61:, physical memory forensics, malware detection, and attribution of hackers. He holds a patent on fault injection methods for software testing, and fuzzy hashing for computer forensics. Due to an email leak in 2011, Hoglund is well known to have worked for the U.S. Government and Intelligence Community in the development of rootkits and exploit material. It was also shown that he and his team at HBGary had performed a great deal of research on Chinese Government hackers commonly known as APT (
384:
Hoglund was an early pioneer in the research and development of physical memory forensics, now considered standard practice in computer forensics in law enforcement. He saw the physical memory as a complex snapshot of interrelated structures and data arrays, instead of just a flatfile full of
313:(aka Sabu), had been secretly arrested by the FBI and turned into an informant against the rest of Anonymous. HBGary admitted to working closely with law enforcement, and was later given credit for their assistance to the FBI in the investigation that lead to the arrest of the LulzSec leader
305:. At this time, the identities of the hackers behind LulzSec were not known. In an interview after the attack, Hoglund characterized the group as criminal hackers and revealed that he had recently refocused HBGary's attribution team, previously used to hunt down Chinese APT (
91:
HBGary, Inc. Provides a comprehensive suite of software products to detect, analyze, and diagnose
Advanced Persistent Threats (APT) and targeted malware. Acquired in 2012 by Mantech International (MANT). HBGary had no outside investors and was owned by the founders and early
641:
603:
584:
622:
357:. A complete list can be found on the wayback engine for rootkit.com Last snapshot of rootkit.com on Wayback. Rootkit.com's original site administrators were Greg Hoglund, Charles Weidner (Handle Redacted), Fuzen_Op (Jamie Butler), Barns (
565:
285:(IW) that was the subject of much interpretation by online reporters and bloggers. It outlined controversial information warfare strategies and techniques, including background checks to discredit online reporters/bloggers,
376:(aka Sabu) and the user database was leaked. The leaked user database was then used for research against the Chinese Government-sponsored hacking group commonly known as 'APT1'. The rootkit.com site since remains offline.
293:
to discredit
Wikileaks. This presentation was never shown to be used, and the supposed customers of this work were never actually customers of HBGary Federal, and further stated they were not aware of the presentation.
385:
strings. The original application was not forensics, but rootkit detection and process hiding – showing how physical memory forensics grew partly from rootkit development. With the release of HBGary's product
57:
and
Outlier Security. Hoglund contributed early research to the field of rootkits, software exploitation, buffer overflows, and online game hacking. His later work focused on
277:
found controversy in 2011 after corporate emails were leaked from the now defunct sister company HBGary
Federal. Of particular note, the founder of HBGary Federal,
389:
in 2008, Hoglund was one of the first to deliver OS reconstruction to the market, pivotal in the use of physical memory to reconstruct software and user behavior.
838:
425:
711:
95:
Outlier
Security, Inc. Provides cloud-based, agentless endpoint detection and response (EDR) systems for enterprises. Acquired in 2017 by Symantec (SYMC).
410:
88:
Bugscan, Inc. Developed an appliance that would scan software for security vulnerabilities without sourcecode. Acquired in 2004 by LogicLibrary, Inc.
361:), Caezar of GhettoHackers (Riley Eller), Talis (JD Glaser of NTObjectives), and Vacuum of Technotronic. At its peak, rootkit.com had 81,000 users.
440:
520:
726:
459:
245:
231:
217:
788:
859:
365:
807:
546:
677:
639:, Greg Hoglund, "Universal method and apparatus for disparate systems to communicate", published 2001-8-09
186:, among others. Hoglund drew the attention of the media when he exposed the functionality of Blizzard Entertainment's
306:
62:
822:
309:), to instead discover the identities of the Lulzsec hackers. Less than six months later, the leader of LulzSec,
473:
85:
Cenzic, Inc. (formerly known as ClickToSecure, Inc.) Focused on web application security for the
Fortune-500.
