Itay Cohen🌱 Profile picture
Animal liberation activist & Reverse Engineer 🌟 Forbes 30 Under 30 • Maintainer of Cutter and Rizin • Leading Research @ Check Point • I don't eat animals.
Feb 27 • 9 tweets • 2 min read
I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics.
After a year of research, here’s what we found and how we did it. 👇

1/ research.checkpoint.com/2025/modern-ap… First, context. Many so-called "hacktivist" groups are not what they claim to be. They don’t just emerge organically as grassroots movements but created and used by intelligence agencies to conduct cyber and influence operations while pretending to be independent actors and... 2/
Feb 22, 2021 • 13 tweets • 3 min read
I'm excited to share our research in which we show that a 0-Day attributed to the Chinese APT31 was actually caught by the APT and replicated from Equation Group's 0-Day exploit for the same vulnerability. Here are some of the highlights — A long thread >>
research.checkpoint.com/2021/the-story… In our on-going project, @EyalItkin and I analyze Windows LPE 0-Day exploits and try to extract unique "fingerprints" that can be used for attribution of past and future exploits. We sat to analyze CVE-2017-0005, a 0-Day of a particular interest >>
Dec 16, 2020 • 5 tweets • 3 min read
The attackers behind the #SUNBURST malware put a lot of effort into trying to avoid detection by analysts and security vendors. Not only this, but they also tried to make sure to stay under the radar of #SolarWinds developers and employees. A thread >> When brute-forcing the FNV-1a hashes embedded in #SUNBURST, I noticed that some of the cracked strings look like domain names of #SolarWinds internal networks across the globe. If the domain of the infected computer ends with one of these names, the malware would not run >>
Aug 2, 2018 • 17 tweets • 10 min read
radare2 is one of the most famous RE frameworks out there. That said, it has some great features, and Easter-eggs that very few people know in details. This is going to be a thread – fasten your seatbelts and get ready for a journey into the less-known features of @radareorg! >> First things first, some history. The radare2 project was created by @trufae in February of 2006 to provide a free and simple command-line hexadecimal editor. Starting from a one-man-show, radare2 nowadays gathered a huge community and a substantial number of contributors >>