ITZIK KOTLER (Independent Consultant)

HITB LAB TITLE:  Hack Like It’s 2013

HITB LAB ABSTRACT:

Try to imagine the amount of time and effort it would take you to write a bug-free script or application that will accept a URL, port scan it, and for each HTTP service that it finds, it will create a new thread and perform a black box penetration testing while impersonating a Blackberry 9900 smartphone. While you’re thinking, Here’s how you would have done it in Hackersh:

“http://localhost” \
-> url \
-> nmap \
-> browse(ua=”Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+”) \
-> w3af

Meet Hackersh (“Hacker Shell”) – A new, free and open source cross-platform shell (command interpreter) with built-in security commands and Pythonect-like syntax.

Aside from being interactive, Hackersh is also scriptable with Pythonect. Pythonect is a new, free, and open source general-purpose dataflow programming language based on Python, written in Python. Hackersh is inspired by Unix pipeline, but takes it a step forward by including built-in features like remote invocation and threads. This 120 minute lab session will introduce Hackersh, the automation gap it fills, and its features. Lots of demonstrations and scripts are included to showcase concepts and ideas.

ABOUT ITZIK KOTLER

Itzik Kotler has been doing Information Security for well over 12 years and is currently an independent consultant. Before that, he was the Chief Technology Officer at Security Art. Previously, Itzik was the Security Operation Center Team Leader at Radware and the Lead Security Researcher at Safend. Itzik speaks regularly at Blackhat, DefCon, RSA and other conferences. Additionally, he founded and organizes the Tel-Aviv DefCon (DC9723) meetup group, and is a member of the Standards Institution of Israel (SII) Committee on Information Security.