Rahul Maini – Security Engineer at Emirates and an active Bug Bounty hunter also author at https://www.securityidiots.com/

Harsh Jaiswal – Application security engineer @Vimeo

Eddy Willems, from Belgium, is a well-known expert in security and malware. Currently he is a board member of 3 security industry organizations – EICAR (formerly the European Institute for Computer Antivirus Research), LSEC (Leaders in Security) and AVAR (Association of Anti-Virus Asia Researchers) – Global Security Officer and the resident Security Evangelist at G DATA CyberDefense AG. He studied Computer Sciences at IHB and VUB and started working as a Systems Analyst in 1984. He became a founding member of EICAR, one of Europe’s first IT security organizations, in 1991. In previous years he was active as an anti-malware technology expert for other security companies like Kaspersky Lab. In his current role, he gives presentations and seminars all over the world. Several CERTs, press agencies, print and online publications and broadcasting media, for example CNN, use his advice regularly. In 2013, he published his first book in Belgium and the Netherlands, titled ‘Cybergevaar’ (Lannoo). In 2015 an updated German version, ‘Cybergefahr’ (Springer), was published. An updated and expanded English edition, ‘Cyberdanger’ (Springer), was launched in 2019 worldwide.

Working as a senior security consultant focused on red teaming, penetration testing & conducting security research. Blogging at devtty0.io. Previously delivered a workshop in PHdays 9.

Currently security researcher at Avast. I lead research across various disciplines such as dynamic binary translation, hardware-assisted virtualization, IoT, firmware vulnerabilities and malware analysis. I’m devoted to technology and I’m a true software and hardware reverse engineer, game programmer, tinkerer, AI and IoT mantras practitioner with deep knowledge of OS, CPU and HW architectures. Prior to my current job I’ve worked as artificial intelligence and game programmer, working on the MAFIA II game project and windows kernel SW engineer with encryption file system drivers. I’ve got almost 25 years experience in this domain

A well-known computer magazine once wrote that Tobias Schrödel is the “first IT-comedian”. And really, he explains technical vulnerabilities and correlations in a way everybody can understand while not letting the fun miss out. As a qualified IT-specialist, Tobias worked many years as a consultant for one of the biggest worldwide IT- and telecommunications corporations – so he knows what he is talking about.

CISO on the dark side of the force 🙂 Ex. customer, now a Solution Architect with a mission to help, enlight and enable proper dialects of cybersecurity in between technical InfoSec teams and C-level decision makers.

Tal is an operational security specialist with a proven track record in application and infrastructure vulnerability assessment and policy development holding OSCP, ISO 27001, 22301 and 22035 Certified Lead Auditor, and 27005 Lead Risk Manager certifications. With an academic background in software engineering and career path in various cybersecurity divisions, he has garnered expertise in diverse areas such as network and infrastructure penetration testing, vulnerability assessments, threat modeling at application, system and enterprise level, and providing risk/threat driven solutions.

Begum resembles herself to Nathan Myhrvold who describes himself ‘I just have difficulty describing myself because the sort of things I do are unlikely enough that putting them together is credibility reducing’. She has experience as IT/IS analyst (ISO 27001 standards), in IT project management at enterprise and start up level, IT compliance, UX design and optimization, integration testing, financial analysis and business management addition to her academic background in mechanical engineering and finance.

CTO at Hacktory educational platform. An information security expert and teacher with 10 years of experience, technical director of the Hacktory educational platform. His main area of interest is analysis of source code. He likes to seek out bugs and searches for vulnerabilities in the source code of applications ranging from simple websites to enterprise software. He also has vast experience in banking systems and web application penetration testing.

Ilya Goryachev, senior backend developer at Hacktory

Etizaz Mohsin is an information security researcher and enthusiast. His core interest lies in low level software exploitation both in user and kernel mode, vulnerability research, reverse engineering. He holds a Bachelors in Software Engineering and started his career in Penetration Testing. He is an active speaker at international security conferences. He has achieved industry certifications, the prominent of which are OSCP, OSCE, OSWP, OSWE, OSEE, CREST CRT, CPSA, EWPTX, CEH.

