For anybody who is serious about OS security research it is hard not to know Rafal’s work. I remember reading his Defeating Solar Designer non-executable stack patch article somewhere around 1998, when I was still a Linux newbie, learning shell programming back at that time ;)
Since then Rafal published many other articles, advisories and exploits, mostly Linux-related. To mention just a few – the *BSD procfs vulnerability (2000), the Linux Ptrace vulnerability (2001), the famous Advanced return-into-lib(c) paper (2002), the vulnerability in the SELinux (2003), a tool for automatic integer overflow discovery in Win32 binaries (2005) and many others. He’s also known for his libnids project.
Recently Rafal has been doing a lot of research in the area of virtualization and VMM security. In the recent months he found vulnerabilities that potentially allowed to escape a VM jail in all the major virtualization software from Microsoft, VMWare and, of course, Xen.
I wrote “and, of course, Xen”, as Rafal will be presenting a talk at the upcoming Black Hat about Subverting the Xen hypervisor. His talk will be the first one in the series of 3 presentations about Xen (in)security that Invisible Things Lab prepared for this year’s Black Hat. Stay tuned for more details in the coming days.
Rafal has been with McAfee Avert Labs until this month.