Iftach Ian Amit Explained

Iftach Ian Amit
Birth Place:Israel
Alma Mater:Interdisciplinary Center Herzlya
Occupation:Entrepreneur
Hacker
Information security specialist
Known For:Computer Security
Red Team[1]

Iftach Ian Amit (Hebrew: יפתח איאן עמית) is an Israeli Hacker[2] /computer security[3] researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON,[4] [5] [6] Black Hat,[7] [8] [9] BlueHat,[10] RSA Conference.[11] He has been named SC Magazine's top experts[12] and featured at Narratively's cover piece on Attack of the Superhackers[13] and is frequently quoted and interviewed[14] [15] [16] [17] [18]

Career

Amit started his professional career in 1998 at the Israeli information security consultancy Comsec as a Unix and Internet Application consultant. In 2001 he moved to the US to work as a software architect at Praxell (later to be acquired by Datavantage,[19] and then Micros).On 2004 Amit left the US to co-found Israeli startup BeeFence and served as its Chief Technology Officer. Then in 2006 he took position as the director of security research at the security vendor Finjan, and a similar position in 2008 with Aladdin Knowledge Systems.He then set out to serve as the vice president of consulting with Security-Art, and in 2012 took a position as director of services with the security consulting firm IOActive.Starting in 2014 he served as vice president of the social media cyber security startup ZeroFOX, after which in 2016 he became a manager with Amazon.com information security. Since 2018 he is serving as the Chief Security Officer of Cimpress.He serves as a general director of the board of BSides Las Vegas, a Senior Advisory Board member of Axon Cyber, and an Advisory Board member of ZeroFOX.

Research

During his career, Amit focused his research on varying topics ranging from uncovering the business elements of cybercrime,[20] [21] through connecting state sponsored activities with criminal ones.[22] He has contributed to one of the first research papers conducted on the Stuxnet worm,[23] and was featured on the cover of the inaugural Pentest Magazine about the Penetration Testing Execution Standard (PTES).[24] He also co-authored research with Aviv Raff on Windows Vista's inherently insecure Widgets,[25] which were later removed from the operating system. In 2011, Amit and Itzik Kotler presented at DEF CON, demonstrating how a bot master could communicate with botnets and with "zombie machines" using VoIP conference calls. Their open-source software, Moshi Moshi, illustrated how they could send instructions to and receive data from botnets and infiltrated networks using any phone line (including payphones).[26] [27] This research was also based on his original research into advanced data exfiltration, in which he uncovered a method for side-channel data exfiltration[28] through various channels - including phone lines and fax machines, and released an open source tool for it[29]

Presentations

Publications and articles

Patents

U.S. Patent 10,810,106, Automated application security maturity modeling.

Notes and References

  1. Web site: Black Hat USA 2013. www.blackhat.com.
  2. News: קבוצת Defcon Israel בכנס Hackathon ראשון. he . Geektime. 28 June 2011. 7 June 2016.
  3. News: Leyden. John. Hackers exploit Neosploit to booby trap BBC, US postal service. en. The Register. 3 Oct 2008. 7 June 2016.
  4. Web site: Tangent. The Dark. DEF CON® Hacking Conference - DEF CON 17 Archive. defcon.org. 7 June 2016.
  5. Web site: Tangent. The Dark. DEF CON® Hacking Conference - DEF CON 18 Archive. www.defcon.org.
  6. News: Greene . Tim. Defcon: VoIP makes a good platform for controlling botnets. Network World. 9 August 2011. https://web.archive.org/web/20141103053716/http://www.networkworld.com/article/2180023/uc-voip/defcon--voip-makes-a-good-platform-for-controlling-botnets.html. dead. November 3, 2014. 7 June 2016.
  7. Web site: Black Hat : Black Hat Speakers Page. www.blackhat.com. BlackHat. 7 June 2016.
  8. Web site: Black Hat ® Technical Security Conference: Europe 2010 // Archives. www.blackhat.com. 7 June 2016.
  9. Web site: Black Hat USA 2012. blackhat.com.
  10. Web site: BlueHat Security Briefings: Fall 2008 Sessions and Interviews. TechNet. Microsoft. 7 June 2016.
  11. Web site: The Newest Element of Risk Metrics: Social Media USA 2016 RSA Conference. www.rsaconference.com. 7 June 2016.
  12. News: Epper Hoffman. Karen. An epic ride: A look back at the ever-changing information security industry. 7 June 2016. SC Magazine. 8 December 2014.
  13. Web site: Rosen. Kenneth. Attack of the Superhackers. Narratively. Narrative.ly. 7 June 2016. 16 May 2014.
  14. Web site: Francis. Melissa. Ian Amit on Fox Business' Money With Melissa Francis March 21 2014. Fox. 21 March 2014.
  15. Web site: US CENTCOM Twitter Hijack 'Purely' Vandalism. Dark Reading.
  16. Web site: Experts to talk Threat Intelligence at cybersecurity symposium – Seidenberg School News. seidenbergnews.blogs.pace.edu.
  17. Web site: Ragan. Steve. Hacked Opinions: The legalities of hacking – Ian Amit. CSO Online.
  18. Web site: Santarcangelo. Michael. Two perspectives on social media for security leaders. CSO Online.
  19. Web site: Mears. Jennifer. Server clusters offer speed, savings. https://web.archive.org/web/20180411031403/https://www.networkworld.com/article/2332465/data-center/server-clusters-offer-speed--savings.html. dead. April 11, 2018. Network World.
  20. Web site: Security researcher discovers massive criminal database. ComputerWeekly.
  21. Web site: Tangent. The Dark. DEF CON® Hacking Conference - DEF CON 17 Archive. defcon.org.
  22. Web site: Tangent. The Dark. DEF CON® Hacking Conference - DEF CON 18 Archive. www.defcon.org.
  23. Web site: CSFI - Cyber Security Forum Initiative. www.csfi.us.
  24. Web site: Duc. Hiep Nguyen. 2011 PENTEST REGULAR ISSUES - Pentestmag. Pentestmag.
  25. Web site: Report: Widgets Will Be Your Next Woe. www.eweek.com. 17 September 2007 .
  26. Web site: Greene. Tim. Defcon: VoIP makes a good platform for controlling botnets. https://web.archive.org/web/20141103053716/http://www.networkworld.com/article/2180023/uc-voip/defcon--voip-makes-a-good-platform-for-controlling-botnets.html. dead. November 3, 2014. Network World. 8 June 2016.
  27. Web site: Greene. Tim. 10 scariest hacks from Black Hat and Defcon. https://web.archive.org/web/20150218104923/http://www.networkworld.com/article/2868939/lan-wan/10-scariest-hacks-from-black-hat-and-defcon.html#slide3. dead. February 18, 2015. Network World.
  28. Web site: NCSC. www.ncsc.nl.
  29. Web site: iiamit/data-sound-poc. GitHub.
  30. Web site: Closing Keynote - Ian Amit. . 28 June 2017.
  31. Web site: Opening Keynote - Ian Amit. . 25 June 2016.
  32. Web site: Simonite. Tom. Hey, Hackers: Defense Is Sexy, Too. MIT Technology Review.
  33. NATO in the Cyber Commons. NATO CCD-COE Publications. 19 October 2010. 7 June 2016.