Robert A. Moody is a cyber threat intelligence and digital forensics expert, currently working as a Threat Intelligence Officer at Telefónica Germany.
Robert holds CISM, CISA, CDPSE, CRTIA certifcations as well as a Masters in Cybersecurity for the ie Business School. He has a background working in critical national infrastructure sectors including manufacturing, banking, finance, telecommunication and energy.

Bence Horvath is a seasoned cybersecurity executive focused on next-generation cyber defence and intelligence-led offensive operations.
He has an MBA from ie Business School, an M.Sc. in business information systems from the Corvinus University, and holds CRTIA, CISSP and CISM certifications. His background includes working in telecommunication, aerospace and defence, financial services and consulting.

I’ve been working Research and Cyber ​​Security Manager at Zup Innovation and Global Research Manager at Hacker Security, I have talked in Security events in Germany, Poland, Hungary and Brazil, served as University Professor in Undergraduate / MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I’m Founder and Instructor of the Course – Malware Analysis – Fundamentals (HackerSec Company – Online Course – Portuguese Language).

My name is Mohammadreza (Mo) Ashouri, a Ph. D. in software engineering, and a cybersecurity researcher at the University of Potsdam in Germany. I am particularly interested in Program Analysis, Designing Secure Compilers, Automatic Exploit Generation, and Concolic Fuzzing. I have also published multiple scientific papers and given talks in some of the top-notch academic/industrial conferences.
Here is the list of the recent places that I have published and given my presentations:

Kaizen: An Effective Security Analyzer and Automatic Exploit Generation System for Scala
July 2020 / 11th ACM SIGPLAN Scala Symposium

Large-Scale Analysis on the Security and Performance of the Rust Compiler
July 2020 / 3rd USENIX Workshop on Hot Topics in Edge Computing

JEX: A Straightforward, Portable and Scalable Framework for Automatic Exploit Generation for Java
Dec 2019 / The 35 Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico

Etherolic: A Practical Security Analyzer for Smart Contracts
April 2020 / The 35th ACM/SIGAPP Symposium On Applied Computing (SAC), Brno, Czech Republic

Security Bug Detection Through Fuzzing and Dynamic Taint Analysis in Scala
(IS-CANDAR 2019 – Best Paper) Nagasaki, Japan, November 2019

Scalayzer: A Hybrid Approach for Vulnerability Finding in Scala
Download
SEC ’19: Proceedings of the 4th ACM/IEEE Symposium on Edge Computing, Washington DC, November 2019

Hybrid Taint Flow Analysis in Scala
2019 IEEE Symposium Series on Computational Intelligence (SSCI)
Xiamen, China, Dec. 2019

Concolic Testing for Smart Contracts
SPLASH 2019 OOPSLA, Athens, Greek, October 2019

TaintSpy: Runtime Vulnerability Analyzing Framework for Scala
Europe’s longest-standing annual Programming Languages (PL) conference (ECOOP), Hammersmith, London, United Kingdom July 2019

LRC-256, an Efficient and Secure LFSR Based Stream Cipher
ICIST – International Conference on Information and Software Technologies (Springer-Verlag CCIS), Kaunas University of Technology (Lithuania), October 2019

A Large-Scale Analysis of Browser Fingerprinting via Chrome Instrumentation
The Fourteenth International Conference on Internet Monitoring and Protection ICIMP 2019, Nice, France, August 2019

Practical Dynamic Taint Tracking for Exploiting Input Sanitization Error in Java Applications
The 24th Australasian Conference on Information Security and Privacy (ACISP 2019)

A Comprehensive Approach for Battling Browser Fingerprinting Based on Machine Learning
ECOOP and ISSTA 2018 Doc Symposium, Amsterdam, Netherlands, July 2018

Regarding my working experience, I have had the chance to work as a cybersecurity analyst and researcher at CISPA (Helmholtz Center for Information Security), Google Research, Oracle Labs, and the Univerity of Potsdam. I am also the founder of PersimmonWeb, which is a software development startup. I currently live in Berlin, and I like cycling, photography, bug bounty programs, and crafting electronic music. You can get more information about me by checking my webpage.
https://ashoury.de
https://persimmonweb.com

Milecia is a senior software engineer that’s worked with JavaScript, Angular, React, Node, PHP, Python, .NET, SQL, AWS, Heroku, Azure, and many other tools to build web apps. She also has a master’s degree in mechanical and aerospace engineering and has published research in machine learning and robotics. She started Flipped Coding in 2017 to help people learn web development with real-world projects and she publishes articles covering all aspects of software on several publications, including freeCodeCamp. She also travels around the world speaking at tech conferences about various software engineering topics ranging from machine learning, PWAs, and managing a career in tech.

Mateusz is a Senior IT Security Consultant at SecuRing.

His key responsibilities are web and mobile application penetration testing, source code review. Moreover he works as a consultant, helping software development teams cope with application security related topics. He performed more than 50 application security trainings dedicated to software developers. Previously working as a software developer, building software for financial sector. He was a speaker both at international and Polish conferences and meetings dedicated to software development and IT security including 4Developers, Black Hat Asia, Code Europe, CONFidence, Hacktivity, Security Case Study, Secure, Testing Cup, TestWarez. Casual bug bounty hunter, listed in Hall of Fame companies like: Adobe, Algolia, GM, Jet, Netflix, Tesla, Twitter, Uber, Yahoo.

Matthias is interested in information technology – especially IT security – since his early days and has a great interest in seeing whether security assumptions in soft-, firm- or hardware hold true when taking a closer look. Matthias successfully studied computer science at the university of Ulm and holds the following IT security certifications: CISSP, CISA, OSCP, OSCE.

Since 2007 he works as IT security consultant for the IT security company SySS GmbH and is head of R&D.

His research results concerning different IT security topics were presented on different international IT security conferences (e.g. Black Alps, Chaos Communication Congress, CONFidence, DeepSec, Hacktivity, Hack.lu, PHDays, Ruxcon, t2, ZeroNights, BSidesVienna). He also published several IT security papers, security advisories, and security-related YouTube videos.

Moritz Abrell has more than seven years of professional experience in handling Voice-over-IP and network technologies with a focus on information security.
He is an IT security consultant and penetration tester at the German IT security company SySS GmbH, where he works on
daily with the practical exploitation of vulnerabilities and advises customers on how to remedy them.

Alex Polyakov is an AI and cybersecurity expert, serial entrepreneur, founder of Adversa – a team of Secure and Trusted AI evangelists. He has 15 years’ practical experience in cybersecurity from pentesting and researching, to conference organising and technology leadership. He is a member of Forbes Technology Council where he publishes articles explaining his vision for future technologies and security. He has been recognized as Entrepreneur and R&D Professional of the Year by Hot Companies Awards. His expertise covers cybersecurity aspects of various complex systems from enterprise applications and industry-specific systems to AI, ML, and future technologies. He has found over 200 vulnerabilities, released dozens of whitepapers, two books, two MMOC trainings including the first practical course dedicated to securing AI.
Besides cybersecurity, his areas of interest are AI, Neuroscience, synthetic biology and Behaviorism.

Spyros is currently a Security Engineer at ING Bank in the Nederlands.
Also, he is the Lead of 2 Security Automation tools running in our Pipeline.
He is focused on AppSec, Security automation, and Cloud Security with a hidden love on Windows security and AD.
He’s tools are used from Developers, Security Engineers, and Security Champion.
He’s coming from a mixed background in development and administration.
He’s has contributed and helped on many private programs and now wants to taste what public contribution can offer!

Davide is currently a Senior Security Engineer at ING Bank in the Netherlands and founder of DCODX.com. He mostly focus on application security and automation, IoT security and Phishing analysis. He is a contributor of the OWASP Mobile Security Testing Guide introducing a way to automate the OWASP MASVS, through BDD tests, speaker and trainer at multiple security conferences worldwide. Just to name few: BlackHat, OWASP AppSec, DevSecCon. Latest CVE? CVE-2019-1262, CVE-2018-0719.

Stéphane is a versatile executive with significant multi-industry experience (Finance, Defense, Space, Metal & Mining) in all aspects of leading a corporate IT & Cybersecurity organization. Stéphane has an excellent track record of consistently delivering results in a fast-paced and changing environment by elevating the team’s performance to the next level through leadership, trust and inspiration. Problem solver with proven experience in applying cost-effective technology solutions in support of strategic business objectives.

With a background based on academic excellence in Cybersecurity, IT, Law, Business and Political Science via multiple master’s degrees obtained from high-ranked institutions (HEC Paris, Sciences Po Grenoble, Grenoble University, French Naval Academy), Stéphane brings a high level of expertise in defining strategic and innovative vision for board members based on 16 years of experience and leading multiple and complex Cybersecurity and Digital Transformation projects on-time, within-budget while meeting strategic goals.

Istvan works as a senior IT security consultant for Deloitte, and holds the OSCP, OSCE and CRTP certificates respectively.
Though his bread and butter are penetration testing of web and binary applications; he is also keen on engaging in a wide range of ethical hacking projects, discussions and solving hacking challenges in his free time. Playing games is not surprisingly one of his hobbies as well.

Sahil Dhar is working as an Information Security Researcher at xen1thlabs. He has more than 5+ years of hands-on experience in Application Security, Mobile Security, Penetration Testing, Vulnerability Research and Exploitation. He holds industry recognized certification like OSCE(Offensive Security Certified Expert) and OSWE (Offensive Security Web Expert). He has also been acknowledged and rewarded by various organizations such as Google, Apple, Microsoft, Adobe, Barracuda, Pinterest, Symantec, Oracle etc. for finding vulnerabilities in their online services.

Besim Altinok (@AltnokBesim) has been researching Wi-Fi security for over a decade. He created WiPi-Hunter project against Wi-Fi hackers. He is the author of a book on Wi-Fi security. Besim’s work on wireless security has been published in ArkaKapi Magazine and others. He has also spoken at top conferences including BlackHat Europe, Blackhat ASIA, Defcon, and others. Besim ALTINOK works currently at a Private Company which is located in Ankara, Turkey

Rob Richardson is a software craftsman building web properties in ASP.NET and Node, React and Vue. He’s a Microsoft MVP, published author, frequent speaker at conferences, user groups, and community events, and a diligent teacher and student of high quality software development. You can find this and other talks on https://robrich.org/presentations and follow him on twitter at @rob_rich.

Anto Joseph is a Security Engineer for Tinder. He loves security research in Machine Learning Systems & Application Security. Previously, he has worked at Intel, Citrix, and E&Y in multiple information security roles. He is passionate about exploring new ideas in these areas and has been a speaker/ trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, Shakacon NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph.

Dorka has a bachelor’s degree in Applied Mathematics. She continued her studies in the field of Security and Privacy, where she gained her master’s degree in Computer Science specializing in Advanced Cryptography. She started her carrier at Sophos, mainly focusing on ransomware analysis, but as a member of the Emerging Threats team she had the opportunity to gain experience in reverse engineering a wide range of malware attacks. Before joining Cujo AI she was working in the financial industry as an IT security analyst, focusing on threat hunting and forensics investigations. Currently she is working at Cujo AI as a Senior Threat Researcher focusing on reverse engineering IoT malware. She is also a guest lecturer at ELTE Informatics faculty, where she teaches malware analysis for IT security students.

Albert works as an IoT Malware Researcher at CUJO AI. He started out as a traditional blue teamer early in his career, analyzing security events as an IDS analyst, and later investigating breaches as a senior incident responder for a Fortune 50 company. Later he joined a respected anti-virus company to deepen his knowledge about reverse engineering. His specialities include malware analysis, memory forensics and signature development. Albert is a former speaker at SEC-T, DisobeyFi and BSidesVienna.

Ignat is a security engineer at Cloudflare working mostly on platform and hardware security. Ignat’s interests are cryptography, hacking, and low-level programming. Before Cloudflare, Ignat worked as a senior security engineer for Samsung Electronics’ Mobile Communications Division. His solutions may be found in many older Samsung smart phones and tablets. Ignat started his career as a security researcher in the Ukrainian government’s communications services.

Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For about three years I’ve shifted gear sand started tinkering at Ixia’s threat intelligence system as a security researcher while speaking at various conferences (SAS, AVAR, PHDays) in my free time showcasing whatever random hardware I hacked. With a background in electronics engineering and various programming languages, I like to dismantle and hopefully put back whatever I get my hands on.

Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big networks. After that he started to work as a blue teamer, focusing on network forensics, malware analysis and kernel exploitation. Currently he works in a red team, where he spends most of his time simulating adversary techniques and doing pentents. He gave talks / workshops on various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON and Objective By The Sea. He is the author of the ‘kex’ kernel exploitation Python toolkit.

Csaba spends his free time with his family, practices ashtanga yoga before sunrise or simply hikes in the mountains.

Zoltan (@zh4ck) is the Head of Vulnerability Research at CUJO AI, a company
focusing on home IoT Security.

Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.

He has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking.

Proud OSCE

Francisco Ramirez: University Degree in Computing Engineering, Certificate of higher education in Industrial and Digital Electronics and Master’s degree in Cybersecurity. Huge experience working as an IT Senior System Engineer in USA and Canada, consolidating IT technologies and datacenters. Working at Telefonica and ElevenPaths from 2017 as Security Researcher. Co-writer of the books “SecDevOps: Docker” and “Machine Learning and Cybersecurity”, 0xWord. Speaker at the Mobile World Congress 2018 and 2019 (GSMA), leHACK 2019, RootedCon, etc.

Pablo Gonzalez Perez: University Degree in Computing Engineering and Master’s degree in Cybersecurity. Speaker at BlackHat Europe Arsenal (2017 & 2018), EkoParty Argentina, 8dot8 Chile, DragonJAR Colombia, RootedCON, LeHACK 2019, etc. Microsoft MVP 2017-2018-2019. Writer of several computer security books as Metasploit for Pentesters, Ethical Hacking, Pentesting with Kali, Metasploit hacking, Got Root and Powershell pentesting. Co-founder of flu-project and founder of hackersClub. More than 10 years working in cybersecuriy and teacher of several masters in cybersecurity in Spain. Currently working as Project/Team Manager and Security Researcher at Telefonica and ElevenPaths.

Valerio Di Giampietro is an IT Infrastructure Manager with a strong and deep technical knowledge and experience in many areas related to IT infrastructures: cloud-based infrastructures, networking, web servers, Oracle and MySQL databases, large Linux installation, virtualization environments, storage area networking, IoT and embedded devices.

six is an ethical hacker, having 8 years of unique experience in IT security. He is involved in community projects like the CCTF (CryptoCurrency is The Flag) and the owner of Awalcon.

János is a security researcher who specializes in malware analysis and digital forensics. Holds GREM and CHFI certificates and has master’s degree in mathematics. He does vulnerability research, incident response, adversary removal and malware analysis for White Hat IT Security. Guest lecturer of ‘Blue Team & Security Operations I-II.’ courses at Óbuda University.

Zsíros Péter
Fõ érdeklõdési területei: exploitok, fuzzolás, malware analízis.
OSCE, ECSA, CHFI, CISSP minõsítésekkel rendelkezik. 2005 Cerified Ethical Hacker képzés mellett forensic analízist, malware analízist, illetve alkalmazások biztonsági tesztelését is tanítja. Rendszeresen oktat külföldön is, így többek között Hollandiában, Szlovákiában, Romániában és az USA-ban is tartott már képzéseket IT-biztonsági témákban.
Az oktatás mellett szabadúszóként etikus hekkerként dolgozik: elsõsorban Windows alkalmazások, valamint belsõ és külsõ hálózatok tesztelését végzi.

Rajanish Pathak – Software Security Researcher @xen1thlabs and an active Bug Bounty hunter