Dave Lewis has twenty-five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. Lewis serves on the advisory boards for several firms. Lewis writes columns for Forbes, Daily Swig and several other publications.
Kelly Shortridge is currently VP of Product Strategy at Capsule8. Kelly is known for research into the applications of behavioral economics to information security and has spoken at conferences internationally including Black Hat USA, AusCERT, Hacktivity, Troopers, and ZeroNights. Kelly previously served in product roles at SecurityScorecard and BAE Systems Applied Intelligence after co-founding IperLane, a security startup which was acquired. Kelly began their career as an investment banking analyst at Teneo Capital covering the data security and analytics sectors.
My name is Tünde Lendvai, from Hungary. I am 1st-year student at National University of Public Service, International Defence, and Security Policy. I’ve earned my bachelor’s degree in public service management and learned Japanese, Chinese, and English. I was vice student president of Advanced College for Security Policy, participating in its Cybersecurity and Asia group.
My major research themes are the Chinese Social Credit System and the security challenges of the Korean Peninsula and Japan. Currently, I carry out research into North Korea’s cyber capabilities and actions against South Korea in the cyberspace, meanwhile I work as a trainer in a program which educates children to safe internet usage. In the future, I would like to work as an expert in security policy, specialized in cybersecurity and East-Asia.
A well-known computer magazine once wrote that Tobias Schrödel is the “first IT-comedian”. And really, he explains technical vulnerabilities and correlations in a way everybody can understand while not letting the fun miss out. As a qualified IT-specialist, Tobias worked many years as a consultant for one of the biggest worldwide IT- and telecommunications corporations – so he knows what he is talking about.
Ignat is a security engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division. His solutions may be found in many older Samsung smart phones and tablets. Ignat started his career as a security researcher in the Ukrainian government’s communications services.
Abdul-Aziz Hariri is a security researcher with the Zero Day Initiative program. In this role, Hariri analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero Day Initiative (ZDI) program, which is the world’s largest vendor-agnostic bug bounty program. His focus includes performing root-cause analysis, fuzzing and exploit development. Prior to joining ZDI, Hariri worked as an independent security researcher and threat analyst for Morgan Stanley emergency response team.
During his time as an independent researcher, he was profiled by Wired magazine in their 2012 article, Portrait of a Full-Time Bug Hunter. In 2015, Abdul was part of the research team that submitted “Breaking Silent Mitigations – Gaining code execution on Isolated Heap and MemoryProtection hardened Internet Explorer” to the Microsoft bounty program. Their submission netted the highest payout to date from the Microsoft bounty program where the proceeds went to many STEM organizations.
Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For about three years I’ve shifted gear sand started tinkering at Ixia’s threat intelligence system as a security researcher while speaking at various conferences (SAS, AVAR, PHDays) in my free time showcasing whatever random hardware I hacked. With a background in electronics engineering and various programming languages, I like to dismantle and hopefully put back whatever I get my hands on.
Kuba is a security researcher with over ten years of experience in software development and reverse engineering. In the early days, he learned most of his skills hacking massive multiplayer online games for fun, where he exploited network protocols and developed automation tools to control the game without human input.
His bread and butter now is research & development of offensive security tools with focus on infection, phishing, persistence, lateral movement and evading detection of AV/EDR products. His aim is to aid red teams worldwide with custom solutions that fit their operational requirements.
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Currently he works in a red team, where he spends most of his time simulating adversary techniques and doing pentents. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON and Objective By The Sea. He is the author of the ‘kex’ kernel exploitation Python toolkit.
Csaba spends his free time with his family, practices ashtanga yoga before sunrise or simply hikes in the mountains.
Zoltan (@zh4ck) is the Chief Technology Officer at MRG Effitas, a company focusing on AV testing.
Before joining MRG Effitas he worked as an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes. He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. He has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking.
Christina Lekati is a psychologist and a social engineer. With her background and degree in psychology, she learned the mechanisms of behavior, motivation, decision making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering.
Contrary to typical career paths, her history and involvement in the cyber-security field started quite early in her life. Being raised by a cyber security expert, she found herself magnetized by the security field at a very young age. Growing up, she was able to get involved in different projects that were often beyond her age, that gave her an edge in her own knowledge and experience.
Christina has participated among other things in penetration tests, in training to companies and organizations, and in needs and vulnerability assessments.
Andrea is an IT Architect & Security Manager with long-term experience and in-depth knowledge covering all aspects of IT: from SW development to systems administration; networking administration and IT security. He can define himself an “It security enthusiast”, interested in all emerging technologies in offensive and defensive security. He likes writing and speaking about IT security & pentesting.
Asad is born in Norway and joined Accentures Security in 2019. He is an SSCP Systems Security Certified Practitioner, Blockchain Certified Expert (BCE) from BlockChain Council and holds a Master of Science degree in Computer Systems Security from University of South Wales. He has worked with Cyber Defence, Incident response and building a Security Operations Center (SOC). He specializes in threat handling, incident response, security testing of Web and ICS systems and has been working with actors such as GovCERT and NorCERT. Asad has worked with creating security architecture and implementing CIS controls for one of the largest energy producers in Norway and also suggested practical solutions to penetration tests performed for compliance with ISO 27002 requirements.
1972-ben szerzett mûszaki tanári oklevelet. Mûszerfejlesztõ a Telefongyárban, majd programozó, rendszerprogramozó, programozási vezetõ, majd számítóközpont vezetõ a Budapesti Zöldértnél. 1984-tõl 1994-ig programozási osztályvezetõ majd számítástechnikai fõosztályvezetõ a BHG-ban. 1994-tõl 2000-ig számítástechnikai fõosztályvezetõ az ELMÛ-nél, majd IT biztonsági vezetõ az Allianz Hungáriánál, az MKB Biztosítónál majd az MLFSz-nél. 1997-tõl CISA, 2004-tõl CISM, 2009-tõl pedig CGEIT minõsítése van. 2008 óta résztvevője a NIAS-nak. Rádióamatõr, hívójele most HA5YAR. Hobbyként elektronikus és Hammond orgonákat javít.
David is the CTO of an independent cybersecurity research organization Zero IT Lab. He is interested in many areas of cybersecurity, while his main passion lies with low-level programming, reverse engineering, and binary exploitation. When doing security research, he is often looking to discover unique attack surfaces for vulnerability assessment using his expertise in reverse engineering. As an avid Capture The Flag player, David loves participating in CTF games including DEFCON CTF, WCTF, and many others. As a part of his effort to help bring cybersecurity forward, David is in cooperation with Budapest University of Technology and Economics’ CrySys research lab where he mentors students all year round.
Francisco Ramirez: University Degree in Computing Engineering, Certificate of higher education in Industrial and Digital Electronics and Master’s degree in Cybersecurity. Huge experience working as an IT Senior System Engineer in USA and Canada, consolidating IT technologies and datacenters. Working at Telefonica and ElevenPaths from 2017 as Security Researcher. Co-writer of the books “SecDevOps: Docker” and “Machine Learning and Cybersecurity”, 0xWord. Speaker at the Mobile World Congress 2018 and 2019 (GSMA), leHACK 2019, RootedCon, etc.
Pablo Gonzalez Perez: University Degree in Computing Engineering and Master’s degree in Cybersecurity. Speaker at BlackHat Europe Arsenal (2017 & 2018), EkoParty Argentina, 8dot8 Chile, DragonJAR Colombia, RootedCON, LeHACK 2019, etc. Microsoft MVP 2017-2018-2019. Writer of several computer security books as Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and Powershell pentesting. Co-founder of flu-project and founder of hackersClub. More than 10 years working in cybersecuriy and teacher of several masters in cybersecurity in Spain. Currently working as Project/Team Manager and Security Researcher at Telefonica and ElevenPaths.
František Střasák is a master student at the Czech Technical University in Prague, where he specializes in Artificial Intelligence and encryption on network security. He’s the creator of the project Should I Click (shouldiclick.org) which uses Machine Learning to determine if a website should be visited by a user or not. He currently works at the Civilsphere Project, providing free services and tools to journalists and NGOs to protect them from targeted digital attacks.
Nikhil is an Automotive expert in Safety and Security. His areas of interest are ECU security, CAN, LIN Network Security. He also has experience in Security Design, Implementation in Automotive products. He has more than 13 years of experience in Automotive product development. In his tenure, he worked with Hella, Tata Elxsi, Continental for many Car manufacturer BMW, Honda, VW. Currently, He is working with Lear Corporation. He has presented talk at OWASP Seasides 2019 Goa on CAR Hacking, (India), Cocon: Reversing and the exploitation of vehicle (India) , Making Anomaly Detection system(ADS) for Vehicles ( Philippines)
IT Security Researcher - Czech Technical University
Jan Fajfer works at Czech Technical University in Prague as a researcher for the CivilSphere project. He studies Artificial intelligence and last year he graduated from Czech Technical University with a degree in Computer Security and Information technology. He is interested in network security, anonymity networks and artificial intelligence. He enjoys hiking in the mountains, climbing and playing the cello.
