Find Expert Speakers

I’m currently working as a Security Analyst, with experience in both red team and blue team operations. My current focus is on red team engagements, zero-day research, and malware analysis.

Aamiruddin Syed is Cybersecurity Professional with over decade in years of experience in the industry. He specializes in DevSecOps, Shift-Left Security, cloud security, and internal penetration testing. He authored book title "Supply Chain Software Security-AI,IoT,Application Security " with Apress/Springer .He has extensive expertise in automating security into CI/CD pipelines, developing security automation, and building security into infrastructure as code. He has worked on securing cloud platforms by applying security best practices to infrastructure provisioning and configuration. Leveraging his penetration testing skills, he routinely conducts targeted internal assessments of critical applications and systems to proactively identify risks. He excels at bridging the gap between security and engineering teams to enable building security directly into products. Aamiruddin Syed holds Dual Master’s degree in Cybersecurity from Northeastern University and Jadavpur University. A recognized advocate for secure development, Aamiruddin is a frequent speaker and session chair at leading industry conferences including RSA Conference, DEFCON, and Black Hat.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, Founding Director and Principal Investigator at Pwnshow, and CEO at Zeronomicon, Italy. He is a featured speaker at 25+ peer-reviewed international events across 5 continents, such as NATO's Conference on Cyber Conflict, RSA Conference, and the leading hacker conferences. His work focuses on the intersection of artificial intelligence, cyber threats, and regulatory landscapes. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

Amey Parab is a seasoned Staff Software Engineer and Tech Lead with over 14 years of comprehensive software development experience, specializing in frontend architecture and high-performance web applications. Currently serving as a Staff Software Engineer and Tech Lead at Magnit Global, Amey leads the development of cutting-edge AI-powered workforce management platforms that streamline complex business processes.Amey's expertise lies in architecting scalable frontend solutions that significantly accelerate feature delivery and boost overall team velocity. He has a proven track record of building foundational components and frameworks that serve as the backbone for enterprise-level applications across multiple industries, including workforce management, financial services, healthcare, and digital media. As a technical leader, Amey has consistently driven innovation through the development of reusable Angular frameworks and UI component libraries that promote consistency and maintainability across large-scale applications.Throughout his career, Amey has made significant contributions to various sectors. In workforce management, he is leading the architectural foundation for Magnit Platform's modern AI-powered solutions. In financial services, he developed comprehensive digital investment platforms and financial planning tools at Prudential Financial. His healthcare technology work includes creating advanced analytics platforms and high-content analysis solutions for medical research, while his digital media experience encompasses building interactive video recording and content management systems.Amey specializes in Angular framework development, TypeScript, and modern web technologies, with extensive experience in creating responsive, accessible, and cross-browser compatible applications. His technical toolkit includes expertise in UI/UX implementation, REST API integration, unit testing frameworks, and cloud deployment strategies. His collaborative approach with cross-functional teams, including product managers, designers, and backend developers, has resulted in robust RESTful API architectures and seamless user experiences.Amey is passionate about mentoring development teams and establishing best practices that ensure the delivery of maintainable, scalable, and high-quality code. His approach combines technical excellence with strategic thinking, enabling organizations to build robust digital solutions that meet evolving business needs. He holds a Bachelor of Management Studies from the University of Mumbai and has completed an Advanced Programme in Software Development. He is a Microsoft Certified Professional Developer with specializations in .NET Framework applications, demonstrating his commitment to continuous learning and professional development.Based in the Bay Area, Amey continues to drive innovation in frontend development while contributing to the advancement of modern web application architectures.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Armaan Pathan is a Senior Security Engineer with extensive experience in application security, penetration testing, and bug bounty hunting. He has reported vulnerabilities at leading tech organisations such as Google, Facebook, Apple, and Microsoft.With a Master’s in Information Technology and credentials like OSCP, he has excelled in both offensive security and mentoring teams. Armaan frequently shares his research by writing blogs and driving awareness of emerging threats and best practices.

Arun Kuna is a highly accomplished and results-driven QA Architect and SDET with over 15 years of experience in the Information Technology industry, specializing in Quality Assurance, Test Automation Engineering, Database Testing, and Cloud-native application validation. With a proven track record across Fortune 25 enterprises and innovative startups, he has led large-scale QA initiatives spanning Web, Mobile, Cloud, and Enterprise Client/Server applications. Arun possesses deep expertise in designing and implementing scalable, reusable test automation frameworks leveraging Hybrid, BDD, TDD, and Page Object Model methodologies with tools such as Selenium WebDriver, TestNG, JUnit, and Python. His technical skill set extends to cloud-based testing on AWS, Azure, and GCP, with hands-on experience in integrating automation pipelines within CI/CD ecosystems like Jenkins, GitLab CI, and Azure DevOps. He excels in microservices and API test automation using Rest Assured, Postman, and SOAP UI, as well as performance engineering through JMeter, LoadRunner, and Grafana-enabled dashboards. Arun has demonstrated leadership in driving DevOps and Agile transformations, building containerized testing environments with Docker and Kubernetes, and implementing AI/ML-powered testing accelerators to enhance efficiency and coverage. His career highlights include leading enterprise-wide QA strategy and framework architecture for mission-critical mortgage and financial applications at Fannie Mae and Freddie Mac, optimizing cloud-based QA operations, and mentoring teams to embrace modern quality engineering practices. With advanced proficiency in SQL, PL/SQL, ETL validation, and backend data testing, coupled with strong cross-functional collaboration and governance skills, Arun continues to be a catalyst for delivering robust, scalable, and high-performing software solutions across dynamic business landscapes.

Passionate about ensuring the reliability and performance of networking solutions, I specialize in protocol qualification, test automation, and validation for cutting-edge telecommunications and networking technologies. With a strong foundation in networking protocols, software testing, and automation frameworks, I thrive on optimizing test processes and driving continuous improvements in network quality.At Nokia, I focus on verifying and qualifying networking protocols to meet the highest industry standards, leveraging automation to enhance efficiency, accuracy, and scalability in testing. My expertise spans across routing, switching, network security, and cloud-native networking solutions, ensuring seamless integration and deployment.Key strengths:✔ Protocol Qualification & Network Testing – Expertise in evaluating routing and switching protocols, ensuring interoperability and compliance.✔ Test Automation & Scripting – Proficient in developing test suites that streamline validation processes.✔ Troubleshooting & Performance Analysis – Skilled in debugging complex network issues and optimizing system performance.✔ Collaboration & Innovation – Work closely with cross-functional teams to enhance test strategies and improve product quality.Always eager to explore emerging technologies, improve testing methodologies, and contribute to the evolution of next-generation networking solutions. Let’s connect and discuss innovations in networking and test automation!

