                                              ‫ניהול צוותי יעוץ ותקיפה‬    ‫‪‬‬
                                                 ‫עבודה ויעוץ אישי ללקוחות ‪Enterprise‬‬     ‫‪‬‬


                                              ‫‪Aspect9 (Startup) - CTO & Founder‬‬                 ‫9002-8002‬

                                     ‫מחקר מעמיק על הקרנל (הליבה) של מערכת ‪Windows‬‬        ‫‪‬‬

                                                      ‫הנדסה הפוכה של מערכת ההפעלה‬        ‫‪‬‬

                                                       ‫מחקר חולשות במערכת ההפעלה‬         ‫‪‬‬

                                                 ‫פיתוח ‪Drivers & Mini-Filter Drivers‬‬     ‫‪‬‬

                                 ‫מחקר מעמיק על )‪Windows Object Manager (Kernel‬‬           ‫‪‬‬

               ‫מחקר ותכנות הוקים - ‪SSDT Hooking, IRP Hooking, Inline Hooking‬‬             ‫‪‬‬

                                          ‫מחקר מעמיק על ‪User Mode Code Injection‬‬         ‫‪‬‬

                                         ‫מחקר מעמיק על ‪Kernel Mode Code Injection‬‬        ‫‪‬‬


                                                        ‫-3-‬


‫‪Defensia Ltd • 19 David Saharof Street‬‬
‫‪Rishon Letzion, 75770, Israel‬‬                                        ‫08446373-351-279+ :‪Office: +972-37364480 • Fax‬‬
                                                                             ‫‪info@defensia.co.il • www. defensia.co.il‬‬
                                     ‫ניתוח מעמיק של וירוסים, תוכנות זדוניות ופתרונותיהם‬        ‫‪‬‬

                                                                  ‫‪Anti-Rootkits o‬‬

                                                                      ‫‪Malware o‬‬

                                                                ‫‪Rootkits‬‬      ‫‪‬‬

                                                                 ‫‪Viruses‬‬      ‫‪‬‬

                                                                 ‫‪Worms‬‬        ‫‪‬‬

                                                                ‫‪Spyware‬‬       ‫‪‬‬

                                ‫‪FraudWare / HoaxWare / FakeWare‬‬               ‫‪‬‬

                                                                 ‫‪Dialers‬‬      ‫‪‬‬



                                                ‫צה"ל - חיל מודיעין - 0028 – תחום אתגרים‬               ‫8002-5002‬

                                                                       ‫פוליגרף - פעמיים‬        ‫‪‬‬

                                                                 ‫סיווג בטחוני סודי ביותר‬       ‫‪‬‬

            ‫שירות בעיקר התחומי קורס אר"ם (פרויקט גאמ"א) ובנוסף בתחומי קורס‬                     ‫‪‬‬
                                                                                     ‫סילאן‬

                              ‫התמחות בתחום אבטחת רשתות מחשוב, שרתים ועמדות קצה‬                 ‫‪‬‬

                                                            ‫‪ o‬אפליקציות צד לקוח‬

                                                             ‫‪ o‬אפליקציות צד שרת‬

                                                                     ‫‪ o‬עמדות קצה‬

                                                                           ‫‪ o‬שרתים‬

                                                          ‫-4-‬


‫‪Defensia Ltd • 19 David Saharof Street‬‬
‫‪Rishon Letzion, 75770, Israel‬‬                                              ‫08446373-351-279+ :‪Office: +972-37364480 • Fax‬‬
                                                                                   ‫‪info@defensia.co.il • www. defensia.co.il‬‬
                                                    ‫‪ o‬כל גרסאות ‪Windows, Linux‬‬

                                                                       ‫‪ o‬סקרי קוד‬
                                                                          ‫הנדסה הפוכה‬       ‫‪‬‬
                                                              ‫פרסים שהוענקו באופן אישי‬      ‫‪‬‬
                                                  ‫‪ o‬פרס מצטיין מרכז ליום העצמאות‬
                                                    ‫פרסים שהוענקו לצוות במהלך השירות:‬       ‫‪‬‬
                                                                 ‫‪ o‬פרס מקור חיים‬
                                                      ‫‪ o‬פרס ראש אמן לחשיבה יוצרת‬
                                                     ‫‪ o‬פעמיים פרס צוותים מצטיינים‬
                                                        ‫‪ o‬פעמיים פרס בטחון ישראל‬



                                               ‫‪ – Finjan Software‬יועץ וחוקר אבטחת מידע‬             ‫5002-4002‬

                               ‫מחקר חיפוש חולשות במערכות 2‪Windows XP SP1 & SP‬‬               ‫‪‬‬

                  ‫מחקר ‪ XSS‬למערכות ‪ Webmail‬כגון: ‪ Yahoo!, Hotmail, Lycos‬וכו'...‬             ‫‪‬‬

