TROOPERS14 - Speaker


Chema Alonso

Chema Alonso, is one of the most prominent names regarding Computer Security and hacking in the world. Ph.D in Information Security, Computer and Systems Engineer, he graduated from Universidad Politécnica de Madrid where he was honored as Ambassador. He has been awarded as a Most Valuable Professional in Enterprise Security by Microsoft. Before getting into Telefonica to manage the new innovative company “Eleven Paths” focus in creating security technologies, he was working Informatica64 to create FOCA, Evil FOCA, Dust RSS, or publishing hacking papers such as Connection String Parameter Pollution or Blind LDAP Injection Techniques.

George Bakos

A complete packet geek, George enjoys discovering and exploiting (during pen tests, of course) technical vulnerabilities at all network stack layers and has contributed to numerous open source security projects over the years including thp, tcpdump and IDABench. A respected advisor to government, industry and academia, George has been an instructor for The SANS Institute since 2000 and is currently Technical Director of Intelligence and Response for Northrop Grumman, one of the world’s largest aerospace and defence companies.

Ravishankar Borgaonkar

Ravishankar works as a research fellow in Oxford University. His research themes are related to mobile telecommunication and involved security threats. This ranges from GSM/UMTS/LTE network security to end-user device security.

Rodrigo Branco

Rodrigo Rubira Branco (BSDaemon) works as Principal Security Researcher at Intel Corporation and is the Founder of the Dissect || PE Malware Analysis Project. Held positions as Director of Vulnerability & Malware Research at Qualys and as Chief Security Research at Check Point where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011 he was honored as one of the top contributors to Adobe Vulnerabilities in the past 12 months. Previous to that, he worked as Senior Vulnerability Researcher in COSEINC, as Principal Security Researcher at Scanit and as Staff Software Engineer in the IBM Advanced Linux Response Team (ALRT) also working in the IBM Toolchain (Debugging) Team for PowerPC Architecture. He is a member of the RISE Security Group and is the organizer of Hackers to Hackers Conference (H2HC), the oldest and biggest security research conference in Latin America. He is an active contributor to open-source projects (like ebizzy, linux kernel, others). Accepted speaker in lots of security and open-source related events as H2HC, Black Hat, Hack in The Box, XCon, VNSecurity, OLS, Defcon, Hackito, Ekoparty, Troopers and others.

Sergey Bratus

Sergey Bratus is a Research Assistant Professor the Computer Science Dept. at Dartmouth College. His research interests include designing new operating system and hardware-based features to support more expressive and developer-friendly debugging, secure programming and reverse engineering; Linux kernel security (kernel exploits, LKM rootkits, and hardening patches); data organization and other AI techniques for better log and traffic analysis; and all kinds of wired and wireless network hacking.

Before coming to Dartmouth, he worked on statistical learning methods for natural text processing and information extraction at BBN Technologies. He has a Ph.D. in Mathematics from Northeastern University.

Dmitry Chastuhin

Dmitry is a Director of security consulting at ERPScan. He works upon SAP security, particularly upon Web applications and JAVA, HANA and Mobile solutions. He has official acknowledgements from SAP for the vulnerabilities found. Dmitry is also a WEB 2.0 and social network security geek and bug bounty who found several critical bugs in Google, Nokia, Badoo. He is a contributor to the EAS-SEC project. He spoke at the following conferences: BlackHat, Hack in the Box, DeepSec, and BruCON

Peter Frühwirt

Peter Frühwirt is a researcher at SBA Research, the Austrian non-profit research institute for IT-Security and lecturer at the Vienna University of Technology. Peter received a Dipl. Ing. (equivalent to MSc) degree in Software Engineering and Internet Computing in 2013. His research interests include mobile security and database forensics.

