Itzik Kotler


Itzik Kotler is an Israeli entrepreneur, inventor, and information security specialist who is the co-founder and CTO of SafeBreach, an Israeli cybersecurity firm. Kotler was previously the Security Operation Center Team Leader at Tel Aviv-based Radware. He has given multiple talks at DEF CON, the world's largest hacker convention.

Career

Kotler is an autodidact and played with computers and programmed since an early age. He started his career with the Israel Defense Forces. After serving in the military, Kotler worked at Radware where he became the Security Operation Center Team Leader. In 2009, Kotler demonstrated at DEF CON how a hacker could feasibly spread malware through software updates for applications like Skype. At the conference, Kotler and Bitton released a tool known as Ippon that could ask users on a public Wi-Fi network to update a specific application. If the users agreed, they would download malware instead of the updated version of the application.
Kotler left Radware in 2010 and joined a digital security firm, Security Art. Kotler served as the company's CTO. In May 2011, Kotler presented at the HackInTheBox conference in Amsterdam where he demonstrated how a Stuxnet-like malware could physically destroy servers in a permanent denial-of-service attack. Later in 2011, Kotler and Iftach Ian Amit presented at DEF CON, demonstrating how a bot master could communicate with botnets and with "zombie machines" using VoIP conference calls. Their open-source software, Moshi Moshi, illustrated how they could send instructions to and receive data from botnets and infiltrated networks using any phone line. Kotler also hosted a "Hack-a-thon" in 2011 with the goal of teaching hackers new techniques and improving information security.
After leaving Security Art, Kotler went on to co-found SafeBreach with Guy Bejerano in September 2014. Kotler serves as the company's CTO. In July 2015, SafeBreach announced that it had raised $4 million in funding from Silicon Valley-based Sequoia Capital and angel investor, Shlomo Kramer. One of the company's primary services is a simulated "war game" that seeks to find breaches in a network's system.
Kotler is the author of "Reverse Engineering with LD_PRELOAD," an article published in 2005. The article discussed how LD_PRELOAD can be abused in order to highjack functions and inject code and manipulate applications flow. The same year, Kotler wrote for and presented at the 22nd Chaos Communication Congress. His presentation "Advanced Buffer Overflow Methods" was used in various academic papers and conferences. Additional work includes speaking at BlackHat USA and RSA Europe in 2008 on the topic of a prototype Javascript malware called Jinx, and organizing two additional hackathons proving the concept of Trojan in Python that infects Python files.