Himanshu Sharma has been in the field of bug bounty since 2009 and has been listed in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many more with hall of fame listings as proofs. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in tracking down his hacked account and recovering it. He was a speaker Botconf ’13, held in Nantes, France, RSA 2018 held in Singapore. He also spoke at IEEE Conference in California and Malaysia as well as for TedX. Currently, he is the co-founder of BugsBounty, a crowd-sourced security platform for ethical hackers and companies interested in cyber services. He also authored two books titled Kali Linux titled “Kali Linux – An Ethical Hacker’s Cookbook”, ” Hands On Red Team Tactics”
Itay Cohen (aka Megabeets) is a Security Researcher and a Reverse Engineer in the Malware and Vulnerability Research group at Check Point Research. Itay has years of extensive background in malware reverse engineering and many other security related topics. He is the author of https://megabeets.net, a security blog focused on making advanced security topics accessible for free.
Itay is a core developer of the open-source reverse engineering framework radare2 and the maintainer of Cutter, radare2’s official GUI. On his free time, he loves to participate in CTF competitions and to contribute to open-source projects.
Ari Eitan is the VP Research of Intezer Labs, a security researcher and Incident Response professional. Ari served as the head of IDF Incident Response team and has vast experience in dealing with Nation-sponsored cyber attacks, specializing in Malware Analysis, Reverse Engineering and Forensics. He has spoken at a variety of security conferences and trainings, including the first BsidesTLV, Kaspersky SAS, and for government organizations and international agencies.
Dávid studied Software Engineering at Budapest University of Technology and Economics. During his university years, he started to grow strong interest in information security. Later he participated in a certified ethical hacker training to get more familiar with ethical hacking and security testing in general. First, he got in touch with the vehicle industry and in-vehicle network during the writing of his thesis. His task was to build an intrusion detection system on CAN network, which he also tested in a real car. He favored the topic so much it made him sure that he would stick to the vehicle industry.
In 2017 he started to work for Robert Bosch Kft. as a test engineer. In his first year, his task was to test the communicational behavior of automotive ECUs. The experience he gained with testing and his long-term intentions both helped him to become a security test engineer. Since then Dávid implemented automated security tests, worked on the solution of a black-box ECU fuzzer and participated in penetration testing of vehicle electronics.
Júlia started her studies at Budapest University of Technology and Economics at the Faculty of Transportation Engineering and Vehicle Engineering, because she wanted to become an aerospace engineer. During her studies, she started to show strong interest to the Vehicle Mechatronics Specialization. She really enjoyed studying about automotive electronics and programming.
In parallel with her studies at Budapest University of Technology and Economics, she started to study at Eötvös Loránd University in the field of computer science. That is where she first got in touch with functional programming and IT security. She found both of these fields really interesting, thus she completed her professional practice in Erlang-Solutions as a software developer.
After this professional experience she started working on her thesis at Robert Bosch Kft., where she had the possibility to work on topics, which are connected to vehicle industry and information security as well. Her thesis topic was to provide network scanning abilities on automotive CAN.
Whitehat, security researcher, bug hunter, conference speaker. Active on Bugcrowd and H1 platforms. Researching security of clouds, web and mobile applications. Acknowledged by Microsoft, Adobe, RedHat, SAP, AT&T, Atlassian, Uber, Netflix, Tesla, General Motors, Western Union, Sophos, Netgear, etc. for reported vulnerabilities. Had technical talks on LevelUp, Troopers, Hack In The Box, Hacktivity, ZeroNights, PHDays, HighLoad conferences.
I have been working as a penetration tester/security researcher for 6 years now. I started at a small consultancy called kancellar.hu and had the pleasure of working for local branches of almost all major international companies in Hungary. Following this, I moved on to work at Vodafone Global as part of the team here in Budapest. Hacking ATMs was something I always thought of as the ultimate challenge, mostly because of the secrecy surrounding them. It is also something that is not easy to get into since most companies who own ATMs tend to guard their secrets well. But thanks to a few very helpful people I managed to get a chance at doing this for my master’s thesis. In my free time I attend conferences, take part in CTFs and occasionally give lectures and presentations. My favorites are reverse engineering and hardware hacking.
