Citizenship French Name Elie Bursztein Nationality French | Fields Computer security | |
![]() | ||
Alma mater Ecole Normale Superieure de Cachan, 2008 Education Ecole normale superieure de Cachan Similar People Dan Boneh, John C Mitchell, Sergey Brin, David Drummond, Larry Page Profiles | ||
Doctoral advisor Jean Goubault-Larrecq Residence United States of America |
Def con 22 elie bursztein and celine bursztein i am a legend hacking hearthstone
Elie Bursztein leads the anti-abuse research team at Google. He is best known for his research on anti-fraud and abuse, his novel attacks against web service and video games and his work on applied cryptography. Prior to Google Bursztein was a post-doctoral fellow in computer science at Stanford University, where he focused on CAPTCHAs security and usability.
Contents
- Def con 22 elie bursztein and celine bursztein i am a legend hacking hearthstone
- Def con 20 elie bursztein and patrick samy fuzzing online games
- Education
- Anti Fraud and Abuse
- Applied Cryptography
- CAPTCHA
- Game security
- Web security
- Awards
- References

Def con 20 elie bursztein and patrick samy fuzzing online games
Education
Elie Bursztein obtained his computer engineering degree from EPITA in 2004, his master's degree in computer science from Paris 7/ ENS, in 2004 (under the supervision of Patrick Cousot) and his PhD in computer science from École Normale Supérieure de Cachan in 2008 (under the supervision of Jean Goubault-Larrecq). His PhD thesis tilted "Anticipation games. Théorie des jeux appliqués à la sécurité réseau" (Anticipation game. Game theory applied to network security) showed how to combine model-checking, temporal logic and game theory to find the optimal responses to network attacks. At Stanford University, he was a post-doctoral fellow with the Stanford Security Laboratory, a unit of the computer science department that focuses on network and computer security.
Anti-Fraud and Abuse
In 2014 Bursztein published the first study on Account manual hijackers. With Kurt Thomas et al. he published how Google attempt to reduce phone verified account fraud. In 2015 with Kurt Thomas et al. he received the S&P best practical award for his study of malicious ads injectors. With Joseph Bonneau et al. he got the WWW'15 best student paper award for publishing the first practical study on secret questions security and usability using Google data.
Applied Cryptography
In 2009 Bursztein presented the first complete analysis of the Microsoft DPAPI (Data Protection Application Programming Interface) with Jean Michel Picod. In 2011 with J. Lagarenne, M. Hamburg and D. Boneh he used private set intersection protocols to defend against game map hacking. In 2014 with Adam Langley he made Chrome on mobile roughly three times faster by implementing a new TLS cipher suite that uses the algorithms ChaCha20 and Poly1305.
CAPTCHA
Bursztein's research on CAPTCHAs aims to make the puzzles easier for humans to solve and harder for computers to crack. His main contributions are an easier captcha for Human used by Recaptcha and a generic algorithm to break text-based captcha.
In 2009, Bursztein showed with Steven Bethard that eBay audio captchas were broken. In 2010, he studied with S. Bethard, C. Fabry, D. Jurafsky and J. C. Mitchell how humans perform on real world CAPTCHAS by running a large-scale study. In 2011, he demonstrated with R. Beauxis, H. Paskov, D. Perito, C. Fabry and J. Mitchell that non-continuous audio CAPTCHA were ineffective. Bursztein was part of a team of Stanford researchers that broke NuCaptcha's security, despite the company's claims of being the "next generation" of video-based CAPTCHA security. He told CNET News in 2012 that "we are able to break NuCaptcha's video scheme with over 90 percent success."
Game security
In 2010 at Defcon he showed how to build a generic map hack software. In 2012 at Defcon he demonstrated how to fuzz online games including diablo 3 and league of legend. In 2014 at Defcon he showed how to use machine learning to predict what the opponent will play for the card based game Hearthstone. At Blizzard request the tool was never made public.
Web security
Some of his notable achievements in web and mobile security include:
Awards
Notable awards: