Chema Alonso, is one of the most prominent names regarding Computer Security and hacking in the world. Ph.D in Information Security, Computer and Systems Engineer, he graduated from Universidad Politécnica de Madrid where he was honored as Ambassador. He has been awarded as a Most Valuable Professional in Enterprise Security by Microsoft. Before getting into Telefonica to manage the new innovative company “Eleven Paths” focus in creating security technologies, he was working Informatica64 to create FOCA, Evil FOCA, Dust RSS, or publishing hacking papers such as Connection String Parameter Pollution or Blind LDAP Injection Techniques.
After his business information systems studies Carsten Amann started his career with a very large consulting company. He was assigned in managerial positions to software implementation projects for different clients. In 2007 he continued his career with a global supplier for technology and services. There he was initially responsible for the global IT security operations (virus protection, encryption, anti-spam etc.). After this assignment he took over the responsibility for the IT-Client topic (operating system, software distribution). Thereafter he took over the responsibility for services within a product area.
After an infosec honour mark at university, from 2000 until 2007 Abraham’s contact with security was mostly from a defensive point of view: fixing vulnerabilities, source code reviews and vulnerability prevention at the design level as an application and framework architect. – From 2007 forward Abraham focused more on the offensive side of security with special focus on web app security. In his spare time Abraham is the lead developer/architect of <a href="http://owtf.org">OWTF</a>, an independent security consultant, a GIAC exam question writer and a <a href="http://7-a.org">security blogger</a>. Abraham also holds a number of information security certifications: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+
Twitter: <a href="https://twitter.com/#!/7a_" target="_blank">@7a_</a> Blog: <a href="http://blog.7-a.org/" target="_blank">blog.7-a.org</a>
Frank Block is a security consultant working for ERNW GmbH with more than 7 years of experience. His main expertise lies with infrastructe/web application pentesting and the analysis of incidents. When not involved in customer projects, he researches in the memory forensics field.
Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.
Sergey Bratus is a Research Assistant Professor the Computer Science Dept. at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and all kinds of wired and wireless network hacking.
Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.
Dr Piotr Cofta is managing Security Transformation, having moved from his role as a Chief Researcher, Identity and Trust. Before that, he has been working for many years for Nokia and for Media Lab Europe, concentrating on the relationship between trust, risk, technology and society.
Dr Cofta is a contributor to several international standards; he publishes and speaks frequently. He is an author of several patents and publications, from areas such as trust management, identity and privacy, digital rights management and electronic commerce. He is a CISSP and a senior member of IEEE.
Website: piotr.cofta.net
Johnny Deutsch is a manager in the Advisory Services practice of Ernst & Young LLP. Johnny leads the cyber warfare and crime section at Ernst & Young's Hacktics Advanced Security Center (HASC) based in Tel Aviv, Israel. This cutting-edge security team is dedicated to conducting attack and penetration assessments for EY clients. In this role Johnny is in charge of developing new methodologies and performs cyber vulnerability assessments for HASC clients. Johnny has over 10 years of experience in the field of IT systems and security specializing in large scale VoIP systems and data networking. Prior to Johnny`s employment at HASC, he was a consultant at the Israeli Ministry of Defense and managed large scale projects in the field of IRM (Information Rights Management) and NAC (Network Access Control) systems. Prior to the MoD, Johnny was employed by an American sub contractor for the American Department of Defense and managed projects in the field of cellular communication and its integration of VoIP based PBXs. Prior to the DoD, Johnny served in the Israeli Defense Force and managed integration projects in the field of enterprise storage systems (Netapp) and enterprise WAN communications. Johnny is an active reserve duty officer in the Israeli army at the rank of Lieutenant.
Rene Graf leads the “Mobile Security” team at ERNW and has performed a number of BYOD projects including pentests of container solutions and forensic analyses of devices used by CxOs.
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany, focuses on HTML5, SVG security and believes XSS can be eradicated by using JavaScript. Maybe. Some day. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies for sweet sweet money and the simple minded fun in breaking things. Mario has spoken on a large variety of international conferences, co-authored two books, several academic papers and doesn’t see a problem in his some weeks old son having a netbook already. There you have it.
Twitter: <a href="https://twitter.com/#!/0x6d6172696f" target="_blank">@0x6d6172696f</a> Website (Warning: Your eyes could take some damage here.): <a href="http://mario.heideri.ch/" target="_blank">mario.heideri.ch</a>
About the Trainer Pete Herzog is a security professional, neuro-hacker and managing director for the non-profit security research organization, ISECOM. He created the first social engineering methodology for quantifiable testing of human security for OSSTMM 2.1 in 2002. By 2003 he created Trust Metrics for measuring the amount of trust one can put in anything in a quantifiable manner which was added to OSSTMM 3 in 2010. In 2009 Herzog began working with brainwave scanners and tDCS to directly manipulate the brain and understand how people learn and focus attention. In 2013 he released the Security Awareness Learning Tactics (SALT) project to specifically design security awareness based on the neuro research. You can read more about Pete here: http://en.wikipedia.org/wiki/Social_engineering_%28security%29#Notable_social_engineers http://en.wikipedia.org/wiki/Pete_Herzog https://www.linkedin.com/in/isecom
Christian is a Senior Security Expert at Deutsche Telekom (DT), responsible for the security of DT’s NGOSS system (called NGSSM) and BNG/SCRAT project. He build up T-Online’s Identity Management and CERT and is the author of various Deutsche Telekom security standards, e.g. on platform virtualisation and SSH.
