Michael Shalyt

Thinker, Hacker, Maker.

Aperio Systems

I was a Co-Founder, CEO & VP Product at Aperio (2016-2018). We created algorithms to validate physical sensor data in heavy manufacturing facilities – against data malfunctions and malicious tampering – using signal processing and machine learning. In that time we went from an idea to a deployed product, first customers and first millions of dollars raised. The company received multiple awards (notably Gartner’s 2017 “cool vendor” choice and CDM 2017 infosec award):

We won multiple competitions (like the CyberTech Startup Competition in Israel, ESB Pitch-off in Ireland, Free Electrons in Singapore, etc.):

Some top-tier publications got interested in Aperio, and we were featured in outlets like Forbes, Techcrunch, Bloomberg, CNBC and many others.

I've represented Aperio at various conferences focused both on information security and heavy manufacturing digitization:

And gave talks at many of them. For example RSA in San Francisco:

Check Point Software Technologies

Once I finished my army service, the first job I chose was as a malware research team leader at Check Point (2014-2015). I managed 8 researchers (2 abroad) working on PC and Android malware analysis, reverse engineering and machine-learning-for-cyber. Below is some of the work we made public.

Man In The Binder

In February 2015 I’ve attended the Kaspersky SAS invite-only information security conference as a speaker. I’ve presented a research conducted in my team at Check Point – describing a fundamental part of Android’s architecture (the Binder) and it’s potential dangers. This is the technical basis for the “Spy In Your Pocket” talk below.

Spy In Your Pocket

I gave this lecture at the 7th Annual Technology & Innovation – the Future of Security in Financial Services in Melbourne and again in Sydney. The talk is an introduction to the Android malware landscape, explaining why (in my opinion) the Android operating system should be in the focus of any information security specialist today, showing a demonstration of an innovative data-theft technique we researched and offering some protection methods:

The slides can be found here. A better quality audio recording (from Sydney – where I won the “best speaker” title) can be found here. The content was transformed into an article and published: SpyInYourPocket_FSTMedia. I gave an adapted version of this talk in Detroit (example of an invitation), Chicago, St Louis, Minneapolis and as a webinar.

“Hacking the Hacker”

One of the problems we tackled in my team at Check Point was the rise of cryptoviruses, a certain category of ransomware that encrypts all your personal files once it infects the computer – then demands you pay ransom to the criminals in exchange for the decryption key. One such cryptovirus was Dircrypt. We reverse engineered the malware and found its encryption implementation to contain mistakes – mistakes which allowed us to save most of the personal data of a victim without paying any ransom. We published the findings on Check Point’s website (full article available here), and got some traction in the media (for example, here and here). We also gave a talk to the general Check Point audience – explaining the research story:

https://www.slideshare.net/Shalyt/how-and-why-we-defeated-the-dircrypt-ransomware

“Volatile Ceder”

On the 31/3/15 we published our research describing “Volatile Cedar” (full report) – a cyber espionage campaign operating at least since 2012 with Lebanese origins (suspected to be run by the Hezbollah). The disclosure generated a lot of media buzz – I was interviewed (among others) here, here and here.