My name is Itzik Kotler and I’m the Co-Founder and Chief Technology Officer of SafeBreach. I live in Mountain View, California, with my wife Dana, and our children, Maya and Adam. I have a passion for offensive security and solving hard problems. In my free time, I enjoy playing my electric bass guitar and appreciating Scotch Whiskies.
Sometimes I blog here. Follow me on Twitter @itzikkotler
coding
Selected Projects:
-
Hackersh is a free and open source shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes. Hackersh is written in Python, and is available under the GPL version 2 or later version. Hackersh is referenced in the Anti-Hacker Tool Kit, Fourth Edition
-
Pythonect is a new, experimental, general-purpose dataflow programming language based on Python. It provides both a visual programming language and a text-based scripting language. The text-based scripting language aims to combine the quick and intuitive feel of shell scripting, with the power of Python. The visual programming language is based on the idea of a diagram with “boxes and arrows”.
-
Pytroj is a proof of concept malware that infects Python compiled files (*.pyc). It searches for Python compiled files in a directory and injects itself and a payload into them. Pytroj is written in Python, and is available under the LGPL license v2.1 or later. Symantec posted a blog entry on Pytroj named “This Python Has Venom!”
-
Moshi Moshi is a proof of concept bot that communicates over VoIP. It dial out using SIP protocol and uses DTMF tones as an input and voice (i.e. text-to-speech) as an output. Moshi Moshi is written in Python, and is available under the GPL v3 license. Moshi Moshi has been reviewed and discussed in Chapter 8 of the Unified Communications Forensics: Anatomy of Common UC Attacks
-
IPPON is a tool that uses several techniques of update-exploitation attacks which leverages a man-in-the-middle attack, to build and inject a fake update reply or hijack an on-going update session. IPPON is written in Python, and is available under the GPL v3 license. IPPON has been reviewed and discussed in Chapter 5 of the Hacking Exposed Wireless, Second Edition book
More …
speaking
I love presenting my research, meeting new people, and traveling to different places:
2019
- “BackdorOS: The In-memory OS for Red Teams” @ Texas Cyber Summit
- “Process Injection Techniques - Gotta Catch Them All” w/ Amit Klein @ DEF CON
- “Process Injection Techniques - Gotta Catch Them All” w/ Amit Klein @ Black Hat USA
2018
- “Backdooring With Metadata” @ CircleCityCon
- “Backdooring With Metadata” @ Converge Conference
- “Heroes, Villains and Simulation of Adversaries” @ Secure360 Twin Cities
2017
- “Malwares From Thin Bits” @ BSidesDFW
- “Weaponizing Threat Intelligence” w/ Steve Mason @ ISSA International Conference
- “The Adventures of AV and the Leaky Sandbox” w/ Amit Klein @ DEF CON
- “The Adventures of AV and the Leaky Sandbox” w/ Amit Klein @ Black Hat USA
- “I’m In Your $PYTHONPATH, Backdooring Your Python Programs” @ THOTCON
2016
- “Just Got PWND.sh” @ SkyDogCon
- “Breach Your Own Castle: Suit Up and Play Offense for Better Security” @ ISACA CSX North America
- “Crippling HTTPS with Unholy PAC” w/ Amit Klein @ Black Hat USA
- “In Plain Sight: The Perfect Exfiltration” w/ Amit Klein @ Hack In The Box Amsterdam
- “Goodbye Data, Hello Exfiltration” @ BSides Orlando
- “Hacking Inward - Implementing Effective Cyber War Games” @ RSA Conference USA
2015
- “Learning From The BlackHats - Proactive, Offense Approach To Security” w/ Danelle Au @ NYMJCSC
2013
- “Intro to Hackersh, Workshop” @ Black Lodge Research
- “Hack Like It’s 2013 with Pythonect and Hackersh” @ RVAsec
- “Hack and Slash with Pythonect” @ HackMiami
- “Pythonect-Fu: From Function to Language” @ NoSuchCon