                                         ‫מחקר חולשות במערכות ‪ Web‬וייצור חתימות לוגיות‬       ‫‪‬‬

                                  ‫עיצוב ותכנון מוצר לסינון תוכן (‪)Finjan Vital Security‬‬     ‫‪‬‬

                          ‫‪Escaping Sandboxes (Finjan's Surfin'guard Pro) o‬‬

                                             ‫‪Logical Patterns of 0-Day attacks o‬‬

                                               ‫‪ o‬מחקר הקשחת ‪Windows 2000/XP‬‬

                                               ‫‪ o‬מחקר מעמיק על ‪Spam & Spyware‬‬

                             ‫מחקר מעמיק על קידודים ולוחות תווים ("‪)"Character Maps‬‬          ‫‪‬‬

                                                          ‫מחקר מעמיק על ערבול קוד זדוני‬     ‫‪‬‬


                                                           ‫-5-‬


‫‪Defensia Ltd • 19 David Saharof Street‬‬
‫‪Rishon Letzion, 75770, Israel‬‬                                           ‫08446373-351-279+ :‪Office: +972-37364480 • Fax‬‬
                                                                                ‫‪info@defensia.co.il • www. defensia.co.il‬‬
                               ‫מחקר על עוטפי אפליקציות (‪ )Packers‬ומעקפי אנטי-וירוסים‬         ‫‪‬‬

                                         ‫ניתוח מתקדם של תוכנות ריגול, וירוסים וקוד זדוני‬     ‫‪‬‬

                                                                 ‫ציון לשבח – עובד מצטיין‬     ‫‪‬‬



                                                       ‫‪ - RISoft‬עצמאי - חוקר אבטחת מידע‬             ‫4002-3002‬

                                             ‫מחקר חולשות אפליקציות ‪ Web‬ושרתי ‪Web‬‬             ‫‪‬‬

                                            ‫מחקר סוסים טרויאנים ותוכנות שליטה מרחוק‬          ‫‪‬‬

                                                               ‫מחקר מעקף אנטי-וירוסים‬        ‫‪‬‬

                        ‫מחקר מעמיק על )‪ XSS (Cross Site Scripting‬ו ‪SQL Injection‬‬             ‫‪‬‬

            ‫מחקר חולשות ב ‪ Microsoft Outlook Express‬ו ‪Microsoft Internet‬‬                     ‫‪‬‬
                                                                               ‫‪Explorer‬‬

                                                       ‫בגרות מלאה – מגמת מדעי המחשב‬          ‫‪‬‬



                                                          ‫‪ – New-Approach‬פיתוח תוכנה‬                ‫3002-2002‬

                                                       ‫פיתוח בעיקר בשפת ‪Visual Basic‬‬         ‫‪‬‬

                                                                 ‫שימוש ב ‪Windows API‬‬         ‫‪‬‬

                                                              ‫פיתוח ושימוש ספריות ‪DLL‬‬        ‫‪‬‬

                ‫איסוף מידע (‪ )Data Mining‬ו"חציבת כתובות מייל" (‪)Email Harvesting‬‬             ‫‪‬‬

                                              ‫תכנות לתקשורת ב ‪TCP/IP, POP3, SMTP‬‬             ‫‪‬‬

                                                                        ‫תכנות ‪Winsock‬‬        ‫‪‬‬
                                                           ‫-6-‬


‫‪Defensia Ltd • 19 David Saharof Street‬‬
‫‪Rishon Letzion, 75770, Israel‬‬                                            ‫08446373-351-279+ :‪Office: +972-37364480 • Fax‬‬
                                                                                 ‫‪info@defensia.co.il • www. defensia.co.il‬‬
                                                             ‫תכנות מנגנון רישוי תוכנה‬    



                                                      ‫ – בניית אתרים‬New-Approach                2001-2002

                                            HTML, JavaScript ‫פיתוח בעיקר בשפת ב‬          

                     Microsoft FrontPage, Adobe Photoshop ‫עבודה אינטנסיבית עם‬            

                                            )Web + FTP( Microsoft IIS ‫ניהול שרתי‬         




                                                                      PC ‫עצמאי – טכנאי‬          1998-2001

                                 Windows ‫שירותי תיקון חומרה ותוכנה ותמיכה במערכות‬        

                                                  ‫שירותי ניקוי וירוסים לחברות קטנות‬      



                                                                                             :‫שפות תכנות‬

                    ASM
                    Batch
                    Bash
                    Basic
                    Cobol
                    Delphi
                    Pascal
                    C
                    C++
                    C#
                    Java
                    Lisp
                    Lua
                    Visual Basic
                    VBScript
                                                       -7-