I’m a results-driven Principal SecOps Engineer with over 15 years of proven expertise spanning across multiple organisations in various service sectors in architecting and delivering world-class security programs for global software organizations. I’ve spearheaded transformational automation initiatives, reducing report-generation times by over 95% and built unified multi-cloud compliance frameworks that consistently pass rigorous audits and compliances. I've created AI-powered attack surface platform earned international hackathon recognition, and I’ve presented SecOps deep dives at VULNCON, top engineering colleges, and industry forums.As Cloud Security Lead and Principal Engineer at Perforce, I’ve led high-impact teams to operationalize continuous monitoring, vulnerability management, and incident response at scale.A CISSP-certified mentor and community advocate, I actively contribute to open-source security projects and share expertise through workshops, and local meetups empowering the next generation of security professionals.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience he is focusing his time mainly on research in various fields including red teaming, reverse engineering, embedded devices, firmware emulation and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology he starts the second shift right after work to do some research to find new vulnerabilities.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

I'm a developer (Firefox) and bug hunter for browsers.

Captain, founder of LOONG Community, is an independent security researcher. He focuses on hardware security researches, penetration test, incidents response and digital forensics analysis. He was the first and the only Asian leading a group of white-hat hackers to hold an in-depth, hands-on hardware hacking village in BLACK HAT and DEFCON. He is also a frequent speaker and trainer in different top-notch security and forensics conferences including SANS, HTCIA, DFRWS, GCC, CodeBlue, HITB, SINCON, AVTokyo and HITCON.

Carlos Gómez Quintana is a Security Consultant at IOActive, specializing in Red Team operations and offensive security. As one of the youngest professionals to join the firm, he conducts advanced penetration testing, adversarial simulation, and security research across diverse enterprise environments.At IOActive, Carlos focuses on cutting-edge security research, including automotive security where he has developed novel attack techniques such as rollback agnostic replay attacks against vehicular systems. He regularly conducts Red Team engagements that simulate real-world adversarial scenarios for enterprise clients.Carlos is an active security researcher and contributor to Maldev Academy, where he has contributed to the phishing section and active research on malware development.

Chiao-Lin Yu (Steven Meow) currently serves as a Red Team Cyber Threat Researcher at Trend Micro. He holds numerous professional certifications including OSCE³ , OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as DEFCON Main Stage, IoT Village, Car Hacking Village, Security BSides Tokyo, HITCON Bounty House, and CYBERSEC. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans red team exercises, web security and IoT security.

Chi-en “Ashley” Shen is a Security Research Engineering Technical Leader at Cisco Talos, specializing in emerging threat research—ranging from nation-state attacks to financially motivated crimes and spyware campaigns. Before joining Cisco, she worked at Google’s Threat Analysis Group, where she hunted zero-day exploits and tracked botnets. Prior to that, she was part of Mandiant’s Global Research Team, where she co-authored the APT41 report and published research on ICEFOG campaigns. In Taiwan, Ashley co-founded Team T5 and served as a senior threat analyst with a focus on targeted attacks in APAC. A passionate advocate for women in cybersecurity, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan, and she currently organizes Rhacklette, a security community for FINTA in Switzerland. She has presented her research at a range of conferences, including Black Hat, HITB, HITCON, FIRST, Pivotcon and CODE BLUE. In her free time, she supports the community by offering training sessions and serving on the review boards for Black Hat, HITCON, and HITB.

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and various B-Side events. He is a perennial feature at the Thotcon conference in his native Chicago, USA and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the country. 

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRG | MCPD Enterprise ArchitectChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder ofAuroraSec and RRG, and has helped develop many of today’s most widely used RFIDresearch tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-knownRFID hacking and Proxmark3 evangelist, serving the community as both a forumadministrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black HatAsia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon. He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 14 years of experience in bespoke software development, Christian specializes in.NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFIDtechnologies, and has served as an instructor for Red Team Alliance (RTA), including trainingsessions at Black Hat.

A pioneering figure in the cybersecurity realm, Chris began his illustrious career as an original vulnerability researcher at the renowned hacker think tank, L0pht. From 1992 to 2000, he was an integral member of this group, contributing to its groundbreaking research. One of his earliest notable disclosures was a vulnerability he identified in the Windows NT networking stack. This discovery revealed that regular users could intercept packets before they reached host firewalls or system processes. Chris's research skills led him to this finding using a tool he developed, named Netcat for NT. Chris was instrumental in the development of L0phtCrack, the pioneering Windows password cracking tool. Recognizing the need for a more collaborative approach to cybersecurity, Chris was a driving force in transitioning the security community from an anarchistic full disclosure model to a more coordinated disclosure approach. This involved forging partnerships between the L0pht and major software vendors, including Microsoft, in the late 1990s. His unwavering commitment to elevating security standards and his impactful vulnerability research did not go unnoticed. In 1998, Chris, alongside 6 of his L0pht colleagues, testified before the U.S. Senate on matters of U.S. govt cybersecurity. His expertise was again sought in 2003 when he testified to the U.S. House, elucidating the intricacies of software vulnerability discovery during a period when internet worms were a significant threat to businesses and government entities. A staunch proponent of the "secure by design" philosophy, Chris took on the role of VP of Research at the security consultancy, @stake, in the early 2000s. Here, he collaborated closely with Microsoft, integrating robust security processes into their Software Development Life Cycle (SDLC). This included the introduction of threat modeling, code review, fuzzing, and application penetration testing. Drawing from his extensive experience consulting with software vendors, Chris authored "The Art of Software Security Testing", published by Addison-Wesley in 2006. In 2006, with a vision to revolutionize software security, Chris founded Veracode. Under his leadership as CTO, Veracode offers a SaaS solution that automates the "secure by design" approach, leveraging a myriad of appsec testing techniques. Today, Veracode serves 1000s of customers worldwide. For 18 years Chris was at the helm of its security research, product security, info security, & compliance teams. Today he speaks to the public and to customers as Chief Security Evangelist.

