About Me
Hello! I’m Sharon Brizinov, a security researcher with more than 200 CVEs. I specialize in vulnerability research and OT/IoT security. I’ve presented my research in many conferences including DEFCON, BlackHat, BlueHatIL, HITCON, SANS, and more. I also contribute code to open-source projects, see my GitHub page.
I also participated in Pwn2Own five times including ICS 2020, ICS 2022, IoT 2022,ICS 2023, IoT 2023, got SANS Institue Researcher-of-the-Year Award and won DEFCON 27’s ICS CTF, earning a DEFCON black badge.
I found vulnerabilities in major companies and products such as:
- ICS: Siemens, GE, Rockwell Automation, ABB, Emerson, Honeywell, Schneider Electric, and others.
- IoT: Qualcomm, Synology, Western Digital, Netgear, TP-Link, and others.
- Misc: Wireshark, Splunk, BusyBox, and others.
- BugBounty: Meta, AWS, Microsoft, Yahoo, Adobe, Shopify, and others.
Selected Writeups, competitions, and presentations
- 2024 - [Writeup]Bypassing Rockwell Logix Controllers Trusted Slot
- 2024 - [Presentation]BSidesTLV 2024 - Phishing, Smishing, and the birth of ScanMySMS
- 2024 - [Writeup]Pwn2Own: Pivoting from WAN to LAN Part 2 - Synology BC500 IP Camera
- 2024 - [Writeup]Pwn2Own: Pivoting from WAN to LAN Part 1 - TP-Link ER605 router
- 2024 - [Writeup]Unpacking the Blackjack Group Fuxnet Malware
- 2023 - [Writeup] Synology NAS DSM Account Takeover: When Random is not Secure
- 2023 - [Presentation] DEFCON 31 & BlackHat - Exploiting OPC UA - Practical Attacks Against OPC UA Architectures
- 2023 - [Presentation] DEFCON 31 & BlackHat - A Pain in the NAS Exploiting Cloud Connectivity to PWN your NAS
- 2023 - [Writeup] Multi-Part Series on OPC UA Security Deep Dive
- 2022 - [Presentation] Nexsus 22 - Live Hacking - Patient Monitor
- 2022 - [Presentation] OTCEP 22 - Hiding Code in PLCs
- 2022 - [Presentation] DEFCON 30 - Evil PLC Attack
- 2022 - [Research Paper] Evil PLC Attack: Weapnizing PLCs
- 2022 - [Presentation] SANS ICS 2022 - Hunting EtherNet/IP Protocol Stacks
- 2022 - [Presentation] S4x22 2022 - The Race to Native Code Execution in Siemens PLCs
- 2022 - [Presentation] BlueHat IL 2022 - Pwn’ing Cloud-Based Intercoms at Scale
- 2022 - [Writeup] Hiding Code on Rockwell Automation PLCs
- 2022 - [Research Paper] Exploiting URL Parsers
- 2021 - [Presentation] HackInParis 2021 - Pwning Industrial Remote Access Clients
- 2021 - [Writeup] Pwning Industrial Remote Access Clients
- 2021 - [Writeup] Unboxing BusyBox: 14 Vulnerabilities Uncovered
- 2021 - [Writeup] Crashing SIP Clients With a Single Slash
- 2021 - [Writeup] Finding Bugs in a Popular EtherNet/IP Protocol Stack
- 2021 - [Presentation] DEFCON 29 - Exploiting Vulnerabilities In the OT Cloud Era
- 2021 - [Presentation] Hack the Capitol - Attacking Your OT Network
- 2020 - [Research Paper] Exploring The OPC Attack Surface
- 2020 - [Writeup] ZDI - RCE on Schneider Electric Ecostruxure software
- 2020 - [Research Paper] Exploiting WIBU CodeMeter to attack ICS networks
Projects
| Type | Name | Description |
|---|---|---|
| Misc | BrachotPlus |  Free, online AI generated greeting cards, mostly for Jewish holidays. |
| Security | ScanMySMS |  Detecting smishing (SMS-Phising). Enter SMS content with a potentially malicious URL and let us verify it for you. |
| Networks | Ultimate Pcap |  Capture file containing a wide variety of protocols, useful for stress-testing and fuzzing. Covers almost all of Wireshark protocol dissectors with great code coverage. |
| Misc | secfeed |  Stupid simple solution to keep track of various cyber security related sources including research blogs, CVEs, advisories, etc. The script will query a list of websites and extract urls matching to specific regexs. If there are new sources (e.g. new CVE was released), a notification will be sent to Slack with the relevant link. |
| Misc | Slack Anti-Delete & Slack Sounds |  Some research I did on Slack - I patched my Slack client to keep messages that others delete, simple tool to customize Slack sound notifications. |
| Dev | DumpRequests |  Simple stupid class for globaly auto patching the entire python requests library to dump all requests and responses, for debug purposes. |
| Security | Unboxing Busybox - BusyBox Fuzzing |  Created a detailed guides & tools to fuzz the popular BusyBox software suite (several Unix utilities in a single executable file). |
| Security | EtherNet/IP & CIP Stack Detector |  EtherNet/IP & CIP Stack Detector that can help both cyber-security researchers, OT engineers, and asset owners to identify devices that are running a specific EtherNet/IP protocol stack. |
| Security | s3viewer |  Free tool for security researchers that lists the content of publicly open storages and helps to identify leaking data. |
| Security | Windows Keylogger |  Simple Windows keylogger using Windows Hooks. Also supports foreign languages |
| Game | #Yo |  #Yo is a fun mobile app game and a super-challenging way to enjoy the good old and crazy-fun Simon Says game. |
| Game | Assembly iCopter |  The old iCopter game written in assembly. |
| Misc | Whatsapp Analyzer |  Native iOS application for analyzing whatsapp conversations freely on your own iOS device. Written in Objective-C. |
| Misc | Meme Generator |  Meme generator - create memes from a ready library images with over dozens of different memes, or take photos from your camera or from your saved images. |