Kevin Fu

Dr. Kevin Fu is credited for establishing the field of medical device security. Kevin is Chief Scientist of Virta Labs, Inc. and Associate Professor in EECS at the University of Michigan where he directs the Archimedes Center for Medical Device Security and the Security and Privacy Research Group (SPQR) at

Kevin has briefed White House staff on methods to improve medical device security. He was named MIT Technology Review TR35 Innovator of the Year. Kevin served as program chair of USENIX Security, a member of the NIST Information Security and Privacy Advisory Board, and co-chair of the AAMI Working Group on Medical Device Security. He served as a visiting scientist at the Food & Drug Administration, the Beth Israel Deaconess Medical Center of Harvard Medical School, Microsoft Research, and MIT CSAIL. Kevin received his B.S., M.Eng., and Ph.D. from MIT. He earned a certificate of artisanal bread making from the French Culinary Institute. Follow Kevin @DrKevinFu.

Martin Gallo

Martin Gallo is Penetration Testing SME at Core Security, where he applies his experience on penetration testing, code reviews and vulnerabilities hunting to the continuous improvement of the company's services and products. His research interests include enterprise software security, vulnerability research, threat modeling and reverse engineering. Martin has given talks at Troopers, Brucon and Defcon conferences.

Florian Grunow

Florian Grunow is a security analyst at ERNW. He holds a Master of Science degree in computer science with a focus on software engineering and medical devices.

Daniel Hauenstein

With over 13 years of professional IT security consulting experience, you can safely say he is an old timer in the fast moving field of IT security. Daniel worked as a security consultant for companies such as Secureware, TUEV Rheinland Secure iT, n.runs and Context Information Security, and for over 6 years now as a freelance consultant. He supported international clients like Microsoft USA, SAP, Deutsche Telekom and Deutsche Bank and also governmental clients with high-security demands in securing their applications and networks. He is a firm believer that the building blocks of security are a robust design and sound planning as opposed to firewall appliances, antivirus or compliance reports. His passion to prove that even small or presumably insignificant risks may result in “full root access pwnage” made him passionate about how to optimize security solutions. He also does not believe in the mystical power of security certifications. Daniel loves beer, Scotland, beer in Scotland and travelling. It is said that he knows every internet meme out there.

Martijn Jansen

Martijn has always been intrigued by electronics, transmission and any sort of security since he was a small kid. He built his first FM radio transmitter (after dis-assembling a few) very young, and always kept in touch with electronics and IT. He is technically educated as construction engineer and -designer. After continued education he served as a diver team commander. Returning back to civilisation he worked in his initial field of expertise (CAD construction design), then turning to IT. Martijn has experience as IT trainer, engineer, architect and consultant in sales, design, implementation and operation of operating systems, networks and security. He auto-didactically studied for about 6 years in the evenings to acquire all the certificates and technologies that were relevant at the time. Till a short while ago, he owned his own 19 inch rack at home with routers, switches and virtualisation computing running. As a principal consultant and architect Martijn took care of mostly bespoke and complex IT transformations for global pharma and manufacturing customers. He currently works as Security Controls Assurance manager for the Compliance department of a global telco. In this role he looks after compliance and security for the cloud computing proposition.

Xu Jia

Xu Jia is researching SAP security topics since 2006. His focus is on static code analysis for ABAP and he is the lead architect for a commercial SCA tool. Working in the CodeProfiler Research Labs at Virtual Forge, he also analyzes (ABAP) security defects in SAP standard software. Xu has received credit for more than 30 security advisories where he reported 0-days to SAP, including multiple new forms of attack that are specific to SAP software. He already presented some of his research at Troopers 2013 and 2014 in Heidelberg.

Vladimir Katalov

Vladimir Katalov is CEO, co-founder and co-owner of ElcomSoft Co.Ltd. Born in 1969 in Moscow, Russia; studied Applied Mathematics at National Research Nuclear University. Vladimir works at ElcomSoft up until now from the very beginning (1990). Now he is driving all the R&D processes inside the company.

Toby Kohlenberg

Toby is a senior information security technologist with Intel corporation. He focuses on securing new and emerging technologies and threats. He has been doing this for a long time.

