About Me
Hello! I’m Sharon Brizinov, a security researcher. I specialize in vulnerability research and ICS/SCADA security. Most of the vulnerabilities I have found can be found here. In addition, I’ve participated in Pwn2Own 2020, 2022 and won DEFCON 27’s ICS CTF, earning a DEFCON black badge.
Besides security research, I also like to develop mobile applications and games. You can find most of my projects on GitHub.
Writeups, competitions, and presentations
- 2019 - [Competition] S4x19 - ICS CTF
- 2019 - [Competition] DEFCON 27 - ICS CTF
- 2019 - [Presentation] DEFCON 27 - Magical Change-IP Packets In the Wild
- 2020 - [Competition] Pwn2Own 2020 - ICS Miami
- 2020 - [White Paper] Exploiting WIBU CodeMeter to attack ICS networks
- 2020 - [Writeup] ZDI - RCE on Schneider Electric Ecostruxure software
- 2020 - [White Paper] Exploring The OPC Attack Surface
- 2021 - [Presentation] Hack the Capitol - Attacking Your OT Network
- 2021 - [Presentation] DEFCON 29 - Exploiting Vulnerabilities In the OT Cloud Era
- 2021 - [Writeup] Finding Bugs in a Popular EtherNet/IP Protocol Stack
- 2021 - [Writeup] Crashing SIP Clients With a Single Slash
- 2021 - [Writeup] Unboxing BusyBox: 14 Vulnerabilities Uncovered
- 2021 - [Writeup] Pwning Industrial Remote Access Clients
- 2021 - [Presentation] HackInParis 2021 - Pwning Industrial Remote Access Clients
- 2022 - [White Paper] Exploiting URL Parsers
- 2022 - [Writeup] Hiding Code on Rockwell Automation PLCs
- 2022 - [Presentation] BlueHat IL 2022 - Pwn’ing Cloud-Based Intercoms at Scale
- 2022 - [Presentation] S4x22 2022 - The Race to Native Code Execution in Siemens PLCs
Projects
| Type | Name | Description |
|---|---|---|
| Security | Unboxing Busybox - BusyBox Fuzzing |  Created a detailed guides & tools to fuzz the popular BusyBox software suite (several Unix utilities in a single executable file). |
| Security | EtherNet/IP & CIP Stack Detector |  EtherNet/IP & CIP Stack Detector that can help both cyber-security researchers, OT engineers, and asset owners to identify devices that are running a specific EtherNet/IP protocol stack. |
| Security | s3viewer |  Free tool for security researchers that lists the content of publicly open storages and helps to identify leaking data. |
| Security | Windows Keylogger |  Simple Windows keylogger using Windows Hooks. Also supports foreign languages |
| Game | #Yo |  #Yo is a fun mobile app game and a super-challenging way to enjoy the good old and crazy-fun Simon Says game. |
| Game | Assembly iCopter |  The old iCopter game written in assembly. |
| Misc | Whatsapp Analyzer |  Native iOS application for analyzing whatsapp conversations freely on your own iOS device. Written in Objective-C. |
| Misc | Meme Generator |  Meme generator - create memes from a ready library images with over dozens of different memes, or take photos from your camera or from your saved images. |