Petko D. Petkov

Current

• Hacker at Blogsecurify
• Hacker at Websecurify
• Hacker at Spin Hunters

• Hacker at GNUCITIZEN
• Hacker at Hakiri
• Information Security Analyst at NTA Monitor

see less...

3 more...

Past

• Speaker at Inbox-Outbox
• Speaker at OWASP
• Speaker at Louhi

• Speaker at Mnemonic
• Speaker at HITB
• Speaker at Black Hat
• Speaker at OWASP
• Book Author at Syngress
• Book Author at Elsevier
• Book Author at Syngress
• Book Author at Elsevier
• Speaker at OWASP
• Freelance Computer Security Consultant (Self-employed)
• Network Administrator at Richmond The American International University in London
• Radio Host - Chaos at FM 92

see less...

12 more...

Education

• Richmond, The American International University in London
• High School of Natural Science

Recommended

6 people have recommended Petko

Connections

225 connections

Industry

Computer & Network Security

Websites

• My Website
• My Blog
• Current Project

Petko D. Petkov’s Summary

"Hacker - One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations."

Petko D. Petkov, a.k.a pdp, is founder and leading member of the GNUCITIZEN Cutting-edge Think tank. PDP is a recognized information security researcher, penetration tester and published author who has contributed to several best-selling books, numerous popular blogs and online magazines. PDP is also popular as the editor in chief of Hakiri - Hackers Lifestyle community blog.

Main Projects:
• GNUCITIZEN - Cutting-edge Think tank | Ethical Hacker Outfit
• Hakiri - Hacker Lifestyle
• Spin Hunters - Social Hacking Research House
• House of Hackers - Social Network
• Blogsecurify - Writing Blogs? Stay Secure!
• Websecurify - Web Security Cloud

Published Books:
• Google Hacking for Penetration Testers Second Edition
• Cross Site Scripting Attacks: XSS Exploits and Defense

Speaking Engagements:
• Black Hat
• OWASP
• Hack in The Box (HITB)
• CONFidence
• RISK

Noteworthy Papers and Presentations:
• Client-side Security
• For my next trick... hacking Web2.0
• Exegesis of Virtual Hosts Hacking

Noteworthy Vulnerability Discoveries:
• Command Fixation Attacks in CITRIX
• Command Fixation Attacks in Microsoft RDP
• Command Execution in Adobe PDF
• E-mail Hijack in Google GMail
• Identity Theft in Second Life
• Command Execution in Apple QuickTime
• Command Execution in Mozilla Firefox (QuickTime)
• JAR manipulation attacks in Mozilla Firefox
• JAR manipulation attacks in SUN Java JVM
• Chrome Execution in Firefox (Firebug)
• Local Zone Execution in Skype via WiFi

gnucitizen.com | gnucitizen.org | gnucitizen.net | hakiri.org | spinhunters.org | houseofhackers.org | blogsecurify.com | websecurify.com

Petko D. Petkov’s Specialties:

Idea Development, Brainstorming, Creative Thinking, Information Security Research, Vulnerability Research, Penetration Testing, Tactical Exploitation, Information Gathering, Web Application Security, Radio Security, Exploit Development, Client-side Security, Server-side Security, Social Engineering, Cutting-edge Training, Cool-hunting, etc...

• I am good at recognizing emerging technologies.
• I am good at innovating things and ideas.

Petko D. Petkov’s Experience

• Hacker

  Blogsecurify

  (Security and Investigations industry)

  June 2008 — Present (4 months)

  Blogsecurify is an online application, which helps users secure their blogs. I was responsible for designing the system architecture and writing the testing framework.
  
  The testing framework is truly unique. It is currently built on the top of a massively scalable infrastructure, which allows tests to be written and deployed quite rapidly.

• Hacker

  Websecurify

  (Security and Investigations industry)

  June 2008 — Present (4 months)

  Websecurify is a place where companies and individuals will find services to enable them to secure their Web Applications, Infrastructures and online presence.

• Hacker

  Spin Hunters

  (Security and Investigations industry)

  June 2007 — Present (1 year 4 months)

  Spin Hunters is probably the first, distinguished Reputation Security company in the world. They help organizations realize their reputation stability in cases of malicious identity attacks by providing a strong system of internal tests, some of which involve tiger team operations.
  