OSINT, APT, Digital Forensics in the Asia-PacificCEH, CHFI, ISO 17025, MCFE, EnCE(Training)Previously taught at universities and research institutionsEnthusiastic about cybersecurity research, reverse engineering, cats, and tea.

Feel free to email me on basically anything on computing or history

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

Danish Tariq is a Security Engineer by profession and a Security researcher by passion. He has been working in Cyber Security for over 8 years and it all started out of a curiosity to break things and look deep down into those things (physical or virtual) back in his teenage years. His major expertise is Penetration Testing and Vulnerability Assessments.He was also involved in bug bounty programs as well, where he helped many companies by finding vulnerabilities at different levels. Companies include Microsoft, Apple, Nokia, Blackberry, Adobe, etc.Spoke @ BlackHat MEA 2022 (Briefing: Supply-Chain Attacks)Featured in "The Register" for an initial workaround for the NPM dependency attacks.Certified Ethical Hacker, Certified Vulnerability Assessor (CVA), Certified AppSec Practitioner, Certified Network Security Specialist (CNSS),IBM Cyber Security AnalystEx-Chapter Leader @ OWASPEx-Top Rated freelancer (Information security category) on UpworkRecent security research and CVEs include - CVE-2022-2848 & CVE-2022-25523Served as a Moderator @ OWASP 2022 Global AppSec APAC.Researched and Speaker at MCTTP, Germany - HITB, Thailand - OOTB, Indonesia and many more.

Dave has 30 years of industry experience. He has extensive experience in IT security operations and management. Dave is the Global Advisory CISO for 1Password. He is the founder of the security site Liquidmatrix Security Digest & podcast. Dave also hosts the Chasing Entropy Podcast. He was a member of the board of directors for BSides Las Vegas for 8 years. He currently serves on the advisory boards of Byos.io and Knostic.ai. Dave has previously worked in critical infrastructure for 9 years as well as for companies such as Duo Security, Akamai, Cisco, AMD and IBM. Previously he served on the board of directors for (ISC)2 as well as being a founder of the BSides Toronto conference. Dave was a DEF CON speaker operations goon for 13 years. Lewis also serves on the advisory boards for the Black Hat Sector Security Conference in Canada, and the CFP review board for 44CON in the UK. Dave has previously written columns for Forbes, CSO Online, Huffington Post, The Daily Swig and others. For fun he is a curator of small mammals (his kids) plays bass guitar, grills, is part owner of a whisky distillery and a soccer team.

Dhillon Andrew Kannabhiran (@l33tdawg on Twitter) is the Founder of Hack in The Box (http://www.hitb.org), organiser of the HITBSecConf series of network security conferences which has been held annually for over a decade in various countries including Malaysia, The Netherlands and the UAE. HITBSecConf routinely brings together some of the world's leading subject matter experts, law enforcement officials and independent researchers to discuss the next generation of attack and defense methods. Celebrating it's 10th year anniversary in 2012, HITBSecConf is today one of the most highly anticipated, must-attend annual events for network security gurus, researchers and enthusiasts. Prior to quitting his day job to lead the HITB team on crazy adventures around the world, Dhillon started off at the height of the dotcom craze as a technology journalist with PC World, ZDnet, MIS Asia and CNet. When the bubble burst, he moved on to a Malaysian telco as Chief IT Officer to spend his days in the world of Cisco AS5300s, in a land of packet switched networks at a time when Asterisk did not just mean '*'

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

Dominic Chell is a seasoned cybersecurity expert and one of the co-founders and directors at MDSec, a UK-based consultancy specializing in red teaming, application security, and adversary simulation. He has over 20 years of hands-on experience, delivering technical security assessments and training for major financial, government, and retail organizations .

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Dustin Heywood, otherwise known as EvilMog has been in the Cybersecurity Industry for close to 2 decades. He is an Executive Managing Hacker and Senior Technical Staff Member for IBM X-Force, a member of "Team Hashcat", and a Bishop of the "Church of Wifi".EvilMog is a world champion Hacker Jeopardy Player, and a holder of multiple "Black Badges" including DEFCON, THOTCON, and CypherCon.

Felipe is a cyber security researcher and professional currently based in Bangkok and the wider ASEAN region. With a background in low-level reverse-engineering and exploitation of mobile handsets and embedded devices. In less than two months of entering the bug bounty space, he quickly reached the 80th percentile of critical submissions on a flagship bug bounty platform, and decided to pursue crowdsourced security further. Felipe is currently pursuing a mixture of independent research in vulnerability discovery within crowdsourced security programs, and contract work.

I’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others. I’ve served as University Professor in Master Degree - Portugal and Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).

As a seasoned technologist, life-long hacker, and world-renowned security professional, I excel at tackling complex problems from unconventional angles to uncover innovative solutions. With expertise in managing multicultural environments, I bridge the gap between commercial and technical sides of businesses, aligning international teams to achieve common goals. My entrepreneurial spirit and technical acumen enable me to navigate crisis situations, chaotic business environments, and strategic changes with ease.With a deep understanding of IP networking, telecom, internet communications, security, and cloud computing, I stay ahead of the curve by exploring new technologies before they hit the market. I analyze their strategic implications, disruptive effects, and emerging opportunities, providing valuable insights to businesses.My extensive experience spans designing complex computing environments, evaluating security issues in widely used systems, including election equipment, and authoring academic studies on election security. As a co-founder of the first pan-European internet service provider EUNet, I have a proven track record of developing secure communication protocols and technologies.Since 2005, I have advised law and policy makers, national and local governments, on cybersecurity and critical infrastructure in the United States, ASEAN, and elsewhere. I work with multiple companies on security technologies, identity management, cryptography, and digital biotech applications. My expertise is also sought after for security trainings and assessments of critical infrastructure worldwide.As a co-founder and co-organizer of DEF CON Voting Village, I have played a pivotal role in shaping the global security research and hacker community. My work has been featured in two Emmy-nominated HBO documentary films, "Hacking Democracy" (2006) and "Kill Chain: The Cyber War on America's Elections" (2020), showcasing my successful proof-of-concept mock election hack and follow-up analysis on election security.

