TROOPERS13 - Speaker


Chema Alonso

Chema Alonso, is one of the most prominent names regarding Computer Security and hacking in the world. Ph.D in Information Security, Computer and Systems Engineer, he graduated from Universidad Politécnica de Madrid where he was honored as Ambassador. He has been awarded as a Most Valuable Professional in Enterprise Security by Microsoft. Before getting into Telefonica to manage the new innovative company “Eleven Paths” focus in creating security technologies, he was working Informatica64 to create FOCA, Evil FOCA, Dust RSS, or publishing hacking papers such as Connection String Parameter Pollution or Blind LDAP Injection Techniques.

Dominick Baier

Dominick Baier works as a security consultant at thinktecture ( His main focus is security, identity and access control in distributed applications using the Microsoft technology stack. He’s the author of “Writing more-secure ASP.NET Applications” (MS Press) and the security curriculum lead at Developmentor. You can find his blog at

Ravishankar Borgaonkar

Ravishankar works as a research fellow in Oxford University. His research themes are related to mobile telecommunication and involved security threats. This ranges from GSM/UMTS/LTE network security to end-user device security.

Rodrigo Branco

Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.

Sergey Bratus

Sergey Bratus is a Research Assistant Professor the Computer Science Dept. at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and all kinds of wired and wireless network hacking.

Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.

Bryan Fite

Bryan K. Fite: A committed security practitioner and entrepreneur, Bryan is currently a Senior Cyber Physical Security Consultant at BT. Having spent over 25 years in mission-critical environments, Bryan is uniquely qualified to advise organizations on what works and what doesn't. Bryan has worked with organizations in every major vertical throughout the world and has established himself as a trusted advisor. "The challenges facing organizations today require a business reasonable approach to managing risk, trust and limited resources while protecting what matters."

He is also the creator of PacketWars™ ( the World’s premier Cyber Sport.

Nico Golde

Nico Golde has been working on several aspects of mobile telecommunication and the involved security threats in the last years. His interests range from GSM/UMTS protocols, to systems security (mostly unix based systems) to end-user device security. In the past he has done work on the SMS client implementations of various mobile phones and found issues in phones from most major vendors. He also participated in dissecting the security of the increasingly popular femtocell technology. Currently Nico is working with the product security team at Qualcomm.

Travis Goodspeed

Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia. When he's not reverse engineering radio firmware, you can find him preaching on top of a milk crate at your local conference.

Jeff Gough

Jeff Gough is an electronic engineer, product designer and hacker. He is a masters student in Innovation Design Engineering at the Royal College of Art and Imperial College London. Recent projects include a pair of video display sunglasses for the band Muse, reverse engineering Epson inkjet printheads for micro-3D printing and the TROOPERS11 Nixie tube badge. He is currently working on personal anti-surveillance tools for dystopian futures.

Xu Jia

Xu Jia is researching SAP security topics since 2006. His focus is on static code analysis for ABAP and he is the lead architect for a commercial SCA tool. Working in the CodeProfiler Research Labs at Virtual Forge, he also analyzes (ABAP) security defects in SAP standard software. Xu has received credit for more than 30 security advisories where he reported 0-days to SAP, including multiple new forms of attack that are specific to SAP software. He already presented some of his research at Troopers 2013 and 2014 in Heidelberg.

Philippe Langlois

Founder of P1 Security and Senior Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France’s first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his website at:

Rob Lee

Robert M. Lee is the Founder and Director of hackINT, a 501©(3) non-profit organization that teaches entry level cyber security classes in the subjects of hacking, forensics, intelligence, and defense. Additionally, he is an active-duty US Air Force Cyberspace Operations Officer working under the Air Force Intelligence, Surveillance, and Reconnaissance Agency where he leads a national level cyber defense team. Robert is also an Adjunct Lecturer at Utica College where he teaches graduate level classes in digital forensics and cyber counter intelligence in the M.S. Cybersecurity program. He received his B.S. from the United States Air Force Academy, his M.S. in Cybersecurity – Digital Forensics from Utica College, and is currently working on his PhD in War Studies at Kings College London where he is researching control systems cyber security. Robert has written on control system cyber security, the direction of the cyberspace domain, and advanced digital threats for publications such as Control Global, SC Magazine, Australia Security Magazine, Hong Kong Security Magazine, Cyber Conflict Studies Association, and Air and Space Power Journal. He has also presented related topics at thirteen conferences in eight countries as well as presenting critical infrastructure protection topics to multiple international think tanks. Lastly, he has taught over 500 students through hackINT and his time at Utica College. Routinely consulted for his expertise on such subjects, Robert M. Lee is an active cyber advocate and educator.