Thomas Debize is a French infosec dude. He developed a specific interest in data analysis and visualization throughout the time and spoke at several conferences such as Hack.lu, ZeroNights, PHDays, BSides Las Vegas, HITB, Hackfest and Area41 to name few. That said, he likes to git push new infosec tools on its free time (https://github.com/maaaaz)
Yury Chemerkin has ten years of experience in information security. He is multi-skilled security expert on security & compliance and mainly focused on privacy and leakage showdown. Key activity fields are EMM and Mobile Computing, IAM, Cloud Computing, Forensics & Compliance. He published many papers on mobile and cloud security, regularly speaks at conferences such as CyberCrimeForum, DefCamp, HackerHalted, NullCon, OWASP, CONFidence, Hacktivity, Hackfest, DeepSec Intelligence, HackMiami, NotaCon, BalcCon, Intelligence Sec, InfoSec NetSysAdmins, RootCon, PHDays, etc.
Bálint többnyire aktív látogatója a Hacktivity rendezvénynek, előadóként szintén 2018-ban debütál. Többéves Python fejlesztői múlttal rendelkezik, legfőképp a teszt automatizáció területével foglalkozik. Az Open Source-közösség tagjaként javításokat készít és „bedolgozik” érdekesebb, security-támájú projektekbe. Nevéhez fűződik a Viper (binary analysis and management framework) és a sokmotoros Metadefender víruskergető integrációja, illetve a sokakat őrületbe kergető Viper verzióváltásból fakadó hibák kiküszöbölése. Javításokat készít az AIL valamint a PasteHunter Paste-monitor eszközhöz, és kibővítette a PasteHunter képességét, amely így már a Slexy-scraper funkcióval is rendelkezik. Balint három és fél éve fejleszti a Kata nevű mesterséges intelligenciát (nem magától jött létre, tehát mesterséges), a kishölgy bármikor teljesíti a Turing-tesztet (és közben fejből tudja a Verdákat). 3 hónapja releaselt, Lilla névre keresztelt kiterjesztett valóságmodulja gondozása és fejlesztése köti le maradék szabad idejét.
20 éve foglalkozik IT biztonsággal és információvédelemmel, rendszeres előadója a nagyobb konferenciáknak. Éveken keresztül építette a Hacktivity infrastruktúráját (őt kellett szidni, amikor nem ment a Wi-Fi – bár ilyen sose volt! :)), Hacktivity-előadóként 2018-ban debütált. Főbb szakterületei a malware- és az adatszivárgás-védelem, egyes gyártói képviseletek szerint ő felelős a hazai DLP piac tönkretételéért. „Durván Lóvés Projekt (DLP)” előadássorozatai számos vállalatot tántorított már el attól, hogy „minden-ellen-is-védő” DLP rendszert vezessen be (erre kifejezetten büszke). Malware- és adatszivárgás-védelmi rendszerek tesztelésével, elemzésével foglalkozik, a Kiber Blog szerzőjeként pedig igyekszik a józan ész közelébe hozni az adatvédelmet és a GDPR-t.
Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself, since the age of 9 on his Dragon 64. He spent most of his career in the Internet and Data Security field, and the only reason he’s not in jail right now is that he chose the right side of the law at an early age.
Inbar specializes in outside-the-box approach to analyzing security and finding vulnerabilities, using his extensive experience of over 25 years at the IDF, Check Point, PerimeterX, and nowadays Argus Cyber Security, protecting the automotive domain from hackers.
Arun is a Founder and Director of Amynasec.io company which is specialised in Vehicle/Iot/ICS and he also Hardware, IOT, and ICS Security Researcher. His areas of interest are Hardware Security, SCADA, Automotive security, Fault Injection, RF protocols and Firmware Reverse Engineering. He also has experience in performing Security Audits for both Government and private clients. He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017, 2018 Romania, BsidesDelhi 2017, c0c0n x 2017, EFY 2018, x33fcon2018,2019, BlackHat USA 2018, Defcon USA 2018, OWASP Seaside 2019 Goa. Also Trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in x33fcon2018,2019, HIP 2018 and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018 and private clients in London, Australia, Sweden, Netherlands etc. He is an active member of null open community.