Hassan Khan is a highly experienced Security Researcher with a proven track record of internet-wide scanning, red teaming, and penetration testing. A sought-after speaker, Hassan recently presented at the BlackHatMEA 2022, 2023, MCTTP 2024, and ThreatCon 2023 conferences. He is an OSCP certified professional with a research background. Worked with a diverse range of companies and clients in different sectors for their cyber security hardening and penetration testing. OSCP Certified and successful bug bounty hunter on both HackerOne and Bugcrowd. Reported vulnerabilities extensively and was listed in the Google Security Hall of Fame (2017), Twitter Security Hall of Fame (2017), and Microsoft Security Hall of Fame (2017).

Hiroki MATSUKUMA (@hhc0null) is a middle manager at Cyber Defense Institute, Inc., where he leads the reverse engineering section. His main areas of interest include vulnerability research and exploit development.

I'm Hrishikesh Somchatwar, a Storyteller, Electronics Hacker, and Bestselling Author based in France.🔗 Connect With Me: Email: hrishikeshsom@gmail.com LinkedIn: linkedin.com/in/hrishikesh-somchatwar/📖 Publications: "Exploitation of Embedded Systems" – Presented at Car Hacking Village "Hacking with Physics" – Showcased at HackFest Canada 2021 "Car Hacking Village" – Authored publication🎙️ Speaker & Trainer:I've had the privilege of speaking and providing training at esteemed cybersecurity conferences, including: DeepSec Austria SCSA Georgia SecurityFest Sweden Defcamp Romania (2019, 2023) Bsides Ahmedabad Bsides Delhi c0c0n HackFest CanadaKey Topics: Automotive Cybersecurity Hardware Security IoT Security Car hacking techniques Tools for embedded system exploitation📚 Author:As the bestselling author of "Hacking the Physical World", my book topped Amazon charts in the USA and India.🎧 Podcast:Check out "The Storytelling Hacker", where I blend storytelling with electronics hacking. Available on: Spotify Apple Podcasts Google Podcasts💼 Professional Journey: Valeo: Worked on cutting-edge automotive cybersecurity solutions and advanced hardware technologies. Security Researcher: Contributed to NDA-protected projects at a confidential company in Maharashtra, India. Hardware Security Intern: Played a pivotal role in a cybersecurity startup, conducting security testing on: Cars IoT devices PLCs SCADA systems

Hugo Teso is a renowned aviation cybersecurity expert, researcher and professional speaker. Combining his background as a commercial pilot with deep technical expertise, he has pioneered research exposing vulnerabilities in aircraft systems and other aviation technologies. Hugo is recognized for his impactful presentations at major international conferences and for collaborating with industry regulators to improve aviation security standards. His work continues to influence best practices and drive innovation in the rapidly evolving field of aviation cybersecurity.

Jason Phang is a Principal Cybersecurity Analyst with extensive experience in threat hunting, incident response, and detection engineering. Before his current role, he served as CSIRT Lead at MoneyLion, leading incident response operations and cyber defense initiatives. He was previously a Threat Hunter at WithSecure, where he successfully uncovered and analyzed macOS malware families including AMOS, Frigid, and Cuckoo, and developed detection rules to protect enterprise customers. Earlier in his career, he worked as a SOC Analyst at Experian and Maybank, building a strong foundation in security operations and threat monitoring. His expertise lies in uncovering advanced threats and transforming forensic insights into actionable detections, with a particular focus on macOS malware hunting and defense.

Johann Rehberger has over twenty years of experience in threat modeling, risk management, penetration testing, and red teaming. During his tenure at Microsoft, Johann established a Red Team within Azure Data and led the program as Principal Security Engineering Manager. He went on to build a Red Team at Uber, and currently serves as Red Team Director at Electronic Arts. In addition to his industry roles, Johann is an active security researcher and a former instructor in ethical hacking at the University of Washington. Johann contributed to the MITRE ATT&CK and ATLAS frameworks and is the author of "Cybersecurity Attacks - Red Team Strategies". He holds a master's degree in computer security from the University of Liverpool. You can find his latest research at embracethered.com.

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 16+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.Jordan has also discovered critical vulnerabilities in Oracle, IBM and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, Infosec in the city, Code Blue and Ekoparty.

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Cyber Security EngineerAutomotive systems security engineer.

KaiJern (xwings). Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics.He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-engine.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com

Karsten Nohl is a cryptographer and security researcher known for exposing vulnerabilities in mobile communications, payment systems, and embedded security. He holds a Ph.D. in Computer Engineering from UVa and is the founder of Security Research Labs in Berlin. Karsten gained prominence for demonstrating major security flaws in GSM mobile networks, SIM cards, mobile banking systems, and the SS7 protocol underlying cellular networks. As a leading voice in information security, Karsten presented at major conferences including Black Hat and CCC. His work helps drive security evolution.

Karteek yadavilli is a Field CTO working for accionlabs - with some of their largest clients including several fortune 500 customers across healthcare and life sciences, telecommunications infrastructure, and early childhood education space. While he started his journey as an application developer within Microsoft ecosystem, he has been programming since he was eight years old. His passion includes bringing Solutions to challenging problems and a philosophical grounding enabled by his upbringing.

Pwning Automotive and IoT eco-systems

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

"Civilian's aerospace Cybersecurity" at Dread note in Tokyo, Oct.2025Aerospace Cybersecurity CTF Workshop at AVTokyo 2024, Nov 2024Hacking Aircrafts and Satellites 101 at AVtokyo 2023, Nov 2023

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Makoto Sugita is an independent security researcher with expertise in network defense, penetration testing, and active cyber deception. He has delivered talks and live demonstrations at major conferences including Black Hat USA and BSides Las Vegas. His recent work, the Azazel System, introduces a portable SOC/NOC concept designed for resilience in disaster environments, combining intrusion detection, deception technologies, and delaying action strategies.

