Itzik Kotler <ik@nullikotler.org>

Itzik Kotler is an Independent consultant and entrepreneur. Before that, he was the Chief Technology Officer for Security Art where he researched, designed, and developed new security services and products. Prior to joining Security Art, Itzik was the Security Operation Center (SOC) Team Leader at Radware (NASDQ: RDWR) where he led a team responsible for the security research and content delivery for all Radware products. Prior to Radware, Itzik worked at several start-up companies as a Security Researcher and Software Engineer.

More information: Blog | LinkedIn | Twitter | Resume

Software Projects

  • Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes. Hackersh is written in Python, and is available under the GPL version 2 or later version.
  • Pythonect is a new, experimental, general-purpose dataflow programming language based on Python. It provides both a visual programming language and a text-based scripting language. The text-based scripting language aims to combine the quick and intuitive feel of shell scripting, with the power of Python. The visual programming language is based on the idea of a diagram with “boxes and arrows”.
  • Pytroj is a proof of concept malware that infects Python compiled files (*.pyc). It searches for Python compiled files in a directory and injects itself and a payload into them. Pytroj is written in Python, and is available under the LGPL license v2.1 or later. Symantec posted a blog entry on Pytroj named "This Python Has Venom!"
  • Moshi Moshi is a proof of concept bot that communicates over VoIP. It dial out using SIP protocol and uses DTMF tones as an input and voice (i.e. text-to-speech) as an output. Moshi Moshi is written in Python, and is available under the GPL v3 license
  • Turbot is a proof of concept bot that communicates over HTTP and has no single point of failure. It is using a spread spectrum-like algorithm and encryption to communicate over free writeable Web sites. Turbot is written in Python, and is available under the GPL v3 license
  • IPPON is a tool that uses several techniques of update-exploitation attacks which leverages a man-in-the-middle attack, to build and inject a fake update reply or hijack an on-going update session. IPPON is written in Python, and is available under the GPL v3 license. IPPON has been reviewed and discussed in Chapter 5 of the Hacking Exposed Wireless, Second Edition book

Presentations

Publications


Last Updated: Sunday August 18, 2013