Adam Ziaja
| Adam Ziaja | |
|---|---|
| Born | September 27, 1986 Katowice, Poland |
| 🏳️ Nationality | Polish |
| 💼 Occupation | Cyber security expert |
| 🌐 Website | https://adamziaja.com/ |
Adam Ziaja (born September 27, 1986) is a Polish cyber security expert, member of MalwareMustDie[1], IT expert witness[2] at the District Court in Warsaw (Poland), with emphasis on general computer forensics, forensic analysis on Linux, hacking and cybercrime.
Author of the book “Praktyczna analiza powłamaniowa. Aplikacja webowa w środowisku Linux”[3] (“Practical computer forensics analysis. Web application on Linux”) and ”Bezpieczeństwo aplikacji webowych”[4] (”Security of web applications”). Co-author of training materials for CERT teams in cooperation with European Union Agency for Network and Information Security (ENISA)[5]. He took part in ENISA Cyber Europe 2014 exercise, in which over 100 teams from all around Europe participated, where his team scored first place[6].
He is a successful bug hunter, who received acknowledgment and thanks for responsibly disclosed vulnerabilities in software of dozens institutions and companies all around the world, i.a. and not only such as: Acquia[7], Adobe (2014[8]), Apple (2012[9]), Base CRM (2013[10]), BlackBerry (2013[11]), Deutsche Telekom[12], GitLab (2013[13]), iFixit (2012[14]), LastPass[15], Netflix (2013[16]), Nokia (2013[17]), Prezi[18], ShareLaTeX[19], SoundCloud [20], Harvard University[21], Yandex (2013[22]), Zynga (2012[23]), as well as the Polish ones: Onet.pl (2013[24]), Interia.pl (2014[25]), Wirtualna Polska (2013[26]) and Empik (2013[27]).
Publicly reported vulnerabilities
- CVE-2014-1695[28][29] – Stored Cross-Site Scripting (XSS) in OTRS[30] application.
- CVE-2014-2554[31]
- CVE-2015-2149[32][33] – Stored Cross-Site Scripting (XSS) in MyBB[34] application.
- Server-Side Request Forgery (SSRF) vulerability in GeoNode (2013[35]) application used by Harvard University[36] in WorldMap project.
References
- ↑ "MMD-0059-2016 - Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready". MalwareMustDie. Retrieved 2018-06-23.
- ↑ "Lista biegłych sądowych Sądu Okręgowego w Warszawie" (in Polish). District Court in Warsaw. Retrieved 2018-06-18.CS1 maint: Unrecognized language (link)
- ↑ Praktyczna analiza powłamaniowa. Aplikacja webowa w środowisku Linux (in Polish). Amazon. ISBN 9788301193478. OCLC 1000021213.CS1 maint: Unrecognized language (link) Search this book on
- ↑ "Bezpieczeństwo aplikacji webowych" (in Polish). National Library of Poland. OCLC 998638539. Retrieved 2018-06-23.CS1 maint: Unrecognized language (link)[permanent dead link]
- ↑ Digital forensics Archived 2018-06-16 at the Wayback Machine, Identifying and handling cybercrime traces[permanent dead link], Advanced artifact analysis Archived 2018-06-23 at the Wayback Machine, Processing and storing artifacts Archived 2018-06-23 at the Wayback Machine, Building artifact handling and analysis environment[permanent dead link], Common Framework for Artifact Analysis Activities[permanent dead link], Developing countermeasures (signatures, indicators of compromise) Archived 2018-06-23 at the Wayback Machine, "Artifact analysis fundamentals". European Union Agency for Network and Information Security (ENISA). Retrieved 2018-06-23.[permanent dead link]
- ↑ "Cyber Europe 2014" (in Polish). Polish Government Centre for Security. Retrieved 2018-06-15.CS1 maint: Unrecognized language (link)
- ↑ "How to responsibly report a security issue". Acquia. Retrieved 2018-06-25.
- ↑ "Acknowledgments". Adobe. Retrieved 2018-06-15.
- ↑ "Apple Web Server notifications, 2012". Apple. Retrieved 2018-06-15.
- ↑ "Base Responsible Disclosure". Base CRM. Retrieved 2018-06-25.
- ↑ "Acknowledgements 2013". BlackBerry. Retrieved 2018-06-15.
- ↑ "Acknowledgements". Deutsche Telekom. Retrieved 2018-06-15.
- ↑ "Security Researcher Acknowledgments". GitLab. Archived from the original on 2018-06-25. Retrieved 2018-06-25.
- ↑ "Responsible Disclosure of Security Vulnerabilities". iFixit. Retrieved 2018-06-25.
- ↑ "LastPass Security". LastPass (via Wayback Machine). Archived from the original on 2017-07-31. Retrieved 2018-06-25.CS1 maint: Unfit url (link)
- ↑ "Responsible Vulnerability Disclosure". Netflix. Retrieved 2018-06-15.
- ↑ "Responsible disclosure". Nokia. Retrieved 2018-06-15.
- ↑ "References". Prezi. Retrieved 2018-06-24.
- ↑ "Security, Responsible disclosure". ShareLaTeX. Retrieved 2018-06-25.
- ↑ "Reporting a security vulnerability". SoundCloud. Retrieved 2018-06-15.
- ↑ "Sponsors". Harvard University. Archived from the original on 2017-04-10. Retrieved 2018-06-15.
- ↑ "Hall of Fame". Yandex. Archived from the original on 2018-06-15. Retrieved 2018-06-15.
- ↑ "Whitehats". Zynga. Retrieved 2018-06-24.
- ↑ "References" (in Polish). Onet.pl. Retrieved 2018-06-24.CS1 maint: Unrecognized language (link)
- ↑ "References" (in Polish). Interia.pl. Retrieved 2018-06-24.CS1 maint: Unrecognized language (link)
- ↑ "References" (in Polish). Wirtualna Polska. Retrieved 2018-06-24.CS1 maint: Unrecognized language (link)
- ↑ "References" (in Polish). Empik. Retrieved 2018-06-24.CS1 maint: Unrecognized language (link)
- ↑ "CVE-2014-1695". NIST. Retrieved 2018-06-18.
- ↑ "CVE-2014-1695 PoC". Adam Ziaja. Retrieved 2018-06-26.
- ↑ "Security Advisory 2014-03 – XSS Issue". OTRS. Retrieved 2018-06-19.
- ↑ "OTRS Help Desk CVE-2014-2554 Clickjacking Vulnerability". SecurityFocus. Retrieved 2018-06-19.
- ↑ "CVE-2015-2149". NIST. Retrieved 2018-06-26.
- ↑ "CVE-2015-2149 PoC". Adam Ziaja. Retrieved 2018-06-26.
- ↑ "MyBB 1.8.4 Released – Feature Update, Security & Maintenance Release". MyBB. Retrieved 2018-06-19.
- ↑ "Added Adam Ziaja to Contributors". GeoNode. Retrieved 2018-06-23.
- ↑ "Security vulnerability with proxy view and csrf/sessionid cookie". GeoNode. Retrieved 2018-06-23.
External links
This article "Adam Ziaja" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Adam Ziaja. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
