Founded in 2012, Trail of Bits is an independent information security company that leverages its world-class experience in security research, red teaming and incident response to enable enterprises to make better strategic defense decisions. We combine ongoing monitoring of attacker techniques, tools and incentives with proprietary research and data to provide timely and specific risk advice. Our objective is to serve a small number of the most advanced enterprise security organizations.
Dan Guido leads the strategic vision for Trail of Bits products and services and manages its day-to-day operations. His most recent research applied intelligence-driven defense to mass malware and demonstrated that, contrary to popular belief, only a very small number of vulnerabilities are used in these massive exploitation campaigns. Prior to Trail of Bits, Dan was a Senior Security Consultant at iSEC Partners where he provided application security and incident response services to a wide variety of clients in the technology, finance, and media industries. Previously, Dan has worked for the Federal Reserve System where he proposed and developed a centralized function for threat intelligence; a team that used its expert knowledge of attacks in the wild to develop sophisticated, enterprise strategies to mitigate them. In addition to his professional work, Dan is a Hacker in Residence at NYU-Poly where he oversees student research and teaches classes in Application Security and Vulnerability Analysis.
Dino Dai Zovi has been working in information security for over a decade with experience in red teaming, penetration testing, software security, information security management, and cybersecurity R&D. Dino is also a regular speaker at information security conferences having presented his independent research on memory corruption exploitation techniques, 802.11 wireless client attacks, and Intel VT-x virtualization rootkits over the last 10 years at conferences around the world including DEFCON, BlackHat, and CanSecWest. He is a co-author of the books "The iOS Hacker's Handbook" (Wiley, 2012), "The Mac Hacker’s Handbook" (Wiley, 2009), and "The Art of Software Security Testing" (Addison-Wesley, 2006). In 2008, eWEEK named him one of the 15 Most Influential People in Security. In 2012, NYU-Poly named him a Hacker in Residence and he now oversees security research at the university. He is perhaps best known in the information security and Mac communities for winning the first Pwn2Own contest at CanSecWest 2007.
Alexander Sotirov has more than ten years of experience with vulnerability research, reverse engineering and advanced exploitation techniques. His recent work includes exploiting MD5 collisions to create a rogue Certificate Authority, bypassing the exploitation mitigations on Windows Vista and developing the Heap Feng Shui browser exploitation technique. His professional experience includes positions as a security researcher at Determina and VMware. He is a regular speaker at security conferences around the world, including CanSecWest, BlackHat and Recon. Alexander served as a program chair of the USENIX Workshop on Offensive Technologies and is one of the founders of the Pwnie Awards.
Vincenzo Iozzo directs security engineering efforts at Trail of Bits. Prior to Trail of Bits, Vincenzo founded Tiqad, an information security consulting firm, worked as a penetration tester for Secure Network srl and was a reverse engineer for Zynamics GmbH. His specialized research in Mac OS X security, smartphone exploitation, and exploit payloads has been presented at information security conferences around the world including Black Hat, CanSecWest and Microsoft BlueHat. In 2008, he was selected to participate in the Google Summer of Code and developed a testing infrastructure for TrustedBSD, the Mandatory Access Control system that became the foundation for sandboxing technologies included in Mac OS X. Vincenzo serves as a committee member on the Black Hat Review Board and is a co-author of the "iOS Hacker's Handbook" (Wiley, 2012). He is perhaps best known for his participation in Pwn2Own, where he co-wrote the exploits for BlackBerryOS and iOS that won the contest in 2010 and 2011 and where he co-wrote exploits for Firefox, Internet Explorer, and Safari that placed second in 2012.
Board of Advisors
Christopher Betz, Vice President, CBS Corporation
Michael Aiello, Product Manager, Google
Mike serves as a product manager at Google where he is responsible for advertising privacy products and as the chairman of DIFRwear, a leading RFID security company. In the past, he founded LifeEnsured Inc, a company specializing in digital identity management that was acquired in 2012. He has served as a technology risk advisor for Goldman Sachs and as a researcher at NYU-Poly's information security research laboratory where he worked on topics such as electromagnetic emissions security, computer application penetration-testing and social engineering. Mike has a masters in computer science from NYU-Poly and an MBA from Oxford.