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                        Office: +972-37364480 • Fax: +972-153-37364480
                                                                             info@defensia.co.il • www. defensia.co.il
                    JavaScript
                    ASP
                    ASPX
                    PHP
                    Perl
                    Python
                    Ruby
                    CFM
                    ActionScript
                    CSS/CSS 2.0/CSS 3.0
                    HTML
                    MATLAB
                    SQL
                    T-SQL
                    PL-SQL
                    PostScript
                    Tcl-Tk
                    UML
                    Verilog
                    VHDL
                    XML
                    MSXML
                    Windows Script Files/Windows Job Files/Windows ScriptLets/Windows
                     INF/HTC - Microsoft HTML Components

                                             :‫הכרות עם מוצרי/פתרונות תקשורת ואבטחת מידע‬

                     WAF (Web Application Firewall)

                          o Imperva

                          o dotDefender

                          o F5

                          o Kavado

                          o ISA


                                                       -8-


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                 Office: +972-37364480 • Fax: +972-153-37364480
                                                                      info@defensia.co.il • www. defensia.co.il
                     Content Filtering

                          o BlueCoat

                          o WebSense

                          o FortiGuard

                          o Finjan

                          o WebWasher

                     Checkpoint

                          o Checkpoint FW-1

                          o Connectra

                    Mail Filtering

                          o Symantec BrightMail (and MessageLabs)

                          o Cisco IronPort

                          o Commtouch Enterprise Anti-Spam

                          o Websense Email Security

                          o McAfee Email Gateway

                          o Barracuda Spam & Virus Firewall

                          o Trustwave mailMAX

                          o Sophos Email Security and Data Protection

                    Mail Encryption

                                                      -9-


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                  Office: +972-37364480 • Fax: +972-153-37364480
                                                                       info@defensia.co.il • www. defensia.co.il
                          o Sophos SafeGuard MailGateway

                          o PostalGuard PrivaWall

                          o PGP Universal Gateway Email Encryption

                          o CypherSMART Email Encryption

                    NAC / NAP

                          o Microsoft NAP

                          o ForeScout

                          o AccessLayers Portnox

                          o LanSecure SwitchProtect

                          o Insightix

                          o Trustwave Network Access Control



                                                               :)‫השתייכויות מקצועיות (כתיבה כעורך‬

                 http://Rafelivgi.blogspot.com
                 http://securiteam.com
                 http://evilfilngers.com
                 http://hacking.org.il


                                                               :)‫חברות בפורומים (קריאה והשתתפות‬

                    Yahoo groups "PenetrationTesting" Group
                    Yahoo groups "The Ring Of Fire"
                    Underwar.co.il
                    RedBoard.co.il

                                                      - 10 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                        Office: +972-37364480 • Fax: +972-153-37364480
                                                                             info@defensia.co.il • www. defensia.co.il
                    Hacking.org.il
                    OWASP-Israel
                    RootKits
                    BlackHat Forums
                    OSROnline
                    Sysinternals Forums
                    xda-developers
                    7Sniper HQ forums
                    IWannaHack Forums
                    Dark-Hack
                    Remote Exploit Forums
                    uNkn0wn.ws, uNkn0wn.eu, spiralforce.eu, unk.bz
                    House of Hackers
                    Security-Forums
                    Piriform Forums
                    WindowsForum
                    MajorGeeks
                    ctgeeks.org forums
                    OpenRCE
                    AVG Free Forum
                    Kaspersky Lab Forum
                    Virtual Dr Forums
                    The Code Project
                    CodeGuru.com
                    Hack-World.net
                    Wilders Security Forums
                    PC World Forums
                    Tech Support Guy Forums
                    TechArena
                    DaniWeb IT Discussion Community
                    Safer Networking Forums
                    ASP Free Forums
                    Petri.co.il forums
                    Tuts 4 You
                    Hack-Tech Security Forums
                    Remote Exploit Forums
                    In_Secure Forums
                    EliteHackers.info Discussion Forums
                    Technology Paradise Forums


                                                  - 11 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                 Office: +972-37364480 • Fax: +972-153-37364480
                                                                      info@defensia.co.il • www. defensia.co.il
                                                       :)‫חברות בקבוצות דואר (קריאה והשתתפות‬

                    bugtraq@securityfocus.com
                    full-disclosure@lists.grok.org.uk
                    news@securiteam.com
                    vulnwatch@vulnwatch.org
                    vuln@secunia.com
                    bugs@securitytracker.com
                    dailydave@lists.immunitysec.com
                    win2ksecadvice@listserv.ntsecurity.net
                    cert@cert.org
                    moderators@osvdb.org
                    submissions@packetstormsecurity.org
                    websecurity@webappsec.org
                    vuln-dev@securityfocus.com
                    webappsec@securityfocus.com
                    vuldb@securityfocus.com
                    database@net-security.org


