About Me

Hello! I’m Sharon Brizinov, a security researcher with more than 200 CVEs. I specialize in vulnerability research and OT/IoT security. I’ve presented my research in many conferences including DEFCON, BlackHat, BlueHatIL, HITCON, SANS, and more. I also contribute code to open-source projects, see my GitHub page.

I also participated in Pwn2Own five times including ICS 2020, ICS 2022, IoT 2022,ICS 2023, IoT 2023, got SANS Institue Researcher-of-the-Year Award and won DEFCON 27’s ICS CTF, earning a DEFCON black badge.

I found vulnerabilities in major companies and products such as:

Selected Writeups, competitions, and presentations


Projects

Type Name Description
Misc BrachotPlus Free, online AI generated greeting cards, mostly for Jewish holidays.
Security ScanMySMS Detecting smishing (SMS-Phising). Enter SMS content with a potentially malicious URL and let us verify it for you.
Networks Ultimate Pcap Capture file containing a wide variety of protocols, useful for stress-testing and fuzzing. Covers almost all of Wireshark protocol dissectors with great code coverage.
Misc secfeed Stupid simple solution to keep track of various cyber security related sources including research blogs, CVEs, advisories, etc. The script will query a list of websites and extract urls matching to specific regexs. If there are new sources (e.g. new CVE was released), a notification will be sent to Slack with the relevant link.
Misc Slack Anti-Delete & Slack Sounds Some research I did on Slack - I patched my Slack client to keep messages that others delete, simple tool to customize Slack sound notifications.
Dev DumpRequests Simple stupid class for globaly auto patching the entire python requests library to dump all requests and responses, for debug purposes.
Security Unboxing Busybox - BusyBox Fuzzing Created a detailed guides & tools to fuzz the popular BusyBox software suite (several Unix utilities in a single executable file).
Security EtherNet/IP & CIP Stack Detector EtherNet/IP & CIP Stack Detector that can help both cyber-security researchers, OT engineers, and asset owners to identify devices that are running a specific EtherNet/IP protocol stack.
Security s3viewer Free tool for security researchers that lists the content of publicly open storages and helps to identify leaking data.
Security Windows Keylogger Simple Windows keylogger using Windows Hooks. Also supports foreign languages
Game #Yo #Yo is a fun mobile app game and a super-challenging way to enjoy the good old and crazy-fun Simon Says game.
Game Assembly iCopter The old iCopter game written in assembly.
Misc Whatsapp Analyzer Native iOS application for analyzing whatsapp conversations freely on your own iOS device. Written in Objective-C.
Misc Meme Generator Meme generator - create memes from a ready library images with over dozens of different memes, or take photos from your camera or from your saved images.

Sharon Brizinov