Dennis Yurichev CV

Dennis Yurichev.

E-Mail: dennis(a)conus.info

LinkedIn page: http://www.linkedin.com/in/dennisyurichev

My blog about Oracle RDBMS et cetera: http://blogs.conus.info/

Date of birth: 11-October-1979.

Citizenship: Ukrainian.

Gender: male.

Marital status: married.

Children: absent.

Languages: Russian, English, Ukrainian.

Employment history: 

* 2008 - present: 

Freelancer.
I discovered several previously unknown vulnerabilities in Oracle RDBMS and IBM DB2.

I discovered two DoS vulnerabilities in IBM DB2 9.5.
CVE-2009-0172
CVE-2009-0173
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ36534
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ39373
http://blogs.conus.info/node/17

CVE-2009-0991 in CPUapr2009 (CVSS 5.0):
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
http://blogs.conus.info/node/18

Four vulnerabilities patched in CPUjul2009:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
CVE-2009-1970 (CVSS 5.0):
http://blogs.conus.info/node/26

CVE-2009-1963 (CVSS 7.5)
http://blogs.conus.info/node/25

CVE-2009-1019 (CVSS 7.5)
http://blogs.conus.info/node/24

CVE-2009-1020 (CVSS 9.0)
http://blogs.conus.info/node/23

CVE-2009-1979 in CPUoct2009 (CVSS 10.0)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
http://blogs.conus.info/node/28

CVE-2010-0071 in CPUjan2010 (CVSS 10.0)
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
(also listed among security-in-depth contributors)
http://blogs.conus.info/node/38

CVE-2010-0911 in CPUjul2010 (CVSS 7.8):
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html

Mentioned in CPUapr2011:
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

CVE-2011-2242 in CPUjul2011:
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

CVE-2012-0072 in CPUjan2012:
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

I discovered one DoS vulnerability in binkd FidoNet mailer:
http://binkd2.grumbler.org/viewcvs/HISTORY?root=binkd&view=co

I made two FPGA brute-force crackers.
First was related to specific dongle crypto algorithm. Using Altera EP2S60 
FPGA device, I made a hardware system which able to find crypto key extremely
fast compared to modern Wintel systems.
Second project was a cracker of Oracle RDBMS passwords (pre-11g, based on
DES algorithm).
While most fast software brute-force attacker running on Intel Core Duo 2 able
to check 1.5M passwords per second, a hardware system built by me able
to check about Oracle RDBMS 110M passwords per second: it was built on Altera
EP2SGX90 FPGA chip. It is now easy to check all possible 8-symbol passwords
spending only 9 hours.
Here is it connected to Internet on 24h basis:
http://conus.info/ops/
Short article about it:
http://conus.info/ops/ops.html

Reverse engineer freelancer. Some of examples:
http://conus.info/RE-articles/sapgui.html
http://conus.info/RE-articles/qr9.html

Writing experience (beginner's reverse engineering courses for C/C++ programmers):
http://wiki.conus.info (Russian language)

* 2005 - 2008: 
"Blue Lane" (now part of VMware, Inc) (www.bluelane.com): 
reverse engineer and security researcher. 
My duty was to compare original and patched binary 
versions of some well-known software products, investigate 
differences, understand the nature of security vulnerability, 
finding a way how malicious (for these specific vulnerabilities) 
packets can be blocked at the network level.
I developed my own x86 code tracer for navigating in such large
software as Oracle RDBMS.
My specialization was primarily Oracle RDBMS, so I collected a lot
of information related to Oracle RDBMS internals.

* 1999 - 2005:  
Freelancer in areas of software copy protection, reverse 
engineering, web-scripting and programming.
My old website about reverse engineering services: 
http://conus.info/old2/
Also, I was involved in making dongle clones (in the sense of 
software protection) as it is described at:
http://en.wikipedia.org/wiki/Dongle

* 1998 - 1999:  
"Beckets-Service" (Kiev, Ukraine): 
Linux system administrator, CGI-scripts programmer, 
C/C++ programmer.
Last project I made at, was company-specific Voicemail
system working with cheap voice modems.

* 1996 - 1998:  
"Tandem-Plus" (Enakievo, Donetsk region, Ukraine): 
various computers maintenance and repairing at the local
computer seller and repairer.

My perfect skills: reverse engineering, restoration of code into various 
high-level languages: C, C++, C#, Java, Pascal/Delphi.
Reverse engineering various proprietary network protocols.
Optimization of time-critical code parts.

My very good skills: C/C++/x86 assembler programming for Windows 98/NT,
Linux. Verilog coding (for FPGAs)

Just skills: drivers creation for any version of Windows, MS-DOS, OS/2, 
Linux programming.

I have knowledge of cryptography, major internet protocols, digital electronics, 
computer security, Oracle RDBMS basics, Oracle Net8.