                                              :‫חולשות בתוכנה וחומרה שאומתו ע"י יצרנים ותוקנו‬

                     1 Microsoft Internet Explorer Modal Dialog Zone Bypass
                     http://www.securityfocus.com/bid/10473

                     2 Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter
                     Bypass Weakness
                     http://www.securityfocus.com/bid/32780

                     3 Facebook Photo Uploader 'ImageUploader4.1.ocx' FileMask Method
                     ActiveX Buffer Overflow
                     http://www.securityfocus.com/bid/27756

                     4 Microsoft Internet Explorer Dynamic IFRAME File Download Security
                     Warning Bypass Weakness
                     http://www.securityfocus.com/bid/12264

                     5 Winace Remote Directory Traversal
                     http://www.securityfocus.com/bid/12177


                                                     - 12 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                     Office: +972-37364480 • Fax: +972-153-37364480
                                                                          info@defensia.co.il • www. defensia.co.il
                     6 Symantec CcErrDsp.ErrorDisplay.1 ActiveX Remote D.O.S
                     http://www.securityfocus.com/bid/12175

                     7 WinHKI Multiple Remote Vulnerabilities
                     http://www.securityfocus.com/bid/12176

                     8 Adobe Acrobat/Acrobat Reader ActiveX Control URI Request Heap Buffer
                     Overflow
                     http://www.securityfocus.com/bid/10947

                     9 Microsoft Internet Explorer URL Local Resource Access Weakness
                     http://www.securityfocus.com/bid/10472

                     10 3Com OfficeConnect Remote 812 ADSL Router Web Interface
                     Authentication Bypass
                     http://www.securityfocus.com/bid/10426

                     11 Yahoo! Messenger YInsthelper.DLL Multiple Buffer Overflow
                     Vulnerabilities
                     http://www.securityfocus.com/bid/10199

                     12 Mcafee FreeScan CoMcFreeScan Browser Object Buffer Overflow
                     http://www.securityfocus.com/bid/10071

                     13 Panda ActiveScan ascontrol.dll D.O.S
                     http://www.securityfocus.com/bid/10067

                     14 Panda ActiveScan ASControl.DLL Remote Heap Overflow
                     http://www.securityfocus.com/bid/10065

                     15 Adobe Photoshop COM Objects D.O.S
                     http://www.securityfocus.com/bid/10061

                     16 Microsoft Internet Explorer Macromedia Flash Player Plug-in Remote
                     D.O.S
                     http://www.securityfocus.com/bid/10057

                     17 Microsoft Internet Explorer MSWebDVD Object D.O.S
                     http://www.securityfocus.com/bid/10056

                     18 NullSoft Winamp Malformed File Name D.O.S
                                                   - 13 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                   Office: +972-37364480 • Fax: +972-153-37364480
                                                                        info@defensia.co.il • www. defensia.co.il
                     http://www.securityfocus.com/bid/9923

                     19 Invision Power Board Pop Parameter XSS
                     http://www.securityfocus.com/bid/9822

                     20 Software602 602Pro LAN Suite Web Mail XSS
                     http://www.securityfocus.com/bid/9777

                     21 Software602 602Pro LAN Suite Web Mail Installation Path Disclosure
                     http://www.securityfocus.com/bid/9781

                     22 Seyeon Technology FlexWATCH Server XSS
                     http://www.securityfocus.com/bid/9739

                     23 Working Resources BadBlue Server phptest.php Path Disclosure
                     http://www.securityfocus.com/bid/9737

                     24 Borland Webserver for Corel Paradox Directory Traversal
                     http://www.securityfocus.com/bid/9486

                     25 Oracle HTTP Server isqlplus XSS
                     http://www.securityfocus.com/bid/9484

                     26 Novell Netware Enterprise Web Server Multiple Vulnerabilities
                     http://www.securityfocus.com/bid/9479

                     27 Netbus Directory Listings Disclosure and File Upload
                     http://www.securityfocus.com/bid/9475

                     28 Darkwet Network WebcamXP XSS
                     http://www.securityfocus.com/bid/9465

                     29 AIPTEK NETCam Webserver Directory Traversal
                     http://www.securityfocus.com/bid/9456

                     30 2Wire HomePortal Series Directory Traversal
                     http://www.securityfocus.com/bid/9463

                     31 ZyXEL ZyWALL 10 Management Interface XSS
                     http://www.securityfocus.com/bid/9373

                                                    - 14 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                    Office: +972-37364480 • Fax: +972-153-37364480
                                                                         info@defensia.co.il • www. defensia.co.il
                     32 Edimax AR-6004 ADSL Router Management Interface XSS
                     http://www.securityfocus.com/bid/9374

