Michael Sutton is a Director for iDEFENSE, a security
intelligence company located in Reston, VA. He heads
iDEFENSE Labs and the Vulnerability Aggregation Team
(VAT). iDEFENSE Labs is the research and development arm
of the company, which is responsible for discovering
original security vulnerabilities in hardware and software
implementations, while VAT focuses on researching publicly
known vulnerabilities. His other responsibilities include
developing tools and methodologies to further vulnerability
research, and managing the iDEFENSE Vulnerability
Contributor Program (VCP).
Prior to joining iDEFENSE, Michael established the
Information Systems Assurance and Advisory Services
(ISAAS) practice for Ernst & Young in Bermuda. He is a
frequent presenter at information security conferences.
Michael obtained his Certified Information Systems
Auditor (CISA) designation in 1998 and is a member of
Information Systems Audit and Control Association
(ISACA). He has completed a Master of Science in
Information Systems Technology degree at George
Washington University, has a Bachelor of Commerce degree
from the University of Alberta and is a Chartered
Accountant. Outside of the office, he is a Sergeant with the
Fairfax Volunteer Fire Department.
Adam Greene is a Security Engineer for iDEFENSE, a
security intelligence company located in Reston, VA. His
responsibilities at iDEFENSE include researching original
vulnerabilities and developing exploit code as well as
verifying and analyzing submissions to the iDEFENSE
Vulnerability Contributor Program.
His interests in computer security lie mainly in reliable
exploitation methods, fuzzing, and UNIX based system
auditing and exploit development. In his time away from
computers he has been known to enjoy tea and foosball
with strange old women.
The Art of File Format Fuzzing
In September 2004, much hype was made of a buffer overflow
vulnerability that existed in the Microsoft engine responsible for
processing JPEG files. While the resulting vulnerability itself was
nothing new, the f