Aleksandr Kolchanov is an independent security researcher and consultant. Ex penetration tester of a bank in Russia. He takes part in different bug bounty programs (PayPal, Facebook, Yahoo, Coinbase, Protonmail, Yandex, Privatbank). Aleksandr is interested in uncommon security issues, telecom problems, privacy, and social engineering. Speaker at PHDays 2018 and 2019, c0c0n 2018, DeepSec 2018, HiTB 2019, Infosec in the City 2019, OzSecCon 2019 and BSides.
Aman Sachdev is a programmer at heart and information security professional with 3+ years of experience in Information Security Training has trained over 5000 individuals. His love for breaking challenging WAFs landed him as core red team pentester at Bugsbounty.com Aman has done his Bachelor’s in Computer Applications and also holds an OSCP certification apart from his vast experience in web application development. At BugsBounty he solves cybersecurity problems in the day and creates them at night.
Vladimir graduated from Ural State Technical University with a degree in information security of telecommunication systems. He started his career as a security engineer at Russian Federal Space Agency. His research interests are ICS, IoT like smart toys, TVs, smart city infrastructure and threat intelligence. Vladimir joined Kaspersky Lab in 2015 as a security researcher. He has participated in various security conferences as a speaker, like SAS, ZeroNights, S4, CSS, GeekPwn, Europol etc. Vladimir is also a co-founder of Kaspersky Industrial CTF.
He is a part of Critical Infrastructure Defense Team (CID-Team) and Kaspersky Lab ICS CERT in Kaspersky Lab.
Sergey is an active member of Critical Infrastructure Defense Team (CID-Team) and Kaspersky Lab ICS CERT. His research interests are fuzzing, binary exploitation, penetration testing and reverse engineering. He started his career as a malware analyst in Kaspersky Lab. Sergey has OSCP certification.
Jennifer has worked as a penetration tester and security consultant for the past six years. Prior to her transition to information security, Jennifer worked for over 15 years in IT as a developer and leader in the areas of education, telecommunications, and semiconductors. She volunteers as an organizer for the yearly BSidesMunich security conference and the security group MUC:SEC e.V.. In her free time, Jennifer enjoys hiking, competing in (and making) CTFs and tinkering with technologies.
Barnabas is a recently graduated ex-student of Budapest University of Technology and Economics. As a result of working with CrySyS Lab during his years at the university, he had the chance to participate in blue team assessments like the NATO Locked Shields PR for students and also developed a passion towards cybersecurity. Driven by curiosity, always trying to improve by looking for new ways and tools to work with. Started as an intern, nowadays he is the Technical Innovation Advisor at MRG Effitas.
Nándor is a software engineer with more than 10 years of professional experience ranging from telecommunications, through investment banking to infrastructure engineering on the cloud. He’s a day one Kubernetes user and an organizer and regular speaker at the Kubernetes Budapest Meetup (https://www.meetup.com/k8s-bud/). Currently, he’s doing security and infrastructure related development for Kubernetes at Banzai Cloud (http://banzaicloud.com).
Abhinav Singh is an information security researcher for Netskope, Inc. He is the author of Metasploit Penetration Testing Cookbook (first, second & third editions) and Instant Wireshark Starter, by Packt. He is an active contributor to the security community in the form of paper publications, articles, and blogs. His work has been quoted in several security and privacy magazines, and digital portals. He is a frequent speaker at eminent international conferences like Black Hat and RSA. His areas of expertise include malware research, reverse engineering, enterprise security, forensics, and cloud security.
After having worked in the infosec field for many years Benedikt is currently employed as offensive security researcher for a small german firm. He likes to figure out easier ways to tackled hard problems which he also enjoys to do while rock climbing.
An active speaker, discovered multiple zero-days in modern web browsers. Open-source contributor, published on The Register, ZDNet, The Hacker News, and Bleeping Computer. His work can be found on www.inputzero.io
Valerio Di Giampietro is an IT Infrastructure Manager with a strong and deep technical knowledge and experience in many areas related to IT infrastructures: cloud-based infrastructures, networking, web servers, Oracle and MySQL databases, large Linux installation, virtualization environments, storage area networking, IoT and embedded devices.
Six is an independent researcher with nearly a decade of experience in IT system administration and IT security. He organized CCTF, an Ethereum based CTF game at BsidesBUD with the support of HackerSpace Budapest. Currently, his most active research is focused on Smart Contract vulnerabilities and “smart” technologies that are not that smart.