                     33 SnapStream PVS Lite XSS
                     http://www.securityfocus.com/bid/9375

                     34 SEH InterCon Smart PrintServer Access Validation
                     http://www.securityfocus.com/bid/9224

                     35 Microsoft Office XP HTML Link Processing Remote Buffer Overflow
                     http://www.securityfocus.com/bid/12480

                     36 EMule Web Control Panel D.O.S
                     http://www.securityfocus.com/bid/10317

                     37 Mcafee FreeScan CoMcFreeScan Browser Information Disclosure
                     http://www.securityfocus.com/bid/10077


                                                                                :‫מאמרים וחולשות‬

                 ‫אחת הפרצות הגדולות ביותר שגיליתי מוזכרת בספר‬
                  "Hacking Exposed: Web Applications"
                 ‫אחת הפרצות הגדולות ביותר שגיליתי מוזכרת בספר‬
                  "Hacking Exposed: Windows"
                    ‫מצלמות אבטחה‬
                     http://www.globes.co.il/news/article.aspx?did=1000458327&fid=594
                    A pair of new Internet Explorer threats are currently unpatched
                     http://articles.techrepublic.com.com/5100-10878_11-5242100.html
                    Two IE threats currently unpatched
                     http://www.zdnetasia.com/techguide/network/0,3800010800,39184948,0
                     0.htm
                    More IE threats surface
                     http://www.zdnet.com.au/insight/security/soa/More-IE-threats-
                     surface/0,139023764,139151776,00.htm
                    Ynetnews, "Who Hacked My Facebook Account"
                     http://www.ynetnews.com/articles/0,7340,L-3661474,00.html
                    Finjan Software Helps to Fix a Highly Dangerous Security Hole in Word XP
                     http://apache.sys-con.com/node/60917
                                                   - 15 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                   Office: +972-37364480 • Fax: +972-153-37364480
                                                                        info@defensia.co.il • www. defensia.co.il
                    Experts warn of trick to bypass IE download warnings
                     http://www.computerworld.com/securitytopics/security/holes/story/0,1080
                     1,98969,00.html
                    XSS : Cross Site Scripting - Exposed - Why, How, When, Where!
                     http://theinsider.deep-ice.com/texts/xss_exposed.txt
                    180 Solutions Exploits and Toolbars Hacking Patched Users(I.E Exploits)
                     http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2004-06/0007.html
                    Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability
                    Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow
                     Vulnerability
                    Finjan Security Advisory: Yahoo! Mail Cross-Site Scripting Vulnerability
                    Finjan Security Advisory: Hotmail Cross-Site Scripting Vulnerability #1
                    Finjan Security Advisory: Hotmail Cross-Site Scripting Vulnerability #2
                    "Finjan Software Warns of Ten New Vulnerabilities in Windows XP SP2"
                    Finjan Security Advisory: JPEG Exploit Used Remotely (Local Overflow,
                     Remote Exploitation)
                    FaceBook ImageUploader4.1.OCX Stack Buffer Overflow Vulnerability
                     (actually Aurigma's component, 131 vulnerable master websites like
                     FaceBook, MySpace and Slide.com)
                    I discovered a design flaw in both in Microsoft SQL Server (versions up to
                     2008) and ADO (versions up to 2008). The report is titled
                     "ADODB.Connection and MSSQL Cursors", fixed by Microsoft on the
                     19/07/2008.
                     More details in:
                     http://connect.microsoft.com/SQLServer/feedback/ViewFeedback.aspx?Fe
                     edbackID=310209