601:, Michael Gregory Hoglund, "Inoculator and antibody for computer security", published 2011-9-23
69:
was the target of a great deal of media coverage and controversy following the 2011 email leak (see below,
854:
636:
617:
598:
373:
314:
310:
696:
444:
579:
560:
494:
765:
740:
582:, Michael Gregory Hoglund, "Fault injection methods and apparatus", published 2007-1-31
282:
175:
524:
474:"About Us : Reverse Engineering Rootkits by Greg Hoglund, HBGary & Rich Cummings, HBGary"
58:
298:
241:
227:
213:
192:
187:
81:
Hoglund has founded several security startup companies which were still in operation today:
329:. Several well known rootkits and anti-rootkits were hosted from rootkit.com, including
325:
Hoglund also founded and operated rootkit.com, a popular site devoted to the subject of
297:
After the incident in 2011, several hackers branded the attack on HBGary as the work of
133:
Applied: Universal method and apparatus for disparate systems to communicate along with
290:
209:
183:
50:
848:
358:
655:
620:, Michael Gregory Hoglund, "Digital DNA sequence", published 2011-9-23
563:, Michael Gregory Hoglund, "Fuzzy Hash Algorithm", published 2009-6-26
393:
continues to be a staple tool for law enforcement and incident response today.
278:
441:"Stolen HBGary e-mails indicate it was planning a "new breed of rootkit""
301:. Later, this branding was abandoned and replaced with the hacking group
369:
326:
302:
179:
274:
262:
66:
54:
53:
industry. He is the founder of several companies, including Cenzic,
286:
123:
Applied: Inoculator and antibody for computer security along with
49:
is an
American author, researcher, and serial entrepreneur in the
206:
Exploiting Online Games: Cheating
Massively Distributed Systems
164:
Exploiting Online Games: Cheating
Massively Distributed Systems
174:. He has presented regularly at security conferences such as
73:). HBGary was later acquired by a large defense contractor.
547:"ManTech International Corporation will acquire HBGary Inc"
411:"How one man tracked down Anonymous—and paid a heavy price"
808:"Anonymous Helps Researchers Link Hackers To Chinese Army"
773:
744:
426:"Black ops: how HBGary wrote backdoors for the government"
108:
Granted: Fault injection methods and apparatus along with
839:
Black ops: how HBGary wrote backdoors for the government
498:
190:
software, used to prevent hacking in the popular game
339:
Bluepill by Joanna
Rutkowska and Alexander Tereshkin
789:"Rootkit.com Compromise Poses Risks to Other Sites"
727:"Hacker of Sacramento Company HBGary Pleads Guilty"
36:
28:
21:
678:"Hackers Reveal Offers to Spy on Corporate Rivals"
521:"LogicLibrary buys BugScan | Developer World"
281:, had authored a draft Powerpoint presentation on
168:Hack Proofing Your Network: Internet Tradecraft
70:
823:"A Brief History of Physical Memory Forensics"
8:
712:"HBGary's Hoglund sheds light on Anonymous"
259:A *REAL* NT Rootkit, patching the NT Kernel
172:Handbook of SCADA/Control Systems Security
18:
460:"HBGary acquisition by ManTech complete"
364:Rootkit.com was compromised in 2011 via
725:U.S. Attorney's Office (6 March 2012).
401:
224:Rootkits: Subverting the Windows Kernel
160:Rootkits: Subverting the Windows Kernel
787:Lucian Constantin (14 February 2011).
238:Exploiting Software: How to Break Code
156:Exploiting Software: How to Break Code
7:
697:"HBGary Federal Hacked by Anonymous"
409:Nate Anderson (February 10, 2011).
166:, and was a contributing author on
729:. Federal Bureau of Investigation.
424:Nate Anderson (19 February 2011).
14:
841:(by Nate Anderson, ars technica)
806:Gerry Smith (19 February 2013).
676:Eric Lipton (11 February 2011).
695:Brian Krebs (7 February 2011).
443:. Network World. Archived from
439:Tim Greene (19 February 2011).
462:. Sacramento Business Journal.