Markus Vervier is a security researcher from Germany. Software security is his main focus of work. During the last 15 years he collected professional experience in offensive IT security working as a penetration tester and security consultant for highly regarded companies. His experience combined with his personal passion regarding security research made him start his own company in 2015. Besides his daily security work, he is very actively practicing security research and discovers high profile vulnerabilities regularly such as the recent libotr heap overwrite.

Mars Cheng leads TXOne Networks' PSIRT and Threat Research Team as their Threat Research Manager, where he coordinates product security initiatives and threat research efforts. He also holds the position of Executive Director for the Association of Hackers in Taiwan, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Additionally, Mars serves as a Cybersecurity Auditor for the Taiwan Government. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence, and hunting, as well as enterprise system security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography.Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, SecTor, Troopers, FIRST, HITB, ICS Cyber Security Conference Asia and USA, HITCON, NoHat, ROOTCON, SINCON, CYBERSEC, and many others. He plays an instrumental role as the General Coordinator for the HITCON CISO Summit 2024 and has successfully organized several past HITCON events including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020, demonstrating his commitment to advancing the field of cybersecurity.

Matthias Luft is a seasoned information security leader. After more than 15 years in security, he is still excited about a broad range of topics (from hypervisors via containers/clouds to security leadership) and has had the privilege to present on them around the globe. Currently he works on container and cloud security engineering. Outside of work, he enjoys the outdoors, martial arts, and spending time with dogs.

Two decades of cybersecurity experience including executive roles at Twitter, CoinList, Mozilla and OWASP. A co-founder and CEO of a venture backed cybersecurity startup (acquired) and an early stage investor finding and growing the next generation of amazing cybersecurity companies. Based in San Francisco.

My career has taken me through a diverse journey, spanning roles that include full-stack developer, business analyst, IT manager, and now thriving in cybersecurity. Throughout this journey, my deep passion for technology has remained a constant driving force. For me, security resembles solving a 10,000-piece puzzle that's been turned upside down. You understand the end goal, yet you're uncertain about where each piece belongs. Achieving this requires close collaboration with developers, business stakeholders, and others, necessitating me to consistently bridge different disciplines within technology. Whether it's simplifying intricate development concepts for security and business professionals or vice versa, every piece added brings us nearer to the solution. This challenge deeply motivates me. I approach my work with a clear focus on prioritizing people first, followed by refining processes, and then utilizing technology to enhance these efforts. This philosophy ensures that technological changes are seamlessly integrated and readily embraced by our teams and organizations.

Mikko Hypponen is a global technology expert and bestselling author. He has researched security since 1991 and currently serves as Chief Research Officer at Sensofusion, a Finnish counter-drone company. Mikko has published his research in The New York Times, Wired, and Scientific American. Mikko has spoken at TED and has lectured at Oxford, Harvard, and MIT.

Moonbeom ParkCPO(Chief Product Officer) @78ResearchLabFormer senior researcher of KrCERT/CC & KISAI'm working at 78ResearchLab(http://www.78researchlab.com) in South Korea, a company specializing in the development of cyber warfare tactics and offensive and attack technologies. They analyze the cyber warfare strategies of Advanced Persistent Threat(APT) groups and conduct research on of attack techniques such as 0-day vulnerabilities and develop various cyber weapons, exploites, Post-Exploitation techniques that can be utilized in cyber warfare operations.

Niek brings over 10 years of expertise to the device security field. With a background in System and Network Engineering and an intrinsic interest, he's able to digest the complexities of device security efficiently.He shared his research with the community at various security and academic conferences, as well as journals, such as Black Hat, Bluehat, Usenix WOOT, hardwear.io, FDTC and PoC||GTFO.He gave trainings at HITB, hardwear.io and Ringzer0.

Consulting company where are you at the universe for a few days and I think it was yours.

- **AWS Dev Day 2023**_E-2: Learning Security by Design from Anti-Patterns in Amazon S3, Amazon Cognito, and AWS Lambda_[Slide deck](https://www.docswell.com/s/a-zara-n/5248R9-devday)- **BSides Las Vegas 2024**_Are you content with our current attacks on Content-Type?_[Talk info](https://archive.bsideslv.org/2024/talks#PAPKRL) / [Slides](https://speakerdeck.com/flatt_security/are-you-content-with-our-current-attacks-on-content-type)- **BSides Tokyo 2024**_XSS using dirty Content-Type in the cloud era_[Talk info](https://bsides.tokyo/2024/#norihide-saito--azara) / [Slides](https://speakerdeck.com/flatt_security/xss-using-dirty-content-type-in-cloud-era)- **JSAC 2024 (JPCERT/CC)**_Introduction to Cloud Incident Investigation Through Architecture-Based Understanding_Hands-on workshop covering real-world unauthorized access cases in AWS and Azure.- **CODE BLUE 2024**_Beyond Misconfigurations: A Comprehensive Look at Threats in Object Storage like S3_[Program page](https://archive.codeblue.jp/2024/program/time-table/day1-opentalks-007/)

Over 12 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025 and VulnCon 2025.

Orange Tsai is the principal security researcher of DEVCORE and a core member of CHROOT security group in Taiwan. He is also the champion and title holder of 'Master of Pwn' in Pwn2Own Vancouver 2021 and Toronto 2022. Additionally, Orange has spoken at several top hacking conferences, such as Black Hat USA (6 times), DEF CON (5 times), HITCON (12 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!Currently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for "Best Server-Side Bug" in 2019 and 2021 but also secured 1st place in the "Top 10 Web Hacking Techniques" for 2017, 2018 and 2024. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Our team at CloudSEK has been revolutionizing threat intelligence by integrating AI-driven automations, significantly enhancing threat feeds and response times. My research has been acknowledged by top intelligence agencies for its impact on stealer malware understanding. We've empowered organizations worldwide through insightful presentations, fortifying their defenses against evolving cyber threats.

Pengfei is a Solution Architect at Picus Security, where he advise enterprise security teams in implementing automated adversary simulation operations and framework.Previously, he worked as a Cybersecurity Engineer in GovTech's GCSOC team, where he led the implementation of continuous purple teaming across the Whole-of-Government. Before this role, he served on GovTech's red team, mainly dabbling in VAPT and Adversary Simulation.Pengfei is certified with OSCP, eMAPT, Crest CRT, CCSK V4, etc. He has conducted research on emerging cybersecurity technologies and presented his findings at renowned conferences like Black Hat USA & Asia, DEFCON, SINCON, ROOTCON, etc.