                     advisory#1.txt - Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking
                     advisory#2.txt - eMule 2.2 [0.29c] - Web Control Panel D.O.S (Denial Of
                     Service(
                     advisory#3.txt - 3Com OfficeConnect Remote 812 ADSL Router Denial Of
                     Service Vulnerability
                     advisory#4.txt - 3Com OfficeConnect Remote 812 ADSL Router
                     Authentication Bypass Vulnerability
                     advisory#5.txt - InterCon's Smart PrintServer Solutions Internal IP
                     Address And Path Disclosure Vulnerability
                     advisory#6.txt - Linksys BEFSR41/BEFSR11/BEFSRU31 Default And
                     Wireless ADSL Router (Control Panel) password weakness
                     advisory#7.txt - GeoHttpServer[webcam] D.O.S(Denial Of Service)
                     advisory#8.txt - GeoHttpServer[webcam] Causes MFC42.DLL overflow
                     advisory#9.txt - Internet Explorer - Multiple Vulnerabilities
                                                    - 16 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                   Office: +972-37364480 • Fax: +972-153-37364480
                                                                        info@defensia.co.il • www. defensia.co.il
                     advisory#10.txt - WindowsXp , Netmeeting and CMD.EXE Multiple Bugs
                     advisory#11.txt - OwnServer 1.0 Directory traversal bug
                     advisory#12.txt - 2Wire-Gateway Cross Site Scripting and Directory
                     traversal bug in SSL Form Authentification
                     advisory#13.txt - Gallery 1.3.3 Cross Site Scripting Vulnerability
                     advisory#14.txt - SnapStream PVS LITE Cross Site Scripting Vulnerability
                     advisory#15.txt - EDIMAX AR-6004 Full Rate ADSL Router Cross Site
                     Scripting Vulnerability + Remote Compromise
                     advisory#16.txt - ZyXEL10 Cross Site Scripting Vulnerability
                     advisory#17.txt - Novell Netware 6 Cross Site Scripting and Local Path
                     Disclosure Vulnerability
                     advisory#18.txt - NETCam webserver Directory traversal bug
                     advisory#19.txt - Axis 2100 Network Camera 2.31 - Multiple
                     Vulnerabilities
                     advisory#20.txt - thttpd v2.03 Cross Site Scripting Vulnerability
                     advisory#21.txt - PGP 8.0.3 Shell Integration causing Explorer Windows
                     D.O.S
                     advisory#22.txt - Gigabyte Gn-B46B - Authorization Bypass
                     advisory#23.txt - WebcamXP Cross Site Scripting Vulnerability
                     advisory#24.txt - FREESCO public http server - Running thttpd/2.05
                     09nov99 Cross Site Scripting Vulnerability
                     advisory#25.txt - NetBus Web Server Direcory Listing And Remote File
                     Upload
                     advisory#26.txt - Oracle HTTP Server Powered by Apache Cross Site
                     Scripting Vulnerability
                     advisory#27.txt - BWS 1.0b3 Directory Transversal Vulnerability
                     advisory#28.txt - Intra Forum Cross Site Scripting Vulnerabillity
                     advisory#29.txt - D-Link Enhanced 2.4GHz Wireless Router Null Password
                     as Default Login
                     advisory#30.txt - NextPlace.com E-Commerce ASP Engine Cross Site
                     Scripting Vulnerability
                     advisory#31.txt - FlexWATCH-Webs Authorization Bypass
                     advisory#32.txt - Internet Explorer High Packet Fragmentation(Multiple
                     Packets) Causing mshtml.dll Overflow
                     advisory#33.txt - I.E - DANGER and Wieredness
                     advisory#34.txt - BadBlue Local Path Disclosure By phptest.php
                     advisory#35.txt - jgs Cross Site Scripting Vulnerability
                     advisory#36.txt - vBulletin PHP Forum Version 3.0.0 Release Candidate 4
                     Cross Site Scripting Vulnerabillity
                     advisory#37.txt - Hex Workshop Local Buffer Overflow
                     advisory#38.txt - WinAmp <=5.01 - Multiple Vulnerabilities
                                                    - 17 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                   Office: +972-37364480 • Fax: +972-153-37364480
                                                                        info@defensia.co.il • www. defensia.co.il
                     advisory#39.txt - InnoMedia VideoPhone Authorization Bypass (GoAhead)
                     advisory#40.txt - LAN SUITE Web Mail - Directory Listing, Local Path
                     Disclosure and Cross Site Scripting
                     advisory#41.txt - Invision Power Board (U) v1.3 Final Cross Site Scripting
                     Vulnerability
                     advisory#42.txt - VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting
                     Vulnerability
                     advisory#43.txt - Yahoo Mail! Cross Site Scripting Vulnerability
                     advisory#44.txt - Internet Explorer Explorer.exe Crash - Null Pointer
                     advisory#45.txt - VocalTec Gateway 8 - Reverse Directory Transversal +
                     Authorization Bypass
                     advisory#46.txt - Mail.com! - Cross Site Scripting Vulnerability
                     advisory#47.txt - MSWebDVD Class(mswebdvd.dll) - Remote Buffer
                     Overflow
                     advisory#48.txt - Adobe Reader <=6.1 Remote Heap Overflow
                     advisory#49.txt - Macromedia Flash Player 7.0 r19 - Remote Null Pointer
                     Assignment
                     advisory#50.txt - Adobe Photoshop 8.0 (CS) - Remote Local Path
                     Disclosure and D.O.S
                     advisory#51.txt - blaxxun3D - Remote Buffer Overflow
                     advisory#52.txt - Panda ActiveScan - Remote Buffer Overflow
                     advisory#53.txt - Mcafee FreeScan - Remote Buffer Overflow and Private
                     Information Disclosure
                     advisory#54.txt - Symantec Virus Detection - Remote Buffer Overflow
                     advisory#55.txt - Yahoo! Messenger
                     advisory#56.txt - Yahoo! Messenger 5.6 & Trillian (All Versions)
                     advisory#57.txt - BitDefender Scan Online(ActiveX)
                     advisory#58.txt - All Symantec Products All Versions Remote Buffer
                     Overflows
                     advisory#59.txt - Internet Explorer Remote/Local xml Crash
                     advisory#60.txt - Internet Explorer Remote/Local Null Pointer Crash
                     advisory#61.txt - Mcafee Remote + Local Buffer Overflows + Privilege
                     Escalation



