Fyodor Yarochkin is a security analyst and software architect for Armorize Technologies. Formely security anlyst and co-founder of GuardInfo, a taiwan based security consulting company. He is a frequent speaker at international security conferences, including BlackHat 2001 HK, BlackHat 2001 Singapore, BlackHat 2002, Ruxcon 2003, XCon 2003 / 2006, HITB 2004 and 2005, Syscan 2005 / 2008, Bellua 2005, HITCon 2006 / 2007, VNSecurity 2007, and DeepSec 2008. He has also published many well-cited papers on top security conferences and magazines, including Usenix and Phrack Magazine. Fyodor is an early developer to snort, and founder to Xprobe. Fyodor has a MS degree in computer science from Kyrgyz Russian Slavic University.
Marc “van Hauser” Heuse is performing security research since 1993, having found vulnerabilities in software like firewalls, DNS servers, SAP middleware, etc. and is the author of various well known security and pentest tools like hydra, amap, THC-Scan, secure_delete, SuSEFirewall and many more. He is performing security research on IPv6 since 2005 and has spoken on many conferences on this topic since then, among these are the CCC congress (Germany), Cansecwest (Canada), PacSec (Japan) and many more international conferences, and additionally has programmed the solely available pentest toolkit for ipv6: the thc-ipv6 protocol attack suite. In 1995 he founded the renowned security research group “The Hacker’s Choice”, which was the first group to e.g. crack A5 GSM in 2006 within a minute. Since 1997 he is working as a security consultant in the top-5 enterprise consultant companies, since 2007 he is working as an independant security consultant.
Mohamed Saher is a Security Researcher specializing in reverse engineering, windows internals and mathematics. He has done a lot of work and research in various areas, such as, but not limited to: native software protection, compilers and rootkits. His mostly known public researches includes: Hacking Online Games (Breaking KONAMI’s Secure Communication Protocol and Emulating Game Servers), Industrial Control Systems (ICS) Targeted Rootkits: Stuxnet, DuQu open-source detector and reverse engineered C sources with IDA databases. In his spare time he likes to contribute to different reverse engineering forums, solve crackmes and math problems in project-euler where he is top ranked locally (by country) and internationally. He is also a winner of the Hackers Challenge for 2008. Mohamed currently works for NSS Labs.
Nir Goldshlager is a known security researcher with more than 12 years of extreme web applications assessments, Nir found many high vulnerabilities in every big-scale website that exists today (Google, Paypal, Ebay, Twitter, Amazon and many others), Nir also listed in Google Security Sustained Support for many bugs findings. Nir can be found on twitter @Nirgoldshlager and on his personal blog: http://www.nirgoldshlager.com
Aaron Portnoy is the Manager of the Security Research Team at HP TippingPoint. His group is responsible for reverse engineering vulnerability submissions to the Zero Day Initiative program, discovering new 0day vulnerabilities in ubiquitous software, developing tools to aid in these processes, presenting reverse engineering and exploitation research at reputable conferences world-wide, and developing competitions such as Pwn2Own. Aaron has discovered critical vulnerabilities affecting a wide range of vendors including, but not limited to: Microsoft, Adobe, RSA, Novell, Symantec, HP, IBM, Novell, and VMware. He has presented original research in the areas of reverse engineering, fuzzing, exploitation, and vulnerability discovery at conferences such as BlackHat, BlueHat, RSA, CanSecWest, Ekoparty, and RECon. Additionally, Aaron teaches a Reverse Engineering class every Fall at the Polytechnic Institute of NYU, has been an invited speaker at the National Security Agency, and has been referenced in several published books.
Carlos Sarraute studied Mathematics in the University of Buenos Aires and is currently finishing his PhD at ITBA (Instituto Tecnologico de Buenos Aires). He has been working since 2000 in CoreLabs. His areas of research are security vulnerabilities, attack planning and modeling, security events visualization, cryptanalysis, protocol design flaws, and the use of neural networks to analyze OS fingerprints. He has given talks and courses about information security and cryptography in several universities in Argentina, and has spoken in the conferences: PacSec (Tokyo), EUSecWest (London), SSTIC (Rennes), HITB (Kuala Lumpur), FRHACK (Besançon), H2HC (São Paulo), Hackito Ergo Sum (Paris), AAAI/SecArt (Atlanta), ACM CCS/AISec (Chicago), 8.8 (Santiago). He is member of the program committee of HES.
Brandon Edwards, aka drraid, is a researcher within the HP TippingPoint security research group. His day to day work involves finding and analyzing vulnerabilities in software. Brandon has spoken at reputable conferences world-wide and guest lectures at the Polytechnic Institute of NYU every year. Prior to TippingPoint, he worked as an application security architect and consultant. Outside of work he has been known to rock the microphone.
Itzhak Avraham (Zuk) is a Computer & Network Security Expert who has done a wide variety of vulnerability assessments. Zuk worked at the IDF as a Security Researcher and later as Security Researcher Training Specialist. Proud founder of zImperium LTD, from the creators of ANTI (Android Network Toolkit) and sees pentesting/hacking/research/reverse engineering as a way of life. He’s a proud holder of a SVC card that is in the possession of elite researcher such as Matt Swich and really dislikes writing about himself in the third person. Zuk can be found on his personal hacking related blog at http://imthezuk.blogspot.com
Chief security researcher and software developer at Elcomsoft. Co-invented ThunderTables (which are improved RainbowTables) and was first to bring GPU acceleration to password recovery. M. Sc. IT and CISSP. LinkedIn: http://ru.linkedin.com/in/belenko
Sergey Bratus is a Northern Appalachian who hacks DWARF and ELF. With Travis Goodspeed, they build strange and radiant machines from the weird machines that others discard. Rumor has it that they might be neighbors of the Pastor Manul Laphroaig, but fact has it that they used a 1938 radio drama to exploit modern digital radios.
