Inbar Raz

Hacker of Things

Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 on his Dragon 64. At 13 he got a PC, and promptly started Reverse Engineering at the age of 14. Through high-school he was a key figure in the Israeli BBS scene. He spent most of his career in the Internet and Data Security field, and the only reason he’s not in jail right now is because he chose the right side of the law at an earlier age.

Inbar specializes in outside-the-box approach to analyzing security and finding vulnerabilities. Using his extensive experience of over 20 years in the Internet and Data security fields, he spent 3 years at Check Point, running the Malware and Security Research, and 2 years at PerimeterX, performing fascinating research on Bots and Automated Attacks and educating both customers and the public about the subjects.

Inbar has presented at a number of conferences, including Defcon, Kaspersky SAS, Hack.lu, CCC, Virus Bulletin, ZeroNights, ShowMeCon, several Law Enforcement events and Check Point events.

In Soviet Russia, Vulnerability Finds You

Many times, security researchers pick a subject or a field, and then go hunting for interesting stuff. And let’s face it – in lack of real Security-by-Design policies and adequate security practices, pretty much every stone you’ll turn will reveal something under it.

But sometimes, interesting things just run into you while you’re going about your business. Something just appears before your eyes, begging for your attention.

The stories in this talk are all about research that started because I ran into something and it caught my attention – I wasn’t looking for it. From Web Automation, through Loyalty Card fraud, Bots on Tinder and Airport Security fails, I just stumbled into all of them. Some allow you to steal PII, some allow you to steal money, and some allow you to steal, well, an airport.

Clarification: While the presentation is named after the famous meme, none of the cases actually happened in Russia.