Find Expert Speakers

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

I often deliver technical security content to professional and executive level audiences. For example, as a SOC Analyst at IDDA, I directly presented our SOAR (Security Orchestration, Automation and Response) platform to Ministry of Security representatives. I gave a technical walkthrough of the platform architecture, incident automation workflows, threat correlation mechanisms, and presented real world use cases. Subsequent to the presentation, the product received considerable interest from multiple stakeholders and potential investors.I've also attended vendor meetings with Palo Alto and Forcepoint DLP, presenting technical assessments and making workflow recommendations to help optimize the deployment of security products and their integration into the corporate environment.Besides this type of enterprise-level presentation, I've also been the guy on the team to go to an international hackathon. I presented AI security and automation concepts at an innovation event in Georgia. I gave a presentation to a technical evaluation panel, detailing the design of the system, the model for threat detection, and the architecture of the data pipeline.I also took part in the Google AI Hackathon in Kazakhstan, where I presented a detailed technical pitch including model architecture, implementation strategy, and deployment aspects to judges and business representatives.These occasions implied explaining intricate technical details in a digestible form, addressing immediate technical inquiries, justifying architecture choices, and discussing security compromises. I feel at ease presenting deeply technical information to both engineering communities and business leaders.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Anubhab Sahu is a Senior Research Engineer at Keysight Technologies, working with the Application and Threat Intelligence (ATI) team. With an M.Tech in Cyber Security, he specializes in vulnerability research, AI/LLM security, reverse engineering, security analysis, and automation. He actively writes technical blogs on security topics including AI security and traffic analysis, and holds an approved US patent in the field. His work bridges the gap between offensive security research and real-world threat simulation, contributing to advanced cybersecurity network testing solutions. He has prior experience delivering technical talks at leading security conferences, including ROOTCON '19 - one of Southeast Asia's largest cybersecurity conferences. When he's not tinkering with tech, he enjoys sharing his expertise through technical writing, conference talks, and community meetups.

Bocheng Xiang (@crispr_x) is an offensive security researcher and PhD candidate at Fudan University. His work focuses on uncovering high-impact Windows vulnerabilities and exploitation primitives rooted in file system semantics and OS design flaws. He is an MSRC MVR (2024/2025) and ranked Top 20 on the MSRC 2024 Q3 Windows Leaderboard.He has published at USENIX Security and NDSS, with accepted talks at PoC 2025 and Black Hat USA/Europe.

Red Team operator at Siemens. Holds various hacking certifications such as: OSCP, OSWP, CRTP, eMAPT, etc. Interested in many fields within hacking: red teaming, cloud, web security, AI, low level stuff (reversing, pwn, etc). Speaker in various conferences: hack0n, RootedCON Málaga, Honeycon, Worldparty, DragonJARCon, etc.

DongHyeon Oh is a security researcher and Co-Founder of PatchPoint, based in South Korea. With an M.S. from KAIST's SoftSec Lab (NDSS 2019, CodeAlchemist), he has spent years breaking browsers, embedded devices, and Windows — collecting CVEs from Apple and Microsoft along the way. Ranked Microsoft Top 10 Security Researcher and previously spoke at CODE BLUE 2023. He now lives in IDA Pro and LLM prompts, hunting Windows vulnerabilities at the boundary of human intuition and AI.

Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell is a 2025 recipient of the DARPA YFA for $500,000. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

Farhad Sajid Barbhuiya is a passionate security professional with over 5 years of hands-on experience in offensive security, delivering more than 2000 hours of training across educational institutions, corporations, and government organizations. His trainings cover Web & Mobile Application Security, Reverse Engineering, Exploit Development, Code Review, and more, empowering diverse audiences with practical, real-world skills.Currently a Staff Information Security Engineer on the Offensive Security team at Zscaler, Farhad works on offensive security assessments spanning across Mobile Application Security (Android & iOS), Reverse Engineering, Web Application Security, Agentic AI and LLMs and Hardware Security. His work focuses on uncovering vulnerabilities in high-stakes environments, from custom exploit chains to evasion techniques in containerized and cloud systems.A sought-after speaker, Farhad has presented at premier cybersecurity conferences including NullCon Goa (Advanced Web Apps Pentesting training), Bsides Delhi (Reverse Engineering for Exploit Development), Null Delhi (Reverse Engineering for Developers), Bsides Mumbai (DYLD Library Injection on macOS), Defcon Delhi (IoT Village), Bsides Vizag (TACTOU Attacks in AI Agents), and Bsides Mussorie (Magazine Exhaustion on iOS Heap Allocators). His sessions blend deep technical dives with live demos, making complex topics accessible and actionable.Farhad thrives at the intersection of vulnerability research, exploit development, and secure architecture, contributing to the infosec community through research, tools, and knowledge-sharing.