351:BootKit by Derek Soeder (eEye)
289:monitoring of detractors, and
130:Applied: Digital DNA sequence.
16:American cyber security author
1:
366:Social engineering (security)
343:ShadowWalker by Sherri Sparks
105:Granted: Fuzzy Hash Algorithm
821:Greg Hoglund (25 May 2011).
497:. Cenzic.com. Archived from
170:. He was a reviewer for the
154:As an author, Hoglund wrote
710:Rob Lemos (22 March 2011).
523:. InfoWorld. Archived from
65:). For a time, his company
876:
637:US applied 20010013052
618:US applied 20110067108
599:US applied 20120110673
545:MandaSoft (2 April 2012).
519:Krill, Paul (2004-09-14).
495:"Web Application Security"
307:Advanced persistent threat
270:Controversy and email leak
71:Controversy and email leak
63:Advanced persistent threat
380:Physical memory forensics
331:Jamie Butler's FU rootkit
240:, Addison-Wesley, 2004,
226:, Addison-Wesley, 2005,
347:FUTo by Peter Silberman
150:Research and authorship
47:Michael Gregory Hoglund
458:staff (2 April 2012).
374:Hector Xavier Monsegur
315:Hector Xavier Monsegur
311:Hector Xavier Monsegur
182:, DFRWS, FS-ISAC, and
860:American male writers
335:Hacker Defender by HF
125:Shawn Michael Bracken
699:. Krebs on Security.
580:US grant 7620851
561:US grant 8484152
355:AFX Rootkit by Aphex
114:Jonathan Walter Gary
776:on 5 February 2011.
766:"rootkit - dot com"
447:on 15 October 2012.
283:information warfare
176:Black Hat Briefings
810:. Huffington Post.
118:Riley Dennis Eller
59:computer forensics
656:"Phrack Magazine"
193:World of Warcraft
44:
43:
867:
827:
826:
818:
812:
811:
803:
797:
796:
784:
778:
777:
772:. Archived from
762:
756:
755:
753:
752:
743:. Archived from
737:
731:
730:
722:
716:
715:
714:. Computerworld.
707:
701:
700:
692:
686:
685:
673:
667:
666:
664:
663:
652:
646:
645:
644:
640:
633:
627:
626:
625:
621:
614:
608:
607:
606:
602:
595:
589:
588:
587:
583:
576:
570:
569:
568:
564:
557:
551:
550:
542:
536:
535:
533:
532:
516:
510:
509:
507:
506:
491:
485:
484:
482:
481:
470:
464:
463:
455:
449:
448:
436:
430:
429:
421:
415:
414:
406:
77:Entrepreneurship
19:
875:
874:
870:
869:
868:
866:
865:
864:
845:
844:
835:
830:
825:. Fast Horizon.
820:
819:
815:
805:
804:
800:
786:
785:
781:
764:
763:
759:
750:
748:
739:
738:
734:
724:
723:
719:
709:
708:
704:
694:
693:
689:
675:
674:
670:
661:
659:
654:
653:
649:
642:
635:
634:
630:
623:
616:
615:
611:
604:
597:
596:
592:
585:
578:
577:
573:
566:
559:
558:
554:
549:. BusinessWire.
544:
543:
539:
530:
528:
518:
517:
513:
504:
502:
493:
492:
488:
479:
477:
472:
471:
467:
457:
456:
452:
438:
437:
433:
428:. Ars Technica.
423:
422:
418:
413:. Ars Technica.