Philippe Langlois

Founder of P1 Security and Senior Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France’s first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his website at:

Rob Lee

Robert M. Lee is the Founder and Director of hackINT, a 501©(3) non-profit organization that teaches entry level cyber security classes in the subjects of hacking, forensics, intelligence, and defense. Additionally, he is an active-duty US Air Force Cyberspace Operations Officer working under the Air Force Intelligence, Surveillance, and Reconnaissance Agency where he leads a national level cyber defense team. Robert is also an Adjunct Lecturer at Utica College where he teaches graduate level classes in digital forensics and cyber counter intelligence in the M.S. Cybersecurity program. He received his B.S. from the United States Air Force Academy, his M.S. in Cybersecurity – Digital Forensics from Utica College, and is currently working on his PhD in War Studies at Kings College London where he is researching control systems cyber security. Robert has written on control system cyber security, the direction of the cyberspace domain, and advanced digital threats for publications such as Control Global, SC Magazine, Australia Security Magazine, Hong Kong Security Magazine, Cyber Conflict Studies Association, and Air and Space Power Journal. He has also presented related topics at thirteen conferences in eight countries as well as presenting critical infrastructure protection topics to multiple international think tanks. Lastly, he has taught over 500 students through hackINT and his time at Utica College. Routinely consulted for his expertise on such subjects, Robert M. Lee is an active cyber advocate and educator.

Felix Lindner

Coming soon

Noam Liran

Noam Liran is the Chief Software Architect of Adallom, a SaaS application security provider. Noam is an alumnus of Israel Defense Force’s Unit 8200 and was a team leader in its cyber division.

Matthias Luft

Matthias Luft is a security researcher and heads the German security research company ERNW Research. He is interested in a broad range of topics (such as DLP, virtualization, and network security) while keeping up with the daily consulting and assessment work.

Attila Marosi

Attila Marosi has always been working in information security field since he started in IT. As a lieutenant of active duty he worked for almost a decade on special information security tasks occurring within the Special Service for National Security. Later he was transferred to the newly established GovCERT- Hungary, which is an additional national level in the internationally known system of CERT offices. Now he works for the SophosLab as a Senior Threat Researcher in the Emerging Thread Team to provid novel solution for the newest threats. Attila has several international certificates such as CEH, ECSA, OSCP, OSCE. During his free time he is reading lections and does some teaching on different levels; on the top of them for white hat hackers. He presented on many security conferences including, DeepSEC, AusCERT, Hacktivity, Troopers, HackerHalted and NullCon.

Marion Marschalek

Marion Marschalek is a Security Researcher, focusing on the analysis of emerging threats and exploring novel methods of threat detection. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and how both occasionally fail. Next to that Marion teaches malware analysis at University of Applied Sciences St. Pölten and has presented at a number of international conferences, among others Blackhat, RSA, SyScan, and Troopers. She also serves as a review board member for Black Hat Europe and was listed as one of Forbes’ "30 under 30" in the technology Europe division in 2016. Once year, Marion runs BlackHoodie, a reverse engineering workshop for women, in order to increase the number of femgineers in the field of low level technology.

Daniel Mende

Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.

Joseph Moti

Moti Joseph has been involved in computer security. In the last few years he has been working on reverse engineering exploit code and developing security products. Moti has been speaking at Black Hat Las Vegas 2007, CONF2009 & CONF2010 in Poland, POC 2009 & 2010 in South Korea, ShakaCon 2009 in USA, CHINA 2011 at Shanghai Jiao Tong University, NopCON 2012 in Istanbul and SysCan2010 Taiwan, Taipe. Also, Moti's work is so secret, he never publishes anything.

Twitter: @gamepe

Collin Mulliner

Collin Mulliner is a postdoctoral researcher in the Systems Security Lab at Northeastern University. Collin’s main interest is the security and privacy of mobile and embedded systems with an emphasis on mobile and smart phones. Since 1997 Collin worked on all kinds of mobile devices and touched most of the mobile platforms for either software development or security work. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt, respectively. Collin has a broad interest in systems security that is somehow connected to mobile devices and cellular infrastructure. He has a specific interest in vulnerability analysis and offensive security but recently switched his focus to the defensive side to work on mitigations and countermeasures.

