Solar Designer

From Wikipedia, the free encyclopedia
Solar Designer at PHDays 2012

Alexander Peslyak (Александр Песляк) (born 1977), better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique,[1] as well as computer security protection techniques such as privilege separation for daemon processes.

Peslyak is the author of the widely popular[2] password cracking tool John the Ripper. His code has also been used in various third-party operating systems, such as OpenBSD and Debian.


Peslyak has been the founder and leader of the Openwall Project since 1999. He is the founder of Openwall, Inc. and has been the CTO since 2003. He served as an advisory board member at the Open Source Computer Emergency Response Team (oCERT) from 2008 until oCERT's conclusion in August 2017.[3] He also co-founded oss-security.[4]

He has spoken at many international conferences, including FOSDEM and CanSecWest. He wrote the foreword to Michał Zalewski's 2005 book Silence on the Wire.[5]

Alexander received the 2009 "Lifetime Achievement Award"[6] during the annual Pwnie Award at the Black Hat Security Conference. In 2015 Qualys acknowledged his help with the disclosure of a GNU C Library gethostbyname function buffer overflow (CVE-2015-0235).[7]

See also[edit]


  1. ^ "JPEG COM Marker Processing Vulnerability in Netscape Browsers". Retrieved 2009-08-04.
  2. ^ "Top 10 Password Crackers". Archived from the original on 30 August 2009. Retrieved 2009-08-04.
  3. ^ "Open Source Computer Security Incident Response Team". Retrieved 25 October 2018.
  4. ^ "Alexander Peslyak's Bio on". Archived from the original on 28 June 2009. Retrieved 2009-08-04.
  5. ^ Michał Zalewski (2005). "Silence on the Wire". No Starch Press. ISBN 1593270461. Retrieved 2015-03-21.
  6. ^ "2009 Pwnie award". Retrieved 2010-12-17.
  7. ^ Qualys (2015-01-27). "CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow". Retrieved 2015-03-21.

External links[edit]