Felix Lindner

Coming soon

Matthias Luft

Matthias Luft is a security researcher and heads the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization, and network security) while keeping up with the daily consulting and assessment work.

Daniel Mende

Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.

Graeme Neilson

Graeme Neilson, Chief Research Officer, RedShield Security.

Chris Nickerson

Chris is a security guy. He has a bunch of certifications (CISSP,CISA,ISO…etc) and a whole lot of experience to put into slide decks to make you say “wow…. he MUST know what he is talking about!” He likes to ask questions, play different roles, stand on the desk, and rant about his passions. Chris likes to get to the point and do work! He’s worked at Fortune 100 companies and ran a few InfoSec businesses of his own. Chris is the co-host of the Exotic liability Podcast, the author of the upcoming “RED TEAM TESTING” book published by Elsevier/Syngress and a founding member of BSIDES Conference

Marcus Niemietz

Marcus Niemietz is a professional security researcher at the Ruhr-University Bochum in Germany. He is focusing on Web security related stuff like HTML5 and especially UI redressing. Marcus has published a book about UI redressing and clickjacking for security experts and Web developers in 2012. Beside that he works as a security consultancy and gives security trainings for well known German companies. Marcus has spoken on a large variety of international conferences.

Mariano Nuñez Di Croce

Mariano Nunez Di Croce is the CEO at Onapsis. Mariano is a renowned researcher in the ERP & SAP Security field, being the first to present on real-world security attacks to SAP platforms. Since then, he has been invited to lecture in some of the most important security conferences in the world, such as BlackHat DC/USA/EU, RSA, SAP, HITB Dubai/EU, Troopers, Ekoparty, HackerHalted, DeepSec, Sec-T, and, as well as in Fortune-100 companies and military organizations.

Mariano has discovered 50+ vulnerabilities in SAP, Microsoft, Oracle and IBM applications. He leads the strategic development of Onapsis X1, has been the developer of the first open-source SAP & ERP Penetration Testing Frameworks and leads the “SAP Security In-Depth” publication. Mariano is also a founding member of, the Business Security Community. Because of his research work, he has been interviewed and featured in mainstream media such as CNN, Reuters, IDG, New York Times, eWeek, PCWorld, Darkreading and others.

Twitter: @marianonunezdc

Michael Ossmann

Michael Ossmann is a wireless security researcher who makes hardware for hackers. He founded Great Scott Gadgets in an effort to put exciting, new tools into the hands of innovative people.

Twitter: @michaelossmann

Ivan Pepelnjak

Ivan Pepelnjak, CCIE#1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars.

Juan Perez-Etchegoyen

JP leads the Research teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing, and Standards.

Alex Rothacker

Alex Rothacker is the Director of Security Research for Application Security, Inc.’s (AppSec) TeamSHATTER. In his role, Alex manages a team comprised of some of the world’s most renowned databases security researchers. TeamSHATTER is regularly credited for identifying critical database vulnerabilities and misconfigurations in leading database management systems. As an evangelist for database security, he is a regular speaker at security conferences and contributor to various security blogs. Before joining AppSec, Alex was a Director of Solutions at Visionics, a facial recognition software start-up. In addition, Alex has held various senior-level positions in the software industry. Alex holds an M.S. in Computer Science from New Jersey Institute of Technology and Diplom Informatiker(FH) from Fachhochschule Darmstadt (Germany).

Sebastian Schrittwieser

Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks and is a lecturer for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. Sebastian’s research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security. Furthermore, Sebastian is a senior expert at Kibosec GmbH.