- “Hack Like It’s 2013 (The Workshop)” @ Hack In The Box Amsterdam
2011
- “All Your Mobile Applications Are Belong To Us” @ OWASP Israel Annual Conference
- “Sounds Like Botnet” w/ Iftach Ian Amit @ DEF CON
- “Represent! Defcon Groups, Hackerspaces, and You” Panel Member @ DEF CON
- “Sounds Like Botnet” w/ Iftach Ian Amit @ BSides Las Vegas (aka. BSidesLV)
- “Let Me Stuxnet You” @ Hack In The Box Amsterdam
- “Let Me Stuxnet You” @ Hackito Ergo Sum
- “Industrial Cyber Warfare Already Here” @ France Israel Annual Cyber Security Forum
2010
- “Hackers to CSO” Panel Member @ Congresso Security Leaders
- “Turbot - A Next Generation Botnet” w/ Ziv Gadot @ Hackito Ergo Sum
2009
- “The Day of the Updates” w/ Tomer Bitton @ DEF CON
2008
- “Malware 2.0” w/ Jonathan Rom @ RSA Conference Europe
- “Jinx - Malware 2.0” w/ Jonathan Rom @ Black Hat USA
2006
- “Shellcode Evolution” @ Hackers 2 Hackers (H2HC) Sao Paulo Brazil
- “Advanced Buffer Overflow Methods” @ Tel-Aviv University Security Forum
2005
- “Advanced Buffer Overflow Methods” @ 22nd Chaos Communication Congress (22C3)
writing
I’ve written a lot of different things over the years, from technical articles to blog posts to :
2015 - …
- “In Cybersecurity, Best Practices Are The Worst” in Forbes
- “Hackers Play Dirty, So Practice Good Digital Hygiene” in Forbes
- “Fear And Loathing In Cyberspace” in Forbes
- “To Break The Rules Of Cybersecurity, You Must Know The Rules Of Cybersecurity” in Forbes
- “Don’t Let Your Fear Of Nation-State Hackers Blind You” in Forbes
- “Demystifying Criminal Hackers” in Forbes
- “Defending Against Hacking’s Long Game: It Ain’t Over Til It’s Over” in Forbes
- “Advanced Persistent Threats: Calling The Hackers’ Bluffs” in Forbes
- “When Good Tech Goes Bad” in Forbes
- “Staying One Step Ahead Of Criminal Hackers” in Forbes
- “Do You Do Security Due Diligence Before A Merger Or Acquisition?” in Forbes
- “Were You Attacked Today With Yesterday’s Hacking Technique?” in Forbes
- “Fixating On Vulnerabilities Is A Vulnerability” in Forbes
- “The Key To Cybersecurity: Shared Intelligence And Industry Cooperation” in Forbes
2012 - 2013
2011
- “(Hebrew) כשהווירוס מחייג אליך למשרד” in Calcalist
- “Botnet That Dial Home” in Hakin9 Magazine, Extra Issue (October)
- “Can You Hear Them Hacking” in SecVoip Blog
- “Ready or Not Industrial Cyber Warfare Comes” in Enterprise IT Security Magazine (May)
- “Click, Click, Boom: Industrial Cyber Warfare Already Here” in Global Security Magzine
2009
- “Malware Attacks the Software Update Process” in Enterprise Systems Journal (Online)
2008
- “The Dangers of Web 2.0” in Security Matters Magazine (Online)
- “Web 2.0: Attack of the JavaScript Malware” in SC Magazine US (Online)
2007
- “Shellcodes Evolution” in Hakin9 Magazine, Issue 1 (January)
2006
- “Exploiting with linux-gate.so.1” in NewOrder Newsletter, Issue 13
2005
- “Linux Improvised Userland Scheduler Virus” in Uninformed Journal, Volume 3
- “Smack the Stack (Advanced Buffer Overflow Methods)” in Proceedings of 22C3
- “Reverse Engineering with LD_PRELOAD” in NewOrder Website
- “Abusing .CTORS and .DTORS for Fun and Profit” in NewOrder Website
- “10,000 Monkeys and a Webpage” in NewOrder Newsletter, Issue 12
DOING
I love to volunteer and give back to the community. Very proud to be part of the following:
- Contributor, MITRE ATT&CK Framework (2017)
- Board Member, OWASP Israel (2013 - 2015)
- Member of the Information Security Committee at The Standards Institution of Israel (2012-2015)
- Member of the Program Committee at Hack In The Box Conference (2011-Present)
- Member of the Program Committee at Hackito Ergo Sum Conference (2010-Present)
- Co-organizer of the 1st Security Hackathon in Israel [Media Coverage in Hebrew] (2011)
- Co-organizer of DC9723, Israel’s Defcon Group (2010-Present)