  I am partnering with Spin Hunters on several levels.

• Hacker

  GNUCITIZEN

  (Security and Investigations industry)

  September 2006 — Present (2 years 1 month)

  GNUCITIZEN is an independent think tank organization aiming to provide awareness of all the pending security threats, facing the society today. We intend to impact the public opinion about the role of modern hacking technologies and to connect them in a broader social context. In other words, we are trying to show the multi-dimensional nature of hacking and to clarify that this process is not exclusively related to "cyber crime", but to the inner-creativity in general.

• Hacker

  Hakiri

  (Security and Investigations industry)

  September 2006 — Present (2 years 1 month)

  Hakiri (Hacker Lifestyle) is here to amaze you with the wonderful characteristics and abilities our small community has to offer. Our mission is to explore, show and teach what makes a true life-hacker. You will learn about our culture, music preferences, art, fashion, philosophy, technology, ideas and many other things that come to our minds on a daily basis. We also plan to engage and entertain the community with some of our hobby projects.
  
  I am the founder and main contributer of the Hakiri initiative.

• Information Security Analyst

  NTA Monitor

  (Privately Held; 11-50 employees; Computer & Network Security industry)

  May 2005 — Present (3 years 5 months)

  Founded in 1997, NTA Monitor has over 10 years' experience in providing a range of IT security testing, auditing and consultancy services to more than 500 government and corporate clients.
  
  I am leading/senior penetration tester, information security consultant for NTA Monitor.

• Speaker

  Inbox-Outbox

  (Information Technology and Services industry)

  June 2008 — June 2008 (1 month)

  I was invited as a guest speaker to the annual Inbox-Outbox event, where I gave a talk on Instant Messengers, PDF, Doc and E-mail security.

• Speaker

  OWASP

  (Security and Investigations industry)

  May 2008 — May 2008 (1 month)

  I was invited to present my research on Client-side security vulnerabilities at the annual, European OWASP Application Security Conference, which took place in Belgium, Ghent.

• Speaker

  Louhi

  (Security and Investigations industry)

  May 2008 — May 2008 (1 month)

  I was invited to speak at the second information security conference in Helsinki, Finland, organized by Louhi. My talk was titled, "Tomorrow's Security".

• Speaker

  Mnemonic

  (Security and Investigations industry)

  April 2008 — April 2008 (1 month)

  I was invited to be a guest speaker at RISK2008 Conference, which took place in Oslo, Norway. My talk was on the topic of Web2.0 insecurities and vulnerabilities.

• Speaker

  HITB

  (Security and Investigations industry)

  April 2008 — April 2008 (1 month)

  Hack in the Box (HITB) is the leading Information Security conference which takes place in Asia and the Middle East. I was invited as a guest speaker to the annual HITB 2008 Conference in Dubai, where I presented my research on Client-side security.

• Speaker

  Black Hat

  (Security and Investigations industry)

  March 2008 — March 2008 (1 month)

  Black Hat is one of the leading information security conferences in world today.
  
  I was invited as a guest speaker to the annual Black Hat Europe 2008, which took place in Amsterdam, The Netherlands. There I presented my research on Client-side security for the first time.

• Speaker

  OWASP

  (Security and Investigations industry)

  November 2007 — November 2007 (1 month)

  I was invited at the annual OWASP US conference to present my research on Web2.0 security and vulnerabilities. The conference took place in San Jose, the EBay campus.

• Book Author

  Syngress

  (Publishing industry)

  July 2007 — November 2007 (5 months)

  co-authoring "Google Hacking for Penetration Testers Second Edition"
  
  …from the book excerpt:
  
  Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Googles search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Volume 2 shows the art of torqueing Google used by security professionals and system administrators to find this sensitive information and self-police their own organizations.

• Book Author

  Elsevier

  (Public Company; 10,001 or more employees; ENL; Publishing industry)

  July 2007 — November 2007 (5 months)

  co-authoring "Google Hacking for Penetration Testers Second Edition"
  
  …from the book excerpt:
  
  Google is one of the 5 most popular sites on the internet with more than 380 million unique users per month (Nielsen/NetRatings 8/05). But, Googles search capabilities are so powerful, they sometimes discover content that no one ever intended to be publicly available on the Web including: social security numbers, credit card numbers, trade secrets, and federally classified documents. Google Hacking for Penetration Testers, Volume 2 shows the art of torqueing Google used by security professionals and system administrators to find this sensitive information and self-police their own organizations.

