Marc Schönefeld's CV

Experience

Aug. 1997 - present -- Employed as Software Security Architect
Münster, Germany

• Pentest on J2EE applications
• Java Security training for J2EE developers
• Design, Implementation and Testing of CORBA and Message-based-Middleware Applications.
• Integration of Security features into middleware applications.
• Evaluation of new technologies

Sep. 2000 - present -- Illegalaccess.org
The Web, The World
Security Research

• Analysis of native-layer vulnerabilities in several JDK versions and add-on java libraries
• Discovery of Bugs and Construction of Proof-Of-Concept Exploits to be used by vendors
• Regular contribution to the bugtraq list for minor bugs or bugs ignored by vendors
• Drafted and edited security advisory reports for major bugs
• Spoke at major conferences about java native code vulnerabilities (esp. Blackhat)

Mar. 1994-present -- Evening School (VHS) Oelde-Ennigerloh
Oelde, Germany
Trainer

• Courses for School Children, PC-Beginners and Advanced Computer Users
• Linux, Java, Microsoft Products, Internet Technology, Efficient Online Use

1983 - present -- Freeware Community
Contributor

• Text-2-Blinkenlight-Converter (text2blm) in C++
• Corba-Adapter for JMX (an advanced version with more features is in use by a mayor german banking group), to make remote calls to MBeans from C,C++, Python, ....

Mar. 1997 - present -- Webmaster
The Web, The World
Senior Web Master

• Concept, Design, and Implementation of over 10 different PHP-driven Web sites
• Implemented tools in Perl, PHP, XSLT to use with amazon web services

Skills

Languages: German (native speaker), English (proficient), French and Spanish (Basic)

Programming lang's: Java, C++, C, PHP, Perl, VBA, Ada, Assembler (x86,6502,M68k)

Concepts and Architectures: CORBA, J2EE, JMX, XML, XSLT.

Software: Major free and commercial ORBs, Eclipse, ANT, Microsoft Office, JDK, BCEL .

Operating Systems: Windows 95/98/NT/2000, Linux, AIX, Solaris.

Education

1991 - 1997 -- University of Münster
Münster, Germany

• Master's degree in Wirtschaftsinformatik (Business Informatics), Nov. 1997.

Publications and Presentations

Java Security Stuff
• Presentation Blackhat Europe 2003, Amsterdam
  www.blackhat.com/presentations/bh-europe-03/bh-europe-03-schoenefeld.pdf
• Presentation Blackhat Windows 2003, Seattle
  www.blackhat.com/presentations/win-usa-03/bh-win-03-schoenfeld.pdf
• Presentation Blackhat USA 2002, Las Vegas
  www.illegalaccess.org/blackhat/blackhat.pdf
• Security Advisory concerning java media framework privilege escalation
  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760&zone_32=java%20media%20framework
• Report about Liveconnect Bug in Mozilla/Netscape
  http://bugzilla.mozilla.org/show_bug.cgi?id=200016
• Paper presented about Java Security Bug Patterns at AMCIS 2003, Tampa
  http://aisel.isworld.org/proceeding_passwordAMCIS2003.asp?Vpath=AMCIS\2003&PDFpath=03GA07.pdf
• White paper about Vulnerabilities in Java Distributions
  http://www.idefense.com/papers.html

Software Architecture Stuff
• Joint paper with Dr. Oliver Vering about 'Enhancing ERP-Efficiency through Workflow-Services' at AMCIS 2000, Long Beach
  http://aisel.isworld.org/password.asp?Vpath=AMCIS/2000&PDFpath=131.pdf
• Joint paper with Markus Pohlmann about 'Dynamic CORBA in a typical banking environment,presented at CSMR 2002, Budapest
  www.corba.org/industries/bankfin/budapest_bcibridge.pdf

Fuzzy Logic
• Diploma thesis about integrating a fuzzy controller in a workflow system
  http://www.beauchamp.de/res/msda.pdf

Professional Affiliations

• Association of Computing and Machinery
• Association for Information Systems
• Gesellschaft für Informatik (german society for computer science)

Teaching

• University of Münster, "Introduction to Fuzzy Logic", Summer 1996

Internships

• 1993 Krupp/USA Engineering and IT Department
• 1994 Krupp/USA Engineering and IT Department
• 1995 Krupp/South Africa Engineering and IT Department