Jian-Lin Peng, aka YingMuo (@YingMuo), is a security researcher at DEVCORE. His work primarily focuses on IoT, macOS kernel and hypervisor security. He has participated in Pwn2Own competitions 2 times, successfully compromising QNAP NAS. He was also a speaker at HITCON PEACE 2022 and DEVCORE CONFERENCE 2024.

Prakher Gupta is a senior leader in data science and market research with over 15 years of combined experience in analytics, trading, and exchange markets. Currently a Senior Manager in Market Development & Research at Intercontinental Exchange (ICE), he specializes in market microstructure, order flow analysis, and client/product recommendation models across global futures and options markets.Prior to ICE, Prakher spent over five years at CME Group, where he applied advanced machine learning and statistical methods to trading analytics, market forecasting, and client behaviour research. His earlier career includes a decade as a commodity futures trader and roles in IT consulting, giving him a unique perspective that bridges quantitative finance, data science, and commercial strategy.Prakher holds a Master’s in Data Science from the University of Illinois, Chicago, and is passionate about applying AI/ML to trading, risk management, and financial market development.

Prateek Thakare is a Senior Security Engineer with a strong focus on web and mobile application penetration testing, secure code reviews, and security automation. He has developed and contributed to open-source security tools like Mantis and has presented his work at security conferences, including Black Hat Arsenal and ThreatCon.

I'm a anti-virus engineer works at Fortinet. I'm currently researching attacks targeting East Asia.

Sr. Security Engineer @ Coupa Software . Passionate Learner for OffSec and Security Engineering. Working collaboratively with Security Operations , Security Engineering & Threat Management @ Coupa Software

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020); Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024). With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

If you don’t know now you know.

Rick is a part of the Pwn2Own team “PHP Hooligans”. He have competed in five editions of Pwn2Own, exploiting a wide range of targets including routers, printers, and automotive targets. Aside from Pwn2Own, Rick is an avid CTF player, having competed as part of 0rganizers and ICC’s team Europe. 

I am a cybersecurity professional with 1.5 years of work experience in DFIR and CTI. Recently, I have been researching into macOS threats and forensics since this topic is niche in Malaysia. I've also spent two years in the CTF scene, competing with the M53 and L3ak teams, where I had the opportunity to compete on a global stage and achieve multiple victories in CTF competitions and writeup contests. I now channel that same curiosity and rigor into professional development, pursuing certifications and exploring macOS research, RFID security, and blockchain security.

Security Researcher and Bug bounty hunter turned founder

I'm a security researcher with a passion for OS internals and all things low-level. Over the years I have specialised in Android & the Linux kernel, but have dabbled in a number of domains. When I'm not figuring out how things work and breaking them, I love to share my experiences and help others; whether it's via my blog, talks or mentoring.

Cybersecurity Enthusiast, CTF Player and Bug Hunter. Contributed to the organization of SECCON CTF, took the stage at AVTOKYO2020/2023/2024, Security Analyst Summit 2024, Hack Fes. 2024, m0leCon 2025, TyphoonCon Seoul 2025, HITCON 2025 and competed in the DEF CON CTF Finals. Renowned for uncovering and reporting vulnerabilities in web services and softwares including Google and Firefox.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

Season Cherian is a hacker-entrepreneur with deep technical and strategic security expertise across both private and public sectors. As Head of Hardware Security Research at Traboda Cyber Labs, he focuses on OT system security analysis, IoT security, and N-day research. He also speaks and trains at premier conferences including Black Hat, SINCON, SecTor, BSides, and InCTF.

I'm Seokchan Yoon, and I am an offensive web security researcher and auditor. I currently work at Zellic, where I focus on auditing Web2 infrastructure that underpins Web3 systems. In addition, I serve as a Security Team member of Apache Airflow, contributing to securing one of the most widely used workflow platforms.Over the years, I have disclosed vulnerabilities and CVEs across major open-source ecosystems such as Django, Apache Airflow, Python, Ruby on Rails, and Spring. I have also participated in the global security community through CTF competitions, most recently as a finalist at DEF CON 33 CTF.Beyond vulnerability research, I actively share my findings with the community. I have spoken at PyCon Korea 2024 and CODEGATE 2023, where I presented practical insights on exploiting and defending against framework-specific security weaknesses. More about my work can be found on my portfolio: https://ch4n3.kr