• Book Author

  Syngress

  (Publishing industry)

  February 2007 — July 2007 (6 months)

  co-authoring "XSS Attacks - Cross Site Scripting Exploits and Defence"
  
  ...from the book excerpt:
  
  Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.

• Book Author

  Elsevier

  (Public Company; 10,001 or more employees; ENL; Publishing industry)

  February 2007 — July 2007 (6 months)

  co-authoring "XSS Attacks - Cross Site Scripting Exploits and Defence"
  
  ...from the book excerpt:
  
  Cross Site Scripting Attacks starts by defining the terms and laying out the ground work. It assumes that the reader is familiar with basic web programming (HTML) and JavaScript. First it discusses the concepts, methodology, and technology that makes XSS a valid concern. It then moves into the various types of XSS attacks, how they are implemented, used, and abused. After XSS is thoroughly explored, the next part provides examples of XSS malware and demonstrates real cases where XSS is a dangerous risk that exposes internet users to remote access, sensitive data theft, and monetary losses. Finally, the book closes by examining the ways developers can avoid XSS vulnerabilities in their web applications, and how users can avoid becoming a victim. The audience is web developers, security practitioners, and managers.

• Speaker

  OWASP

  (Security and Investigations industry)

  May 2007 — May 2007 (1 month)

  I was invited to the 6th OWASP Application Security Conference, which took place in Milan, Italy. There I presented my Web2.0 security research for the first time.

• Freelance Computer Security Consultant

  Self-employed

  (Self-Employed; Computer & Network Security industry)

  June 2003 — May 2005 (2 years)

• Network Administrator

  Richmond The American International University in London

  (Computer & Network Security industry)

  September 2002 — February 2005 (2 years 6 months)

• Radio Host - Chaos

  FM 92

  (Broadcast Media industry)

  January 1992 — January 2002 (10 years 1 month)

Petko D. Petkov’s Education

• Richmond, The American International University in London

  BSc, Computer Engineering, 2002 — 2005

• High School of Natural Science

  A, Physics, Mathematics, Sociology, English, Deutsch, 1998 — 2002

Additional Information

Petko D. Petkov’s Websites:

• My Website
• My Blog
• Current Project

Petko D. Petkov’s Interests:

Idea Development, Brainstorming, Creative Thinking, Art, Design, Electronic Music, etc...

Petko D. Petkov’s Groups:

GNUCITIZEN, Hakiri, Spin Hunters, House of Hackers, Blogsecurify, HITB (Hack in The Box), OWASP, Black Hat, Defcon, Hackin9, 2600, Linux-bg, CONFidence

•    Information Security Expert Center
•    Executive Suite
•    Friends of the British Computer Society
•    Business Intelligence
•    International Network of Social Entrepreneurs
•    Innovation People Expert Innovators Creative Network
•    Security Crew
•    Open Web Application Security Project (OWASP)
•    UNCON
•    For Knowledge Persons
•    IT Specialist
•    Black Hat Speakers
•    Black Hat
•    Information Security Community
•    Innovation for Creativity
•    Consultants Network
•    Front End of Innovation
•    Speakers and Panelists
•    National Information Security Group
•    Friends of Britain
•    Open Source
•    IT SECURITY EXPERT
•    Professional Reverse Engineers
•    Ethical Hackers Community
•    DEFCON
•    Penetration Testers Anonymous
•    Linux Expert
•    Well-dressed Professionals
•    Global Security Professional
•    Business Continuity Management Professionals
•    Ethical Hacker
•    Information Security Experts
•    Security Bloggers Network
•    GNUCITIZEN
•    Business Ideas Generators
•    Enterprise Security
•    Internet 3.0 - (Web 1.0+ Web 2.0)
•    Security Industry Group
•    Information Security Network
•    The Web Application Security Consortium
•    Information Technology Contracting
•    House of Hackers
•    GNUCITIZEN Partners & Friends
•    Security Leaders Group
•    Vulnerability Researchers
•    Life Hackers
•    SECURITY TIGER TEAM
•    Information Security Researchers

Petko D. Petkov’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• business deals
• reference requests
• getting back in touch