Jonathan is a security research engineer holding an Engineering degree and a Master in Computer Science. Born in France, he’s been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs. He is well known in the industry for his disruptive research on preboot authentication (breaking all the top tier BIOS passwords, and full disk encryption software – including Truecrypt and Microsoft Bitlocker- with a single exploit in 2008 !) as well as Virtualization software. He is currently working as CEO and security consultant at the Toucan System security company. His clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES2011) in France. Jonathan has been a speaker at a number of great intenational conferences including Defcon, HITB (Amsterdam & Kuala Lumpur), Ruxcon (Australia), Hackito Ergo Sum (France), H2HC (Brazil & Mexico) among others.
Joan Calvet is a Ph.D. student working at the LORIA laboratory (Nancy, France) and also at the École Polytechnique de Montreal (Canada). His main interests lie in malware analysis, reverse engineering, and software security.
Cesar Cerrudo is CTO at IOActive Labs, where he leads the team in producing ongoing cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting—which was acquired by IOActive—Cesar is a world-renowned security researcher and specialist in application security. Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, and Yahoo! Messenger. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques, and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals.
Travis Goodspeed is a Southern Appalachian who hacks hardware and embedded systems. With Sergey Bratus, they build strange and radiant machines from the weird machines that others discard. Rumor has it that they might be neighbors of the Pastor Manul Laphroaig, but fact has it that they used a 1938 radio drama to exploit modern digital radios.
Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations.
Gont has worked on a number of projects for the UK National Infrastructure Security Coordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite. Gont is currently working as a security consultant and researcher for SI6 Networks (http://www.si6networks.com). Additionally, he is a member of the Centro de Estudios de Informatica (CEDI) at Universidad Tecnológica Nacional/Facultad Regional Haedo (UTN/FRH) of Argentina, where he works in the field of Internet engineering. As part of his work, he is active in several working groups of the Internet Engineering Task Force (IETF), and has published a number of IETF RFCs (Request For Comments) and Internet-Drafts. Gont is also a member of the Transport Directorate of the IETF (http://trac.tools.ietf.org/area/tsv/trac/wiki/TSV-Directorate).Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, Midnight Sun Vulnerability and Security Workshop/Retreat 2005, FIRST Technical Colloquium 2005, Kernel Conference Australia 2009, DEEPSEC 2009, HACK.LU 09, IETF 73, IETF 76, LACNIC XII, Hack In Paris 2011, HACK.LU 2011, and DEEPSEC 2011.
More information about Fernando Gont is available at his personal web site: http://www.gont.com.ar
Renaud Lifchitz is a French computer security engineer. He has a solid penetration testing background and he is currently mainly delivering training courses and assisting his customers in their security needs.His main interests are protocol security (authentication, cryptography, protocol security, information leakage, zero-knowledge proof, RFID security) and number theory (integer factorization, primality tests, elliptic curves).
Daniel and Enno are long time network geeks who love to explore network devices & protocols and to break flawed ones.
Security researcher at ElcomSoft and a lecturer at Moscow State Technical University. He did research on the security of eBooks and on the authentication of digital photos. Recent research projects involved mobile phone and smartphone forensics. Dmitry is also a co-developer of the ElcomSoft iOS Forensic Toolkit.
As a security researcher has worked in Positive Technologies, Vupen Security, CISS in the past.
Author of some materials about kernel vulnerabilities and exploitation in kernel land.
Currently, does vulnerability research and solve problems of automatic searching of vulnerability.
Georg Wicherski is a Senior Security Researcher with CrowdStrike, mostly analyzing advanced targeted threats but also putting himself in attackers’ shoes from time to time. He loves to work on a low level, abandoning all syntactic sugar that HLL offer and working on instructions or bytecode
Walter Belgers got his M.Sc. in computing science in 1994 and has worked in the IT security field ever since. Currently, he is co-owner of Madison Gurkha where he performs security audits. For over 15 years, he has been lockpicking as a hobby. He founded the Eindhoven chapter of TOOOL – the Open Organisation of Lockpickers, which is a group of lockpicking enthousiast in the Netherlands. He has won several lockpicking competitions and regularly lectures on the subject. Although Walter’s life revolves around security, he also tries to find time for sailing and drifting in an old BMW car.
Matias Brutti is a Managing Security Consultant at IOActive, where he brings his hardcore Argentinean love of hacking and applies it with a smooth hand. A man of class, when he’s not using his intimidating mental prowess on the job, he likes to kick back with some Ghost in the Shell, a nice Malbec, and only the finest sushi. At IOActive, Matias performs penetration testing, social engineering, web applications testing, identifies system vulnerabilities, and designs custom security solutions for clients in software development, telecommunications, and financial services. Not to toot his own horn, but he’s also been a featured speaker at such prestigious events, such as Microsoft’s Bluehat Security Breifings, Baythreat, Toorcon Seattle, and various BSides conferences.
Born in Romania Florentin Demetrescu has been living in France for 20 years now. He is a firmware engineer at EADS Cassidian. He was once a developer of the Coreboot project and is now hacking and designing hardware during his free time.