Hello! I’m Sharon Brizinov, a security researcher with more than 200 CVEs. I specialize in vulnerability research and OT/IoT security. I’ve presented my research in many conferences including DEFCON, BlackHat, BlueHatIL, HITCON, SANS, and more. I also contribute code to open-source projects, see my GitHub page.
I also participated in Pwn2Own five times including ICS 2020, ICS 2022, IoT 2022,ICS 2023, IoT 2023, got SANS Institue Researcher-of-the-Year Award and won DEFCON 27’s ICS CTF, earning a DEFCON black badge.
I found vulnerabilities in major companies and products such as:
Type | Name | Description |
---|---|---|
Misc | BrachotPlus | Free, online AI generated greeting cards, mostly for Jewish holidays. |
Security | ScanMySMS | Detecting smishing (SMS-Phising). Enter SMS content with a potentially malicious URL and let us verify it for you. |
Networks | Ultimate Pcap | Capture file containing a wide variety of protocols, useful for stress-testing and fuzzing. Covers almost all of Wireshark protocol dissectors with great code coverage. |
Misc | secfeed | Stupid simple solution to keep track of various cyber security related sources including research blogs, CVEs, advisories, etc. The script will query a list of websites and extract urls matching to specific regexs. If there are new sources (e.g. new CVE was released), a notification will be sent to Slack with the relevant link. |
Misc | Slack Anti-Delete & Slack Sounds | Some research I did on Slack - I patched my Slack client to keep messages that others delete, simple tool to customize Slack sound notifications. |
Dev | DumpRequests | Simple stupid class for globaly auto patching the entire python requests library to dump all requests and responses, for debug purposes. |
Security | Unboxing Busybox - BusyBox Fuzzing | Created a detailed guides & tools to fuzz the popular BusyBox software suite (several Unix utilities in a single executable file). |
Security | EtherNet/IP & CIP Stack Detector | EtherNet/IP & CIP Stack Detector that can help both cyber-security researchers, OT engineers, and asset owners to identify devices that are running a specific EtherNet/IP protocol stack. |
Security | s3viewer | Free tool for security researchers that lists the content of publicly open storages and helps to identify leaking data. |
Security | Windows Keylogger | Simple Windows keylogger using Windows Hooks. Also supports foreign languages |
Game | #Yo | #Yo is a fun mobile app game and a super-challenging way to enjoy the good old and crazy-fun Simon Says game. |
Game | Assembly iCopter | The old iCopter game written in assembly. |
Misc | Whatsapp Analyzer | Native iOS application for analyzing whatsapp conversations freely on your own iOS device. Written in Objective-C. |
Misc | Meme Generator | Meme generator - create memes from a ready library images with over dozens of different memes, or take photos from your camera or from your saved images. |