William Genovese

From Wikipedia, the free encyclopedia
Jump to: navigation, search
"Illwill" redirects here. For other uses, see Illwill (disambiguation).

William Genovese is a former greyhat hacker turned security professional, who goes by the alias illwill.


In early 2000's, Genovese was a former figure in a loose-knit group of computer hackers who called themselves illmob. illmob.org, was a security community website ran by Genovese, which, at the time, had many high profile incidents related to it.

In 2010 Genovese co-founded and is a current board member of a 501(3)(c) non-profit Hackerspace called NESIT, which offers the local community free classes on various network security topics, personal internet safety, reverse engineering, embedded electronic projects, 3-D Printing and design, and offers a segregated virtualized pen-testing network where users can safely simulate attacking and penetrating machines in a safe lab environment.

Genovese currently has reinvented himself as a private security consultant involved in the computer security industry, doing penetration testing, along with contributions to the Metasploit project. He was also a guest speaker at security conferences eXcon and B-SidesCT in 2011, and again at B-SidesCT in 2014. In 2015 he was a panelist at Defcon 23 in Las Vegas.

Website Controversy[edit]

In 2003, his website was the first to release 0day code that exploited the MS03-026 Windows RPC vulnerability, which was later used by unknown hackers to create variants of the W32/Blaster Worm.[1] In response, Genovese released a tool he coded to remove the worm from an infected Windows PC's. [2]

In 2005, the site had posted leaked images and phone book from Paris Hilton's[3] T-Mobile Sidekick phone that were obtained from a fellow hacker.[4][5] Reportedly, the data was obtained by Social engineering (security) and exploiting a vulnerability in a BEA WebLogic Server database function that allowed an attacker to remotely read or replace any file on a system by feeding it a specially-crafted web request. BEA produced a patch for the bug in March 2003. The website was also mentioned in news articles, in connection with Fred Durst's[6] sex tape leak.


External links[edit]