Itzik Kotler <ik@nullikotler.org>

Itzik Kotler is an Independent consultant and entrepreneur. Before that, he was the Chief Technology Officer for Security Art where he researched, designed, and developed new security services and products. Prior to joining Security Art, Itzik was the Security Operation Center (SOC) Team Leader at Radware (NASDQ: RDWR) where he led a team responsible for the security research and content delivery for all Radware products. Prior to Radware, Itzik worked at several start-up companies as a Security Researcher and Software Engineer.

More information: Blog | LinkedIn | Twitter | Resume

Software Projects

• Hackersh ("Hacker Shell") is a free and open source shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes. Hackersh is written in Python, and is available under the GPL version 2 or later version.
• Pythonect is a new, experimental, general-purpose dataflow programming language based on Python. It aims to combine the intuitive feel of shell scripting (and all of its perks like implicit parallelism) with the flexibility and agility of Python. Pythonect interpreter (and reference implementation) is written in Python, and is available under the BSD license
• Pytroj is a proof of concept malware that infects Python compiled files (*.pyc). It searches for Python compiled files in a directory and injects itself and a payload into them. Pytroj is written in Python, and is available under the LGPL license v2.1 or later. Symantec posted a blog entry on Pytroj named "This Python Has Venom!"
• Moshi Moshi is a proof of concept bot that communicates over VoIP. It dial out using SIP protocol and uses DTMF tones as an input and voice (i.e. text-to-speech) as an output. Moshi Moshi is written in Python, and is available under the GPL v3 license
• Turbot is a proof of concept bot that communicates over HTTP and has no single point of failure. It is using a spread spectrum-like algorithm and encryption to communicate over free writeable Web sites. Turbot is written in Python, and is available under the GPL v3 license
• IPPON is a tool that uses several techniques of update-exploitation attacks which leverages a man-in-the-middle attack, to build and inject a fake update reply or hijack an on-going update session. IPPON is written in Python, and is available under the GPL v3 license. IPPON has been reviewed and discussed in Chapter 5 of the Hacking Exposed Wireless, Second Edition book

Presentations

• "Hack and Slash with Pythonect." HackMiami 2013
• "Pythonect-Fu: From Function to Language." NoSuchCon 2013
• "Hack Like It's 2013 (The Workshop)." Hack In The Box Amsterdam 2013
• "All Your Mobile Applications Are Belong To Us." OWASP Israel 2011 Annual Conference
• "Sounds Like Botnet." with Iftach Ian Amit. Defcon 2011
• "Represent! Defcon Groups, Hackerspaces, and You." Panel Member. Defcon 2011
• "Sounds Like Botnet." with Iftach Ian Amit. BSides Las Vegas 2011
• "Let Me Stuxnet You." Hack In The Box Amsterdam 2011
• "Let Me Stuxnet You." Hackito Ergo Sum 2011
• "Industrial Cyber Warfare Already Here." 5th Annual France Israel Cyber Security Forum 2011
• "Hackers to CSO." Panel Member. Congresso Security Leaders 2010
• "Turbot - A Next Generation Botnet." with Ziv Gadot. Hackito Ergo Sum 2010
• "The Day of the Updates." with Tomer Bitton. Defcon 2009
• "Malware 2.0." with Jonathan Rom. RSA Conference Europe 2008
• "Jinx - Malware 2.0." with Jonathan Rom. Black Hat USA 2008
• "Shellcode Evolution." H2HC (Hackers 2 Hackers) Sao Paulo Brazil 2006
• "Advanced Buffer Overflow Methods." Tel-Aviv University Security Forum 2006
• "Advanced Buffer Overflow Methods." 22nd Chaos Communication Congress (22C3) 2005

Publications

• "(Hebrew) כשהווירוס מחייג אליך למשרד." Calcalist, Nov 2011
• "Botnet That Dial Home." Hakin9 Magazine, Extra Issue, Oct 2011
• "Can You Hear Them Hacking." SecVoip Blog, Sep 2011
• "Ready or Not Industrial Cyber Warfare Comes." Enterprise IT Security Magazine, May 2011
• "Click, Click, Boom: Industrial Cyber Warfare Already Here." Global Security Mag, Mar 2011
• "Malware Attacks the Software Update Process." Enterprise Systems Journal (Online), Dec 2009
• "The Dangers of Web 2.0." Security Matters Magazine (Online), 2008
• "Web 2.0: Attack of the JavaScript Malware." SC Magazine US (Online), Jul 2008
• "Shellcodes Evolution." Hakin9 Magazine, Issue 1, Jan 2007
• "Exploiting with linux-gate.so.1." NewOrder Newsletter, Issue 13, Mar 2006
• "Linux Improvised Userland Scheduler Virus." Uninformed Journal, Volume 3, Dec 2005
• "Smack the Stack (Advanced Buffer Overflow Methods)." Proceedings of 22C3, Dec 2005
• "Reverse Engineering with LD_PRELOAD." NewOrder Website, Jul 2005
• "Abusing .CTORS and .DTORS for Fun and Profit." NewOrder Website, Jun 2005
• "10,000 Monkeys and a Webpage." NewOrder Newsletter, Issue 12, Dec 2005