Xiaoran @0x1a0ranis a Senior Product Security Engineer at salesforce.com. He is passionate about security, especially web application security. He has presented at several conferences such as BlackHat USA, ToorCon, Hacker Halted, etc.
At work, he does architectural feature review for security, web penetration testing, security training, security automation, etc. In his personal time, he does security research in a variety of topics including exploit writing, malware analysis, vulnerability analysis, and tearing things apart. He has written many useful defensive tools as well. For example, he developed an add-on “Mixed Content Monitor” for Firefox to block and show the insecure resources loaded within https. He also developed “Process Injection Monitor” that does automatic malware analysis and extracts injected code to a binary when a malware process tries to inject itself into other processes.
Xiaoran will explain: