Dominick Baier works as a security consultant at thinktecture (www.thinktecture.com). His main focus is security, identity and access control in distributed applications using the Microsoft technology stack. He’s the author of “Writing more-secure ASP.NET Applications” (MS Press) and the security curriculum lead at Developmentor. You can find his blog at www.leastprivilege.com.
Andrey is a security researcher and software engineer at Elcomsoft (www.elcomsoft.com), a password recovery company. He is involved in analysis of real-world security systems. Area of his research interest includes practical cryptography, high-performance and distributed computing (including that on GPUs and special hardware).
Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.
Sergey Bratus is a Research Assistant Professor the Computer Science Dept. at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and all kinds of wired and wireless network hacking.
Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.
Raoul “Nobody” Chiesa (OPST, OPSA), Founder & CTO, Mediaservice.net – Italy. Mr. Chiesa has been active in the field of computer security research at a high level since 1986; from 1997, as a member of a team of experts and researchers, he contributed to national and international Security R&D projects. Raoul is a co-author of the books (in english) “Hacking Linux Exposed, ISECOM Edition” (2008) and Profiling Hackers (2008), along with a huge list of contributions and papers in Italy.
Sandro Gauci is the owner and Founder of EnableSecurity (www.enablesecurity.com) where he performs R&D and security consultancy for mid-sized companies. Sandro has over 8 years experience in the security industry and is focused on analysis of security challenges and providing solutions to such threats. His passion is vulnerability research and has previously worked together with various vendors such as Microsoft and Sun to fix security holes. Sandro is the author of the free VoIP security scanning suite SIPVicious (sipvicious.org).
Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.
Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.
Simon Rich is a German security researcher specialized on network protocols and technologies. He has contributed to finding several protocol flaws in the past and is known for innovative approaches to (depending who’s the customer) implementing or breaking the security of technologies. He is also well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and have presented on protocol security at many occasions including CCC Easterhegg, Daycon, IT Underground and Troopers08.
Sumit Siddharth (sid) works as senior IT security consultant for Portcullis Computer security in U.K. Sid has authored a number of articles, advisories, white papers, tools over the years and has been a speaker at a number of IT security conferences. He also owns the popular IT security blog www.notsosecure.com.
Aditya K Sood is an independent security researcher and founder of SecNiche Security. He goes with a handle of 0kn0ck. He is working in the security field since last 5 years. He holds a BE and a MS in Cyber Law and Information Security. He is an active speaker at conferences like EuSecwest, XCON, XKungfoo, OWASP, Clubhack, CERT-IN etc. His research interests include penetration testing, reverse engineering and web application security. His work has been quoted at eWeek, SCMagazine, ZDNet, internetnewsetc. Aditya’s research has been featured in USENIX login and Elsevier Network Security Journal. He is also a Lead author for Hakin9 Group for writing hacking and security related papers Aditya’s research projects include CERA, Cutting Edge Research Analysis on Web Application Security, Mlabs and TrioSec project. He has also released number of security related papers on packetstormsecurity, infosecwriters, Xssed and also given number of advisories to fore front companies. On professional front he works for KPMG as penetration tester.
Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.
In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.
Wendel Guglielmetti Henrique is a consultant for penetration testing at Trustwave’s SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing for premier clients. He has worked with IT since 1997, during the last 7 years he has worked in the computer security field. He found vulnerabilities in many softwares like Webmail systems, Access Points, Citrix Metaframe, etc. Some tools he wrote already were used as examples in articles in national magazines like PCWorld Brazil and international ones like Hakin9 Magazine. Recently spoke in YSTS 2.0, Defcon 16, H2HC and others. During the past 3 years he has been working as a Penetration Tester.