Itzik Kotler is an Israeli entrepreneur,[1] inventor,[2][3] and information security specialist[4] who is the co-founder and CTO of SafeBreach, an Israeli cybersecurity firm.[5][6] Kotler was previously the Security Operation Center Team Leader at Tel Aviv–based Radware.[7] He has given multiple talks at DEF CON, the world's largest hacker convention.[8][9][10]

Itzik Kotler
Born
Occupation(s)Entrepreneur
Inventor
Information security specialist
Known forCo-founder and CTO of SafeBreach
WebsiteSafeBreach

Career

edit

Kotler is an autodidact and played with computers and programmed since an early age. He started his career with the Israel Defense Forces.[5][11] After serving in the military, Kotler worked at Radware where he became the Security Operation Center Team Leader.[12] In 2009, Kotler (along with colleague, Tomer Bitton) demonstrated at DEF CON how a hacker could feasibly spread malware through software updates for applications like Skype. At the conference, Kotler and Bitton released a tool known as Ippon ("game over" in judo parlance) that could ask users on a public Wi-Fi network to update a specific application. If the users agreed, they would download malware instead of the updated version of the application.[7][8]

Kotler left Radware in 2010 and joined a digital security firm, Security Art. Kotler served as the company's CTO. In May 2011, Kotler presented at the HackInTheBox conference in Amsterdam where he demonstrated how a Stuxnet-like malware could physically destroy servers in a permanent denial-of-service (PDoS) attack.[13] Later in 2011, Kotler and Iftach Ian Amit presented at DEF CON, demonstrating how a bot master could communicate with botnets and with "zombie machines" using VoIP conference calls. Their open-source software, Moshi, illustrated how they could send instructions to and receive data from botnets and infiltrated networks using any phone line (including payphones).[9][14] Kotler also hosted a "Hack-a-thon" in 2011 with the goal of teaching hackers new techniques and improving information security.[4][15]

After leaving Security Art, Kotler went on to co-found SafeBreach with Guy Bejerano in September 2014.[16] Kotler serves as the company's CTO.[5] In July 2015, SafeBreach announced that it had raised $4 million in funding from Silicon Valley–based Sequoia Capital and angel investor, Shlomo Kramer.[1][6] One of the company's primary services is a simulated "war game" that seeks to find breaches in a network's system.[6]

Kotler is the author of "Reverse Engineering with LD_PRELOAD," an article published in 2005.[17] The article discussed how LD_PRELOAD can be abused in order to highjack functions and inject code and manipulate applications flow.[18] The same year, Kotler wrote for and presented at the 22nd Chaos Communication Congress.[19] His presentation "Advanced Buffer Overflow Methods" was used in various academic papers and conferences.[20][21][22] Additional work includes speaking at BlackHat USA and RSA Europe in 2008 on the topic of a prototype Javascript malware called Jinx,[23][24] and organizing two additional hackathons proving the concept of Trojan in Python that infects Python files.[25]

References

edit
  1. ^ a b "TechNation Bezeq Launches Smart' Home Monitoring System Featuring Camera and Door Monitors". Haaretz. 9 July 2015. Retrieved 21 September 2015.
  2. ^ Ligh, Michael Hale; Andrew Case; Jamie Levy; Aaron Walters (28 July 2014). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (1 ed.). Wiley. ISBN 978-1118825099.
  3. ^ Grant, Nicholas; Joseph Shaw II (7 October 2013). Unified Communications Forensics: Anatomy of Common UC Attacks. Syngress. ISBN 9780124046054.
  4. ^ a b "קבוצת Defcon Israel בכנס Hackathon ראשון" (in Hebrew). Geektime. 28 June 2011. Retrieved 21 September 2015.
  5. ^ a b c Weinglass, Simona (8 July 2015). "What would your enemy do? Israeli cybersecurity firm SafeBreach raises $4m". Geektime. Retrieved 21 September 2015.
  6. ^ a b c Goldenberg, Roy (8 July 2015). "Cyber security co SafeBreach raises $4m". Globes. Retrieved 21 September 2015.
  7. ^ a b Mills, Elinor (3 August 2009). "Using software updates to spread malware". CNET. Retrieved 21 September 2015.
  8. ^ a b "קבוצתחוקרים ישראליים מזהירים: תהליך העדכון של תוכנות חשוף להפצת מזיקים" (in Hebrew). PC.co. 3 August 2009. Retrieved 21 September 2015.
  9. ^ a b Greene, Tim (9 August 2011). "Defcon: VoIP makes a good platform for controlling botnets". Network World. Archived from the original on November 3, 2014. Retrieved 21 September 2015.
  10. ^ "חברים בוועדות תקינה אבטחת מידע". www.sii.org.il (in Hebrew). Standards Institute of Israel. Retrieved 21 September 2015.
  11. ^ Masserini, John Lucas (8 July 2015). "SafeBreach Raises $4 million In First Funding Round". Security Current. Retrieved 21 September 2015.
  12. ^ Kotler, Itzik (30 July 2008). "Web 2.0: Attack of the JavaScript malware". SC Magazine. Retrieved 21 September 2015.
  13. ^ Rubens, Paul (30 June 2011). "Stop Software Attacks From Destroying Your Servers". Serverwatch.com. Retrieved 21 September 2015.
  14. ^ Greene, Tim (10 August 2011). "10 scariest hacks from Black Hat and Defcon". Network World. Archived from the original on February 18, 2015. Retrieved 21 September 2015.
  15. ^ "ריצת המרתון של ההאקרים". Globes (in Hebrew). 27 June 2011. Retrieved 21 September 2015.
  16. ^ "סקויה ושלמה קרמר משקיעים 4 מיליון דולר בחברת אבטחת מידע ישראלית" (in Hebrew). TheMarker. 8 July 2015. Retrieved 21 September 2015.
  17. ^ Kotler, Izik (6 July 2005). "Reverse Engineering with LD_PRELOAD". Security Vulns. Retrieved 14 October 2015.
  18. ^ Ligh, Michael Hale (2014). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. John Wiley & Sons. ISBN 9781118824993.
  19. ^ "Advanced Buffer Overflow Methods or Smack the Stack". Chaos Communication Congress. 15 January 2007. Retrieved 14 October 2015.
  20. ^ Heelan, Sean (3 September 2009). "Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerables" (PDF). Univbersity of Oxford. Retrieved 14 October 2015.
  21. ^ "CSE 277 - Computer Security" (PDF). ECSD.edu. Retrieved 14 October 2015.
  22. ^ Muller, Tilo (17 February 2008). "ASLR Smack & Laugh Reference" (PDF). Seminar on Advanced Espoitation Techniques. Archived from the original (PDF) on 2017-03-20. Retrieved 14 October 2015.
  23. ^ "RSA Conference Europe 2008".
  24. ^ "Javascript to be next core malware language". itNews. 30 October 2008. Retrieved 20 October 2015.
  25. ^ Doherty, Stephen (7 October 2011). "THis Python Has Venom!". Symantec. Archived from the original on 6 December 2011. Retrieved 20 October 2015.
edit