Cris Neckar

From Wikitia
Jump to navigation Jump to search
Cris Neckar
Add a Photo
NationalityAmerican
CitizenshipUnited States of America
OccupationWhite hat hacker

Cris Neckar is an American computer security white hat hacker. He is currently employed by Two Bear Capital as Venture Partner, and was formerly a member of Google's Chrome Security Team from 2010 to 2014[1][2].

Notable discoveries

Neckar is credited with discovering severe vulnerabilities in Microsoft Windows[3], Internet Explorer[4], Apple WebKit[5], Google Chrome[6], and Cisco WebEx[7][8][9][10].

In 2010, Neckar and Greg Ose (also of Neohapsis Labs) demonstrated an exploit against digital forensics software at Chicago's THOTCON security conference. The exploit demonstrated how a malicious payload, planted on a computer that undergoes forensic analysis, could obtain arbitrary code execution via a vulnerability present in both Encase and FTK[11][12], the two most common digital forensics platforms at that time.

Neckar was among the group of researchers from Citizen Lab, Lookout Security, and Divergent Security who discovered and performed the technical analysis of the first iteration of NSO Group's Pegasus Spyware, that was discovered in August 2016[13][14][15].

References

  1. Ryan Naraine (2010-09-02). "Google Chrome celebrates 2nd birthday with security patches". ZD Net. Retrieved 2023-05-09.
  2. Abhishek Arya, Cris Neckar (2012-04-26). "GFuzzing for Security". Chrome Security Team. Retrieved 2023-05-09.
  3. BetaFred, Justinha, wingtofree, mdressman, v-prhal (2015-02-10). "Acknowledgments - 2015". Microsoft. Retrieved 2023-05-09.{{cite web}}: CS1 maint: multiple names: authors list (link)
  4. BetaFred, wingtofree, mdressman (2012-08-14). "Microsoft Security Bulletin MS12-056 - Important". Microsoft. Retrieved 2023-05-09.{{cite web}}: CS1 maint: multiple names: authors list (link)
  5. Apple (2017-01-20). "About the security content of iOS 5.1 Software Update". Apple. Retrieved 2023-05-09.
  6. Anthony Laforge (2012-01-05). "Stable Channel Update". Google. Retrieved 2023-05-09.
  7. Eduard Kovacs (2017-07-17). "Critical WebEx Flaws Allow Remote Code Execution". Security Week. Retrieved 2023-05-09.
  8. Shaun Nichols (2017-07-17). "Cisco plugs command-injection hole in WebEx Chrome, Firefox plugins". The Register. Retrieved 2023-05-09.
  9. Swati Khandelwal (2017-07-17). "Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!". The Hacker News. Retrieved 2023-05-09.
  10. Cybersecurity & Infrastructure Security Agency (2017-07-17). "Cisco Releases Security Updates". US-CERT. Retrieved 2023-05-09.
  11. John McCash (2010-04-27). "Arbitrary Code Execution on Examiner Systems via File Format Vulnerabilities". SANS. Retrieved 2023-05-09.
  12. Alain Homewood (2012). "Anti-Forensic Implications of Software Bugs in Digital Forensic Tools" (PDF). AUT University. Retrieved 2023-05-09.
  13. Max Bazaliy, Cris Neckar, Greg Sinclair, in7egral (2016). "Technical Analysis of the Pegasus Exploits on iOS" (PDF). Lookout. Retrieved 2023-05-09.{{cite web}}: CS1 maint: multiple names: authors list (link)
  14. Max Bazaliy, Seth Hardy, Andrew Blaich (2016). "Mobile Espionage in the Wild: Pegasus and Nation-State Level Attacks" (PDF). Blackhat. Retrieved 2023-05-09.{{cite web}}: CS1 maint: multiple names: authors list (link)
  15. Max Bazaliy (2016-12-27). "Pegasus Internals" (PDF). Chaos Communication Congress. Retrieved 2023-05-09.

External links

Add External links

This article "Cris Neckar" is from Wikipedia. The list of its authors can be seen in its historical. Articles taken from Draft Namespace on Wikipedia could be accessed on Wikipedia's Draft Namespace.

Retrieved from "https://wikitia.com/index.php?title=Cris_Neckar&oldid=186218"