## Profile- Seokchan Yoon (@ch4n3.yoon, @scyoon)- Security Researcher / CTF Player of BlueWater (WaterPaddler) / [Bug Bounty Hunter](https://hackerone.com/scyoon)- ch4n3.yoon@gmail.com## Work Experiences- **Security Team Member @ Airflow of Apache Software Foundation** (2025.07. - now)- **Security Researcher @ Zellic.io** (2025.04. - now)- `[REDACTED]` Researcher @ `[REDACTED]` Research Institute under Ministry of National Defense, Korea (2023.09. - 2025.03.)- Web Security Researcher @ STEALIEN (2020.07. - 2023.06.)## Achievements/Awards### 2025- **2025 DEF CON 33 CTF**   Finalist (team: Cold Fusion)- **2025 Cyber Conflict Exercise (CCE) General Division**   (사이버공격방어대회) Finalist, hosted by the National Intelligence Service, Korea### 2024- **2024 White Hat Contest Soldier Division**   (화이트햇 콘테스트) **1st Place**, hosted by the Ministry of National Defense, Korea   Awarded the Minister of National Defense Award (___국방부 장관상___)### 2023- **2023 CODEGATE University Division**   Finalist, hosted by the Ministry of Science and ICT, Korea### 2022- **2022 CODEGATE University Division**   Finalist, hosted by the Ministry of Science and ICT, Korea- **2022 Cyber Conflict Exercise (CCE) Public Institution Sector Division**   (사이버공격방어대회) **2nd Place**, hosted by the National Intelligence Service, Korea   Awarded the Director of National Security Research Institute Award (___국가보안연구소장상___)- **2022 HACKTHEON SEJONG National University Cybersecurity Competition**   6th Place, hosted by Sejong Special Self-Governing City, Korea   Awarded the Director of National Security Research Institute Award (___국가보안연구소장상___)### 2021- **2021 Cyber Conflict Exercise (CCE) Public Institution Sector Division**   (사이버공격방어대회) **2nd Place**, hosted by the National Intelligence Service, Korea Awarded the Director of National Security Research Institute Award (___국가보안연구소장상___)### 2019- **2019 Cyber Operations Challenge Student Division**   (사이버작전경연대회) **2nd Place**, hosted by the Ministry of National Defense, Korea   Awarded the Cyber Operations Commander Award (___사이버작전사령관상___)### 2018- **2018 Cybersecurity Competition Individual Preliminary Round**   (정보보안경진대회) **1st Place**, hosted by the Ministry of Education, Korea   Awarded the President of Seoul Women's University Award (___서울여자대학교 총장상___)- **2018 Cybersecurity Competition Team Finals**   (정보보안경진대회) **1st Place**, hosted by the Ministry of Education, Korea   Awarded the Minister of Education Award (___교육부 장관상___)### 2017- **2017 Cybersecurity Competition Team Finals**   (정보보안경진대회) **1st Place**, hosted by the Korea Education and Research Information Service   Awarded the Director of Korea Education and Research Information Service Award (___한국교육학술정보원장상___)## Disclosed Vulnerabilities### NAVER- NBB-1126, Stored XSS- NBB-1143, SQL Injection- NBB-1260, Stored XSS- NBB-2315, Reflected XSS- NBB-2316, Reflected XSS- NBB-2314, Reflected XSS### Python- CVE-2024-7592: Quadratic complexity parsing cookies with backslashes### Django- CVE-2023-36053: Potential regular expression denial of service vulnerability in `EmailValidator`/`URLValidator`- CVE-2024-24680: Potential denial-of-service in intcomma template filter- CVE-2024-27351: Potential regular expression denial-of-service in `django.utils.text.Truncator.words()`- CVE-2024-21520: Cross-Site Scripting (XSS) in browserable API of [django-rest-framework](https://github.com/encode/django-rest-framework)- CVE-2024-41991: Potential denial-of-service vulnerability in `django.utils.html.urlize()` and `AdminURLFieldWidget`- CVE-2024-53908: Potential SQL injection in `HasKey(lhs, rhs)` on Oracle- CVE-2025-48432: Potential log injection via unescaped request path### Apache Airflow- CVE-2024-39877: Apache Airflow: DAG Author Code Execution possibility in `airflow-scheduler`- CVE-2024-39863: Apache Airflow: Potential XSS Vulnerability- CVE-2024-45034: Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes### Ruby - CVE-2024-41123: DoS vulnerabilities in REXML### Ruby on Rails- CVE-2024-47887: Possible ReDoS vulnerability in HTTP Token authentication in Action Controller- CVE-2024-41128: Possible ReDoS vulnerability in query parameter filtering in Action Dispatch### Java Spring- CVE-2024-38809: Spring Framework DoS via conditional HTTP request## Media / Presentations### 2020- KBS <청년일자리프로젝트 사장님이 美쳤어요> 사내 최연소 연구원으로 출연  - [https://vod.kbs.co.kr/index.html?source=episode&sname=vod&stype=vod&program_code=T2016-0639&program_id=PS-2020170106-01-000&section_code=05&broadcast_complete_yn=&local_station_code=00](https://vod.kbs.co.kr/index.html?source=episode&sname=vod&stype=vod&program_code=T2016-0639&program_id=PS-2020170106-01-000&section_code=05&broadcast_complete_yn=&local_station_code=00)### 2021- 사람인 기업스토리 <스틸리언> 편 출연  - [https://www.saramin.co.kr/zf_user/guide/movie/fun-view?page=7&keyword=&category=&sort=&seq=433&count=10](https://www.saramin.co.kr/zf_user/guide/movie/fun-view?page=7&keyword=&category=&sort=&seq=433&count=10)- 유튜브 ‘인싸담당자’ 채널 <스틸리언> 편 출연  - [https://www.youtube.com/watch?v=ueslFj2Dbgc](https://www.youtube.com/watch?v=ueslFj2Dbgc)### 2022- <모던 웹 서비스에서의 버그케이스와 시큐어코딩> (@STEALIEN Security Semiar; 3S)  - For English Reader, <Bug Cases and Secure Coding Techniques, in Modern Web Services>  - Related Press Releases (Kor): [https://www.boannews.com/media/view.asp?idx=107983&kind=](https://www.boannews.com/media/view.asp?idx=107983&kind=)  - Replay: [https://www.youtube.com/watch?v=6YgSTZ9i7Vk](https://www.youtube.com/watch?v=6YgSTZ9i7Vk)### 2023- <Django 1-day Vulnerability Analysis> (@HackingCamp 26th 🇰🇷)  - I analyzed and shared disclosed vulnerabilities with high severity to Django Project, 2022  - Reference: [http://hackingcamp.org/](http://hackingcamp.org/)- <Django Framework N-day Vulnerability Analysis & Secure Coding Guide> (@CODEGATE 2023 🇰🇷)  - I issued some insecure usages in django with analyzing 1-day vulnerabilities and gave secure coding guide   - Reference: [https://codegate.org/sub/conference](https://codegate.org/sub/conference)### 2024- <해커의 관점에서 바라본 Django Framework> (@PyCon KR 10th)  - https://2024.pycon.kr/

Sergey has over 20 years of experience in software and hardware development and reverse engineering. He began learning programming and the basics of reverse engineering at the age of 12, and started his career at Kaspersky Lab as a malware analyst at the age of 18. Over his long tenure at the company, he has made significant contributions to a wide variety of projects. Being an university lecturer, he shares his knowledge with the next generation of security engineers and researchers.