Adam Sen

Adem is a security expert with German Railways (DB Systel) where he is responsible for the corporate network’s and telecommunication’s security. He has been designing and implementing network security mechanisms for many large scale environments for over 10 years, covering high secure networks and high secure VoIP environments. He is specialized on network defense techniques and has vast experience in analysis and mitigation of DDoS attacks.

E-Mail: Twitter: securityfreax

Lee SeungJin

Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 global CTF hacking contests in his country as well as passed DefCon quals 5 times. He has sold his research to major security companies like iDefense and ZDI (Recon ZDI contest). He has run numerous security conferences and hacking contests in Korea. Hunting bugs and exploiting them are his main interest. He does consulting for big companies in Korea and is now a graduate student at CIST IAS LAB, Korea University.

Dmitry Sklyarov

Dmitry Sklyarov is a Head of Reverse Engineering Department at Positive Technologies. Former Security Researcher at Elcomsoft and a lecturer at Moscow State Technical University. He did a research on the security of eBooks and on the authentication of digital photos. Recent research projects involved smartphone forensics.

Dominic Spill

Dominic Spill is senior security researcher for Great Scott Gadgets. The US government recently labelled him as "extraordinary". This has gone to his head.

Michael Thumann

Michael Thumann is Chief Security Officer and head of the ERNW application security team. He has published security advisories regarding topics like ‘Cracking IKE Preshared Keys’ and Buffer Overflows in Web Servers/VPN Software/VoIP Software. Michael enjoys sharing his self-written security tools (e.g. ‘tomas – a Cisco Password Cracker’, ‘ikeprobe – IKE PSK Vulnerability Scanner’ or ‘dnsdigger – a dns information gathering tool’) and his experience with the community. Besides numerous articles and papers he wrote the first (and only) German Pen-Test Book that has become a recommended reading at german universities.

In addition to his daily pentesting tasks he is a regular conference-speaker (e.g. Blackhat, HITB and RSA Conference) and has also contributed exploit code to the Metasploit Framework. With more than 10 years of experience in computer security Michaels’ main interest is to uncover vulnerabilities and security design flaws from the network to the application level and reverse almost everything to understand the inner working.

David Weinstein

David is a young software engineer and mobile security researcher. His cutting-edge work in Android and embedded systems has contributed to multiple patent-pending designs, and has recently provided expert consulting to DARPA and other government projects on mobile security. David has written papers on thin-client computing, innovated in the area of cryptographic systems for USB peripherals, and re-envisioned the defensive possibilities of mobile phone chargers.

Harald Welte

Harald Welte is communications security consultalt for more than a decade. He was co-author of tne netfilter/iptables packet filter in the Linux kernel and has since then been involved in a variety of Free Software based implementations of protocol stacks for RFID, GSM, GPRS, and TETRA. His main interest is to look at security of communication systems beyond the IP-centric mainstream. Besides his consulting work, he is the general manager of Sysmocom GmbH, providing custom tailored communications solutions to customers world-wide.

Steffen Wendzel

Steffen Wendzel is a 3rd year PhD student at the University of Hagen and a researcher at the Augsburg University of Applied Sciences. He is author of various scientific/professional papers and four IT-related books. His latest book “Tunnel und verdeckte Kanäle im Netz” (Springer-Vieweg) deals with network covert channels. His research interests comprise network covert channels, network protocol engineering and TCP/IP protocols, network security, administration and programming of Linux/Unix/BSD systems, and building automation security.

Andreas Wiegenstein

Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed numerous SAP security audits and received credit for more than 80 SAP security patches related to vulnerabilities he discovered in various SAP products. As CTO at Virtual Forge GmbH he leads Research & Innovation, a team focusing on SAP specific security research and new security solutions. Andreas has trained large companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences (like TechEd, DSAG, BIZEC and SAPience) as well as at general security conferences such as Troopers, Black Hat, HITB, IT Defense, DeepSec and RSA. He researched the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI) and is co-author of the first book on ABAP security (SAP Press 2009). He is also member of, the Business Security Community.