Founder of P1 Security and Senior Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France’s first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Hack.lu). Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his website at: http://www.p1security.com.
Manuel was introduced to information security while graduating from a technical college and has done research in the areas of mobile security, cloud computing and compile-time obfuscation. He has appeared on national television, podcasts and possibly Chinese security blacklists. Furthermore, he has been known to use presentations with an average of 0.3 words per slide.
Haroon Meer is the founder of Thinkst, an applied research company with a deep focus on information security. Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past decade he has delivered research talks and keynotes at conferences around the world.
At Troopers12 Haroon Meer he gave a quite inspiring keynote on "You & Your Research".
Twitter: @haroonmeer
Blog: blog.thinkst.com
Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.
Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.
He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.
Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.
He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at http://www.labofapenetrationtester.com/
Graeme Neilson, Chief Research Officer, RedShield Security. https://www.redshield.co
Mariano Nunez Di Croce is the CEO at Onapsis. Mariano is a renowned researcher in the ERP & SAP Security field, being the first to present on real-world security attacks to SAP platforms. Since then, he has been invited to lecture in some of the most important security conferences in the world, such as BlackHat DC/USA/EU, RSA, SAP, HITB Dubai/EU, Troopers, Ekoparty, HackerHalted, DeepSec, Sec-T, Hack.lu and Seacure.it, as well as in Fortune-100 companies and military organizations.
Mariano has discovered 50+ vulnerabilities in SAP, Microsoft, Oracle and IBM applications. He leads the strategic development of Onapsis X1, has been the developer of the first open-source SAP & ERP Penetration Testing Frameworks and leads the “SAP Security In-Depth” publication. Mariano is also a founding member of BIZEC.org, the Business Security Community. Because of his research work, he has been interviewed and featured in mainstream media such as CNN, Reuters, IDG, New York Times, eWeek, PCWorld, Darkreading and others.
Twitter: @marianonunezdc
Michael Ossmann is a wireless security researcher who makes hardware for hackers. He founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.
Twitter: @michaelossmann
Meredith L. Patterson is a software engineer at Red Lambda. She developed the first language-theoretic defense against SQL injection in 2005 as a PhD student at the University of Iowa, and has continued expanding the technique ever since. She lives in Brussels, Belgium.
Twitter: <a href="https://twitter.com/#!/maradydd" target="_blank">@maradydd</a> Blog: <a href="http://maradydd.livejournal.com/" target="_blank">maradydd.livejournal.com</a>
Kévin Redon first learned about telecommunication networks during a lecture at University. He preferred computer networks though, which are far less complicated and cumbersome. Later another teacher gave him the opportunity to play with a base station. Since then he looked at the security of different aspects, going from the SIM card, through basebands, to femtocells. After showing several vulnerabilities at conferences, he joined the product security team of Qualcomm to try improve the state.
Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.
After many years of research, prototyping and systems engineering in the area of communication technologies, Peter works currently as a senior expert for mobile network security in the Security Technologies Team at Nokia Siemens Networks Research. He is author of various mobile network related security concepts. He is also active in the 3GPP security standardization and in several security research projects.
Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks https://www.jrz-target.at and is a lecturer for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. Sebastian’s research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security. Furthermore, Sebastian is a senior expert at Kibosec GmbH.
Dmitry Sklyarov is a Head of Reverse Engineering Department at Positive Technologies. Former Security Researcher at Elcomsoft and a lecturer at Moscow State Technical University. He did a research on the security of eBooks and on the authentication of digital photos. Recent research projects involved smartphone forensics.
Thomas Stocker works as Information Security Officer for the Holding of Allianz SE. He has initially established and continuously improved the business application security process since he took over the job six years ago. Prior to that he worked as an application developer and architect, so he knows his stuff from the ground up.
Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.
In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.
Harald Welte is communications security consultalt for more than a decade. He was co-author of tne netfilter/iptables packet filter in the Linux kernel and has since then been involved in a variety of Free Software based implementations of protocol stacks for RFID, GSM, GPRS, and TETRA. His main interest is to look at security of communication systems beyond the IP-centric mainstream. Besides his consulting work, he is the general manager of Sysmocom GmbH, providing custom tailored communications solutions to customers world-wide.
Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed numerous SAP security audits and received credit for more than 80 SAP security patches related to vulnerabilities he discovered in various SAP products. As CTO at Virtual Forge GmbH he leads Research & Innovation, a team focusing on SAP specific security research and new security solutions. Andreas has trained large companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences (like TechEd, DSAG, BIZEC and SAPience) as well as at general security conferences such as Troopers, Black Hat, HITB, IT Defense, DeepSec and RSA. He researched the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI) and is co-author of the first book on ABAP security (SAP Press 2009). He is also member of BIZEC.org, the Business Security Community.