Profile sanitized due to security concerns

Beist has been a member of the IT security field since 2000. His first company was Cyber Research based in Seoul, South Korea and first focused on pen-testing. He then got a Computer Engineering B.A. degree from Sejong University. He has won more than 10 CTF hacking contests in his country as well as passed DefCon quals 5 times. He has run numerous security conferences and hacking contests such as SECUINSIDE and CODEGATE in Korea. Also, he has given talks at BLACKHAT Las Vegas, SYSCAN, CANSECWEST, AVTOKYO, HITCON, SECUINSIDE, EDSC, and TROOPERS. Hunting bugs and exploiting them are his main interests. He was one of GRAYHASH company founders now acquired by LINE which is a leading messenger company in Asia. He is ex-CISO of LINE Plus.

ISACA Cybersecurity ConferenceDelivered an insightful session on Zero Trust Security, breaking down its practical implementation and its role in modern cyber defense architecture. His talk was well-received by industry professionals and highlighted the evolving nature of perimeter-less security models.CIO News Cybersecurity ForumPresented on the integration of offensive and defensive security practices, emphasizing collaboration over siloed efforts. His impactful delivery earned him an on-the-spot award for excellence in thought leadership and practical insight.Crypto Expo DubaiTook the stage at one of the largest blockchain and cryptocurrency platforms in Dubai, where he delivered a high-impact talk on “Hacking Crypto Wallets”. The session provided deep dives into real-world attack vectors and preventive mechanisms, drawing significant attention from global fintech and blockchain professionals.

Cybersecurity Consultant with over three years of hands-on industry experience, I specialize in offensive security—driven by a passion for uncovering and exploiting weaknesses before adversaries can. My work spans Red Team operations, Network Security, and Web/API Vulnerability Assessment & Penetration Testing (VAPT), with successful engagements across BFSI, IT Products & Services, and Healthcare sectors.With a strong research focus on Adversarial Tactics, Techniques, and Procedures (TTPs), I continuously explore emerging threat vectors and offensive methodologies to deliver actionable security insights that directly reduce business risk. My approach blends technical precision with creative attack strategies, ensuring organizations stay ahead of evolving cyber threats

Hi, this is Soumyanil (aka reveng007). Currently into Purple Teaming. Former Black Hat Asia, USA, SecTor & Europe 2024, Wild West Hacking Fest 2024 Arsenal Presenter and Former Speaker BSides Singapore 2023. He has CRTP. He spends most of his time building scripts/open source malware dev evasion-based projects, digging deep into Windows system internals, and building automation scripts on On-prem and Cloud-based (like, AWS) Attack Vectors.

Eager Blue teamer

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

Thanh Nguyen (@redragonvn) serves as the Founder of Verichains, leading a world-class security and cryptography research team to deliver cutting-edge solutions for a safer, more secure Web3 ecosystem.Verichains is renowned for its expertise in investigating and mitigating major Web3 hacks, having identified critical flaws within the core of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP) implementations by major vendors, impacting billions of dollars across the industry.

For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking. For the world is an exciting place, for creating stuff from nothing is challenging, for hacking everything is the way to live, stay hungry, stay curious, and keep hacking.

He is an Independent Researcher , Security Engineer and a member at UCCU Hacker  He works in Web, Mobile, ICS, and Privacy domain for fun.He shared his off-time research at Troopers, HITB, CODE BLUE, Ekoparty, ROOTCON, REDxBLUE Pill, HITCON, CYBERSEC, and DEFCON Village. 

Vincent is an offensive cyber security expert with over a decade of experience providing Red Team services. His experience includes full black box infiltration through to objective executive across variety of sectors including, but not limited to finance, banks, aviation, energy, construction, railway, maritime, casinos, crypto and telecoms.

A competent and committed professional currently working as a Cloud-Native Security Consultant on behalf of Control Plane. Fully energetic and ambitious person who has developed a mature and responsible approach to any undertaken task or situation he has been presented with.A competent and committed professional currently working as a Cloud-Native Security Consultant on behalf of Control Plane. Fully energetic and ambitious person who has developed a mature and responsible approach to any undertaken task or situation he has been presented with.

Producer at KazHackStan Conference and Managing Partner at TSARKA GROUP

Talks / CoursesNational Cheng Kung University (NCKU), 2025 — Network Security (Network Security Practice)SCINT 2025 — Introduction to NetworkingAIS3 Club — CTF Team Writeup & Challenge Management SharingYuan Ze University, 2024 — Cybersecurity from Scratch: ForensicsNCKU Cybersecurity Club — Introduction to Networking & HTTPNCKU Cybersecurity Club — Forensics WorkshopDajia Industrial Senior High School — Skills Competition Training: Information & Network TechnologyNCKU Information Camp 2023 — Networking & Server DeploymentNCKU, 2022 — SA/NA Course (System Administration / Network Administration)CVEsCVE-2025-55752CVE-2024-12641CVE-2024-12642CVE-2024-12645

Zeze serves as a research engineer at TeamT5. He has participated in the DEFCON CTF Final in both 2023 and 2024. As a speaker, Zeze has shared the research at various conferences including CODEBLUE, HITCON, VXCON, CYBERSEC, and ROOTCON. His primary research focuses on Windows system security, and he has reported numerous vulnerabilities related to Windows systems.

Zeze serves as a research engineer at TeamT5. He has participated in the DEFCON CTF Final in both 2023 and 2024. As a speaker, Zeze has shared the research at various conferences including CODEBLUE, HITCON, VXCON, CYBERSEC, and ROOTCON. His primary research focuses on Windows system security, and he has reported numerous vulnerabilities related to Windows systems.

BlackUSA 2025Pay Attention to the Clue: Clue-Driven Reverse Engineering by LLM in Real-World Malware AnalysisAll Talk, AI Action: Binary Analysis Toolkit MCP ServerUSENIX 2024 Poster SessionFuBuKi: Fuzzing Testing on Bluetooth with Profile Emulation KitSECCON 2025YaDa: Reverse Engineering with Yara BytecodeCYPERSEC 2025Blue Archive: Unveiling Bluetooth Vulnerabilities in EV SystemsAVTokyo 2023IDAFit – a ringcon based IDA pro controller to Catch The Fitness

NICTER解析チームにてダークネット解析業務に従事感染ホストの調査/特定・IoT機器のファームウェア解析を行う

"3rd-year student at Waseda University, School of Fundamental Science and Engineering, Department of Communications and Computer Engineering, specializing in cybersecurity.