Ivan Pepelnjak

Ivan Pepelnjak, CCIE#1354 Emeritus, has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990. He’s the author of several Cisco Press books, prolific blogger and writer, occasional consultant, and creator of a series of highly successful webinars.

Juan Perez-Etchegoyen

JP leads the Research teams that keeps Onapsis on the cutting-edge of the business-critical application security market. He is responsible for the design, research and development of Onapsis' innovative software solutions, and helps manage the development of new products as well as the SAP cyber-security research that has garnered critical acclaim for the Onapsis Research Labs. He is regularly invited to speak and host trainings at global industry conferences including Blackhat, HackInTheBox, Troopers, and SAP TechEd/DCODE. Prior to joining Onapsis, Juan Pablo led many Information Security consultancy projects for Companies in Latin America, EE.UU. and Europe. His strongest experience is in the field of Penetration Testing, Web Application Testing, Vulnerabilities Research, Information Security Auditing, and Standards.

Alexander Polyakov

Founder of ERPScan, President of project, accomplished R&D professional and Entrepreneur of the year. He is an expert at security for business-critical software like ERP, CRM, SRM and industry specific solutions. He has received due recognition having publishing over 100 vulnerabilities, as well as multiple whitepapers, such as annual award-winning "SAP Security in Figures”, surveys and a book devoted to information security research in SAP and Oracle. He has presented at more than 50 conferences in 20+ countries in all continents and held training sessions for the CISOs of Fortune 2000 companies, including SAP SE.

Enno Rey

Enno Rey @Enno_Insinuator is an old school network security guy who has been involved with IPv6 since 1999. In the last years he has contributed to many IPv6 projects in very large environments, both on a planning and on a technical implementation level.

Sebastian Schrittwieser

Sebastian Schrittwieser heads the Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks and is a lecturer for IT security at the University of Applied Sciences St. Pölten, Austria. He received a doctoral degree in informatics with focus on information security from the Vienna University of Technology in 2014. Sebastian’s research interests include, among others, network analysis, digital forensics, binary analysis, and mobile security. Furthermore, Sebastian is a senior expert at Kibosec GmbH.

Stefan Schumacher

Stefan Schumacher is the Head of the Magdeburger Institut für Sicherheitsforschung and Editor of the Magdeburger Journal zur Sicherheitsforschung. He studied Educational Science and Psychology and is currently managing the research project Psychology of Security. His research interest focusses on Social Engineering, Security Awareness and Qualitative Research about the Perception of Security. He is also an Assistant Lecturer at the University Magdeburg. He has been involved in the Hacker and Open Source Scene (NetBSD) for the last 20 years. He gave more than 140 public talks in the last 10 years at conferences like DeepSec Vienna, DeepIntel, Chaos Communication Congress, Chaos Communication Camp, Chemnitzer Linux-Tage, Datenspuren, LinuxDays Luxembourg, DGI Forum Wittenberg, GUUG FFG, ILA etc. and published several articles and a book on IT and Security Policy. A full list of publications and talks can be downloaded at ( (

Haya Shulman

Haya Shulman is a postdoctoral fellow in the European Center for Security and Privacy by Design (EC-SPRIDE) headed by Prof. Dr. Michael Waidner at Technische Universitaet Darmstadt. Her research interests are in network and cyber security, focusing on attacks on performance and correctness, and on devising countermeasures. Haya conducted her Ph.D. at the Department of Computer Science, Bar Ilan University, Israel, under the supervision of Prof. Dr. Amir Herzberg. Her PhD thesis is on network security. In 2009 Haya graduated her M.Sc. studies, also in the dept. of Computer Science, with thesis on Secure Execution of Software in Remote, Hostile Environment. In 2011 and 2013 she received the ‘Checkpoint Institute for Information Security (CPIIS)’ awards, in 2013 she received the Feder prize for her research in communication technologies and an ICANN research fellowship.

Christian Sielaff

Christian Sielaff works since many years in the Telco world. Previously he was part of an operational department and has designed and maintained secure access solutions. So he also knows the other side of the console. As part of the Group Information Security of Deutsche Telekom, he focuses on Information Security in the last few years. In the team of Network and Data Center Security he is specialized on the management network security aspects.

