whitehat
Fyodor
Gordon Lyon (perhaps better known by his pseudonym Fyodor Vaskovich) is a network security expert, open source programmer, writer, and self-proclaimed hacker. He authored the open source Nmap Security Scanner and numerous books, web sites, and technical papers focusing on network security. Lyon is a founding member of the Honeynet Project and Vice President of Computer Professionals for Social Responsibility.
HD Moore
H D Moore (born 1981) is a security researcher who has been active on internet mailing lists since 1998. H D Moore works as the Director of Security Research for BreakingPoint Systems, where he focuses on the security testing features of the BreakingPoint product line. Prior to joining BreakingPoint, HD co-founded Digital Defense, a managed security services firm, where he developed the vulnerability assessment platform and led the security research team.
Mudge
Works/ed for L0pht Heavy Industries which later became @stake inc. developing many tools such as the windows password cracker L0pht Crack, and Antisniff software.
He has also worked for BBN Technologies Inc. who created ARPANET for the U.S. military/government.
lcamtuf
Michał Zalewski (born 19 January 1981) is a computer security expert from Poland.
He has been a prolific vulnerability researcher and a frequent Bugtraq poster since mid-1990s, and has authored a number of programs for Unix-like operating systems. For his continued research on browser security, he was named one of the 15 most influential people in security and among the 100 most influential people in IT. Zalewski is an employee of Google Inc.
zip
Accredited for finding numerous vulnerabilities for IBM Internet Security Systems; while working on their team code named XFORCE. He is now a Google Engineer.
Examples of vulnerabilities worked on: (either by himself or with his group):
Found Heap based buffer overflow of Common Management Agent
ClamAV Library Remote Heap Overflows Security Advisory
Multiple Remote Vulnerabilities in BIND4 and BIND8
Most famous for his skills with Reverse Engineering, finding the Heartbleed bug and binary source code auditing.
Ofir Arkin
Ofir Arkin is a well known computer security specialist. He is the founder of Sys-Security Group, a computer security research group, and an active member and co-author within the Honeynet project.
Ofir has published research papers, programs, advisories and articles in the fields of information warfare, VoIP security, and network discovery, including the Etherleak problem (information leakage in the Ethernet frame padding), Xprobe2 (an active OS fingerprinting tool), and contributions to the book Know Your Enemy (Addison-Wesley, 2nd edition, 2004, ISBN 0-321-16646-9).
He is the CTO and co-founder of Insightix, an Israel-based company which delivers IT infrastructure discovery, monitoring and auditing systems for enterprise networks.
Mark Russinovich
Mark Russinovich wrote useful tools for the windows platform which are useful for debugging and repair, including Process Explorer, Autoruns, and Rootkit Explorer. In 1996, Russinovich discovered that altering two values in the Windows Registry of the Workstation edition of Windows NT 4 would change the installation so it was recognized as a Windows NT Server and allow the installation of Microsoft BackOffice products which were licensed only for the Server edition.
Rain Forest Puppy, RFP
Rain Forest Puppy developed the Whisker tool for web application testing. Jeff is now the CTO of Bluebox Security. He has written multiple features and cover-story articles for Network Computing and Secure Enterprise magazines; he is also a contributing author to multiple books. He was responsible for the first documented security discovery of SQL injection (Phrack, 1998) and the first publicized responsible security disclosure policy (2000).