Hiroki MATSUKUMA (@hhc0null) is a middle manager at Cyber Defense Institute, Inc., where he leads the reverse engineering section. His main areas of interest include vulnerability research and exploit development.

20 YearsBrazilianClient Applications Squad Leader, Researcher and Malware Developer at @Hakai Offensive SecurityProgrammerGamerCat loverCompulsive pizza eaterPassionate about sysInternals, reverse engineering, low level and Client-Side applications

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 16+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.Jordan has also discovered critical vulnerabilities in Oracle, IBM and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, Infosec in the city, Code Blue and Ekoparty.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

I have presented at:Black Hat USA: Main Track and ArsenalDEF CON: Demo Labs and Blue Team VillageEkopartyTyphoonConBSides: Austin and Córdoba

Niek brings over 10 years of expertise to the device security field. With a background in System and Network Engineering and an intrinsic interest, he's able to digest the complexities of device security efficiently.He shared his research with the community at various security and academic conferences, as well as journals, such as Black Hat, Bluehat, Usenix WOOT, hardwear.io, FDTC and PoC||GTFO.He gave trainings at HITB, hardwear.io and Ringzer0.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Rahul is a security researcher with 7+ years in offensive security and red teaming. He specializes in malware development, AV/EDR evasion, and bypassing security controls in heavily defended environments. As a full-time red teamer, he's built tools and developed techniques that work against real-world security stacks.He currently works as Manager of Offensive Security and Threat Assessment with leading financial organizations across the Middle East, collaborating with red, blue, and purple teams to find and fix security gaps in enterprise infrastructure. He's spoken at international conferences including BlackHat, CONFidence, and HAcktivity.His expertise spans enterprise security and cloud infrastructure, with particular focus on identifying and exploiting design flaws in hardened environments.

R.D. Tarun (RDT) is a cybersecurity researcher specializing in malware analysis, reverse engineering, and adversary tradecraft. His work focuses on dissecting real-world attack campaigns, with particular emphasis on multi-stage infection chains, fileless execution, and evolving infostealer ecosystems.He conducts in-depth research on active malware campaigns, tracking their progression from commodity tooling to custom-developed payloads. His analysis has uncovered previously undocumented behavior, including custom infostealers, infrastructure patterns, and techniques used to evade modern defenses. His research has been widely circulated within the security community and covered by multiple security news outlets and industry publications.His work combines static and dynamic analysis with memory-level investigation to trace full execution chains from initial access to data exfiltration. He focuses on understanding attacker tradecraft end-to-end and translating offensive techniques into practical detection strategies for SOC and DFIR teams.He actively publishes technical deep-dives on malware, including infostealers, fileless loaders, and multi-stage attack chains, and has presented his research at reputed security community meetups and forums.

Rick de Jager is a part of the Pwn2Own team “PHP Hooligans”. He has competed in six editions of Pwn2Own, exploiting a wide range of targets including routers, printers, and automotive targets. Aside from Pwn2Own, Rick is an avid CTF player, having competed as part of 0rganizers and ICC’s team Europe. 

I'm a security researcher with a passion for OS internals and all things low-level. Over the years I have specialised in Android & the Linux kernel, but have dabbled in a number of domains. When I'm not figuring out how things work and breaking them, I love to share my experiences and help others; whether it's via my blog, talks or mentoring.

Shuquan Zhou is a security researcher of 360 Vulnerability Research Institute, focusing on Android kernel exploitation and vulnerability hunting.