Robin Sommer

Robin Sommer is leading the Bro project as a Senior Researcher at the International Computer Science Institute, Berkeley, USA. He is also a member of the cybersecurity team at the Lawrence Berkeley National Laboratory; and he is a co-founder of Broala, a recent startup providing professional Bro services to corporations and government customers. Robin Sommer’s research focuses on network security and privacy, with a particular emphasis on high-performance network monitoring in operational settings. He holds a doctoral degree from TU München, Germany.

Ryan Speers

Ryan Speers is a co-founder and security researcher at River Loop Security and has extensive experience in IEEE 802.15.4/ZigBee analysis and software and hardware security analysis. He maintains the KillerBee 802.15.4 assessment framework has previously spoken at ShmooCon and ToorCon Seattle, and has published at USENIX WOOT, IEEE/HICSS, and the Workshop on Embedded Systems Security. He enjoys breaking things, although not when volunteering as an EMT or when rock-climbing. He graduated from Dartmouth College with a degree in Computer Science.

Will Vandevanter

Will Vandevanter is a Senior Security Researcher at Onapsis where he focuses on SAP and ERP security. He has discovered and helped SAP AG patch numerous critical vulnerabilities in SAP software and is a regular contributor to the Onapsis SAP Security In-Depth publication. Prior to Onapsis, Will was the Lead Penetration Tester at Rapid7. He has previously spoken at Defcon, OWASP AppSec, SOURCE Barcelona, and a number of other conferences. Will holds a Bachelors Degree in Mathematics and Computer Science from McGill University and Masters Degree in Computer Science with a focus in Secure Software Engineering from James Madison University.

Javier Vazquez

Javier Vazquez is a researcher at River Loop Security specializing in wireless systems, PCB design, and hardware reverse engineering. Javier graduated from the University of Central Florida with a degree in Electrical Engineering and a focus on RF Engineering. Other interests include networking and software development.

Andreas Wiegenstein

Andreas Wiegenstein has been working as a professional SAP security consultant since 2003. He performed numerous SAP security audits and received credit for more than 80 SAP security patches related to vulnerabilities he discovered in various SAP products. As CTO at Virtual Forge GmbH he leads Research & Innovation, a team focusing on SAP specific security research and new security solutions. Andreas has trained large companies and defense organizations on SAP security and has spoken at multiple SAP-specific conferences (like TechEd, DSAG, BIZEC and SAPience) as well as at general security conferences such as Troopers, Black Hat, HITB, IT Defense, DeepSec and RSA. He researched the ABAP Top 20 Risks published by the German Federal Office for Information Security (BSI) and is co-author of the first book on ABAP security (SAP Press 2009). He is also member of, the Business Security Community.

Felix Wilhelm

Felix is a security researcher working for ERNW GmbH. His main interests are application security, reverse engineering and virtualization security. Felix has disclosed critical vulnerabilities in popular software such as Hyper-V, Xen, Typo3 or IBM GPFS and has presented his work at international conferences like PHDays, Hack in the Box, Infiltrate and Troopers.

Vladimir Wolstencroft

Vladimir Wolstencroft, Senior Security Consultant, Aura Information Security.

Job de Haas

Job de Haas holds an M.Sc. in Electrical Engineering and has a track record in the security industry of more than 15 years. He has experience evaluating the security of a wide range of embedded platforms, such as IPTV decoders, satellite receivers, mobile phones, smart meters and a variety of modems (ADSL, Wireless). Further, he is a specialist in the reverse engineering of applications and consumer electronics. At Riscure, Job is the senior specialist in charge of security testing of embedded devices for high-security environments. Amongst others, he assessed the protection of pay television systems against side channel and card-sharing attacks for conditional access providers. Job has participated in the creation of several certification schemes for customers of embedded products. Job has a long speaking history at international conferences, including talks on security of mobile technologies, reverse engineering of firmware and side channel attacks on embedded systems.