                                                                                 :‫קישורים מהירים‬

                    http://www.ynet.co.il/english/articles/0,7340,L-3661474,00.html
                    http://search.securityfocus.com/swsearch?sbm=%2F&metaname=alldoc&
                     query=rafel+ivgi
                                                    - 18 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                    Office: +972-37364480 • Fax: +972-153-37364480
                                                                         info@defensia.co.il • www. defensia.co.il
                    http://www.google.com/search?hl=en&q=rafel+ivgi
                    http://search.microsoft.com/results.aspx?form=MSHOME&setlang=en-
                     us&q=rafel+ivgi&mkt=en-us




                                                     :Microsoft ‫קרדיטים על טלאי אבטחה מ‬

                    http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx
                     ("Navigation Method Cross-Domain Vulnerability - CAN-2004-0549 ", first
                     to publish)
                    http://www.microsoft.com/technet/security/bulletin/ms05-005.mspx
                     (credit given)
                    http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx (my
                     research, credit rewarded to my replacement)



                                                                                   :‫ניסיון וידע נוסף‬


                 - ‫ בהיבטי צד לקוח‬Windows 2000/XP/2003 ‫כתבתי כלי חינמי להקשחת מערכות‬              
                                           "XPLizer - Windows Hardening Front-end Tool
                                          "InsideWeb" ‫ מתקדם בשם‬Web ‫כתבתי סורק חולשות‬             
                 IDA, LordPE, ( UnPacking ‫ וב‬Debugging Software Cracking ‫מנוסה מאוד ב‬             
                                                )ImpRec, PEID, SoftIce, OllyDbg, WinDbg
                             )Overflows( ‫מנוסה מאוד בניצול של חולשות ממשפחת דריסות הזיכרון‬        
                                                                    Format Strings o
                                                         Classical Stack Overflows o
                                 Advanced Stack Overflows and SEH Exploitation o
                       POPPOPRET / RET2ESP / RET2EAX / RET2POP / RET2RET o
                                                                   Return To Lib C o
                                                                       DEP Bypass o
                                                                        NX Bypass o
             ASLR Attacks (One Byte Overwrite Relative Jump, Address Entropy o
                                                                      Brute Force)
                        ‫) ובהפצות אבטחת מידע‬Fefora/RedHat, Debian( ‫מנוסה המערכות לינוקס‬           
                                                                            PHLAK o
                                                                           Auditor o
                                                                         BackTrack o
                                                    - 19 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                    Office: +972-37364480 • Fax: +972-153-37364480
                                                                         info@defensia.co.il • www. defensia.co.il
                :‫ מפורמטי קבצים שונים כגון‬Meta Data ‫, כולל חילוץ של‬Python ‫כתבתי מנוע חיפוש ב‬         
                                                      MP3, MP4, M4A, WMA, OGG, FLAC
                   Microsoft C++ for ‫ ב‬Windows CE/Mobile 6.1 ‫ ל‬Right-To-left ‫כתבתי מנגנון‬            
                                                                                Embedded


                                                                                               :‫המלצות‬

                                                                                          :‫ממליצים‬
                                                 ‫ דני אברמוביץ – מנהל אבטחת מידע, משרד הרווחה‬
                                                        dannyab@molsa.gov.il - 0508266014
                                                          ‫ רמי ששון - מנהל מחלקת תשתיות, סונול‬
                                                               ramis@sonol.co.il - 0526099035
                                           ‫ אביאת בר סימון - מנהלת אבטחת מידע, קבוצת שטראוס‬
                                          aviat.bar-simon@strauss-group.com - 0545778999
                                                                  Conduit ,‫ רונן חן – מנהל פיתוח‬
                                                     ChenRonen@conduit.com - 0544991027
                                                         ‫ רונן סולומון - מנכ"ל, מיטב בית השקעות‬
                                                           ronens@meitav.co.il - 0526006661
                                                                    Yoggie ,‫ שלמה טובול - מנכ"ל‬
                                                           shlomo@yoggie.com - 0544227780


                    I know Rafel for several years .He is one of the best experts in web
                     security .He has a lot of innovative ideas and is very helpful. I enjoy
                     working with him.” November 22, 2008
                     Hirosh Joseph, Security Researcher, F-Secure Corporation

                    “Has got acquainted with Rafel in 2004, in yahoo groups. It the talented
                     and creative man, always surprised me with the never-ending energy and
                     interesting ideas which for these years has grown the present expert on
                     computer safety.” November 10, 2008
                     fiNis, Freelancer