408:
407:
403:
399:
382:
368:as part of the
323:
272:
255:
202:
152:
102:
79:
24:
17:
12:
11:
5:
873:
871:
863:
862:
857:
847:
846:
843:
842:
834:
833:External links
831:
829:
828:
813:
798:
779:
757:
732:
717:
702:
687:
682:New York Times
668:
647:
628:
609:
590:
571:
552:
537:
511:
486:
465:
450:
431:
416:
400:
398:
395:
381:
378:
322:
319:
291:disinformation
271:
268:
267:
266:
265:magazine, 1999
254:
251:
250:
249:
235:
221:
210:Addison-Wesley
201:
198:
184:RSA Conference
151:
148:
147:
146:
139:Abhideep Singh
135:Yobie Benjamin
131:
128:
121:
110:Penny C. Leavy
106:
101:
98:
97:
96:
93:
89:
86:
78:
75:
51:cyber security
42:
41:
40:Penny C. Leavy
38:
34:
33:
30:
26:
25:
22:
15:
13:
10:
9:
6:
4:
3:
2:
872:
861:
858:
856:
855:Living people
853:
852:
850:
840:
837:
836:
832:
824:
817:
814:
809:
802:
799:
794:
790:
783:
780:
775:
771:
767:
761:
758:
747:on 2007-04-06
746:
742:
741:"Rootkit.com"
736:
733:
728:
721:
718:
713:
706:
703:
698:
691:
688:
683:
679:
672:
669:
657:
651:
648:
638:
632:
629:
619:
613:
610:
600:
594:
591:
581:
575:
572:
562:
556:
553:
548:
541:
538:
527:on 2008-05-15
526:
522:
515:
512:
501:on 2014-08-30
500:
496:
490:
487:
475:
469:
466:
461:
454:
451:
446:
442:
435:
432:
427:
420:
417:
412:
405:
402:
396:
394:
392:
391:Responder PRO
388:
379:
377:
375:
371:
367:
362:
360:
356:
352:
348:
344:
340:
336:
332:
328:
320:
318:
316:
312:
308:
304:
300:
295:
292:
288:
284:
280:
276:
269:
264:
260:
257:
256:
252:
247:
246:0-201-78695-8
243:
239:
236:
233:
232:0-321-29431-9
229:
225:
222:
219:
218:0-13-227191-5
215:
211:
207:
204:
203:
199:
197:
195:
194:
189:
185:
181:
177:
173:
169:
165:
161:
157:
149:
144:
143:Jonathan Gary
140:
136:
132:
129:
126:
122:
119:
115:
111:
107:
104:
103:
99:
94:
90:
87:
84:
83:
82:
76:
74:
72:
68:
64:
60:
56:
52:
48:
39:
35:
31:
27:
20:
816:
801:
792:
782:
774:the original
769:
760:
749:. Retrieved
745:the original
735:
720:
705:
690:
681:
671:
660:. Retrieved
658:. Phrack.org
650:
631:
612:
593:
574:
555:
540:
529:. Retrieved
525:the original
514:
503:. Retrieved
499:the original
489:
478:. Retrieved
468:
453:
445:the original
434:
419:
404:
390:
386:
383:
363:
359:Barnaby Jack
354:
350:
346:
342:
338:
334:
330:
324:
317:(aka Sabu).
296:
273:
258:
237:
223:
205:
191:
171:
167:
163:
159:
155:
153:
142:
138:
134:
124:
117:
113:
109:
80:
46:
45:
23:Greg Hoglund
770:rootkit.com
476:. Black Hat
321:rootkit.com
29:Nationality
849:Categories
751:2013-10-19
662:2011-06-20
531:2011-06-20
505:2011-06-20
480:2011-06-20
397:References
372:attack by
279:Aaron Barr
92:employees.
793:softpedia
387:Responder
299:Anonymous
327:rootkits
253:Articles
212:, 2007,
32:American
370:LulzSec
303:LulzSec
180:DEF CON
100:Patents
643:
624:
605:
586:
567:
353:, and
275:HBGary
263:Phrack
244:
230:
216:
188:Warden
141:, and
116:, and
67:HBGary
55:HBGary
37:Spouse
287:OSINT
200:Books
242:ISBN
228:ISBN
214:ISBN
162:and
851::
791:.
768:.
680:.
349:,
345:,
341:,
337:,
333:,
261:,
208:,
196:.
178:,
158:,
137:,
112:,
795:.
754:.
684:.
665:.
534:.
508:.
483:.
248:.
234:.
220:.
145:.
127:.
120:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.