                    “Maybe one of the best I've ever worked with in his profession.” October
                     25, 2008
                     Gil Fruchter, Researcher, IDF

                    “Rafi is a natural talent When i first met Rafi ,he was only 17 , and I was
                     sure he couldn't be true. His talents in security research and hacking
                     made me work hard to give him a job and a chance. I wasn't
                                                      - 20 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                       Office: +972-37364480 • Fax: +972-153-37364480
                                                                            info@defensia.co.il • www. defensia.co.il
                     disappointed. I am sure you will not be disappointed as well. Good luck”
                     August 20, 2008
                     Dror Shalev, Senior Security Researcher, Finjan Software

                    “Rafi is an excellent security researcher who has significantly contributed
                     to our projects. He is extremely creative and able to come up with unique
                     ideas and concepts.” August 20, 2008
                     Dan Haim, Programmer, IDF

                    “Rafi is one of the brightest young men I have ever known. He is
                     responsible, creative and a pleasure to work with. I am positive any future
                     employer will profit greatly from having Rafi work for them.” August 17,
                     2008
                     Sharona Reouveni, Global CRM Leader, Finjan Software

                    “Rafel is a quick learner, and an excellent researcher. He did amazing
                     things few others can accomplish. It is a joy to work with him, and I do
                     hope we get to work together in the future.” August 12, 2008
                     Imri Goldberg, Team Leader, IDF

                    “Highly motivated and skilled, With hands on experience in R&D in vast
                     and complicated computer security projects. Rafi has unique innovative
                     abilities which always translate into amazing cutting edge projects. Very
                     reliable and always a pleasure to work with.” August 12, 2008
                     Roy Morad, Founder & Technical Director, Intucell

                    “I hired Rafi to Finjan's research team when he barely graduated high
                     school. Within 3 months, Rafi has accomplished the biggest research
                     achievements of the research lab ever. He probably knows more about
                     the Windows internals more than the Microsoft security researchers...He is
                     a professional and a great team player.” August 6, 2008
                     Limor Elbaz, VP Business Development, Finjan Inc.

                    “Rafel has been one of the most technologically talented people I worked
                     with. He amazed me with his skills and his excitement. Our project
                     succeeded because of Rafel.” August 6, 2008
                     Nadav Rotem, Senior Developer, IDF

                    “Rafel is one of a kind person, I met Rafel during my military service and
                     after a day or two we became friends, Rafel is a friendly guy, a real friend

                                                     - 21 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                     Office: +972-37364480 • Fax: +972-153-37364480
                                                                          info@defensia.co.il • www. defensia.co.il
                     and an honest person. In the professional scope Rafel takes his work to
                     the edge and known as an expert in the security field. I enjoyed working
                     with Rafel in our private projects =]” August 6, 2008
                     Yaniv Negrea, Software Developer, IDF

                    “I have known Rafael for several years and he is one of the most
                     impressive people I have met in computer security. He is a very driven,
                     honest, friendly, and always hard working. Rafi is very good at finding
                     many vulnerabilities across many systems in a short period of time and is
                     a profound quick study. He is also someone who is surprising with his
                     accomplishments, such as the time he found the first true zero day worm
                     in the wild on top of his vulnerability research. Drew Copley Verizon
                     Security Code Review (Senior Network Security Analyst, VzB)” August 6,
                     2008
                     Drew Copley, Security Code Review, Verizon

                    “I have been working in the department which relays on Rafael's expertise
                     in the field of web security. He gave as security insight which gave as
                     significant competitive advantage. I think Rafael is invaluable assets to
                     any group or company working in the field of internet security.” August 6,
                     2008
                     David Gruzman, System architect, Finjan

                    “Rafel can make things impossible come true. He is considered to be the
                     best of the best, mostly in security. His vision upon things and research
                     abilities are amazing, and he will never ever give up and accept something
                     as impossible to do.I have enjoyed working with Rafel a lot, he is a very
                     fun man to work with. He has much respect to his colleagues.” August 6,
                     2008
                     Ron Reiter, Intelligence Soldier, IDF

                    “Rafel is smart, resourceful and hard-working and there is virtually no
                     barrier that will keep him from reaching the goals he is given. Many times
                     he sets targets for himself which are even higher that his superiors
                     expect, and he reaches them. And he is a fun guy that people like to work
                     with. He was an asset to Finjan and every computer security company
                     should dream of having a guy like Rafel on the staff. I will be happy to
                     work with him again in the future.” August 6, 2008
                     Amit Shaked, Vice President R&D, Chief Technology Officer, Finjan


                                                    - 22 -


Defensia Ltd • 19 David Saharof Street
Rishon Letzion, 75770, Israel                                    Office: +972-37364480 • Fax: +972-153-37364480
                                                                         info@defensia.co.il • www. defensia.co.il

								
To top