Find Expert Speakers

Hushcon West 2019Presented a technical talk on cellular infrastructure security, focusing on real-world weaknesses in mobile and carrier-adjacent systems. The session drew from hands-on research into cellular protocols, deployment realities, and how attackers exploit assumptions in telecom environments that are often treated as “trusted” or out of scope by enterprise security teams.Hushcon East 2023Delivered a talk centered on hacker culture, attacker mindset, and how security thinking evolves outside formal frameworks. The session explored how curiosity-driven exploration, informal knowledge sharing, and cultural norms shape real attacker behavior more accurately than checklists, tooling, or compliance-driven models.PRaSEC 2023Presented a red-team-focused session on Domain Admin attack paths, blending practical exploitation techniques with philosophical perspectives on adversary reasoning. The talk emphasized how attackers model trust, authority, and system design to move from initial access to full domain control.

A motivated individual always up for breaking stuff ! Currently working as a Red Team Security Consultant with a focus on penetration testing and security assessments for Web, Mobile, API, OT, and Network environments. I have experience leading 150+ security assessments, working with vendors from various industries such as government agencies, private organizations, healthcare, crypto, finance, retail, education, and many more to identify vulnerabilities and improve their overall security and help organizations strengthen their defenses against potential threats.In addition to my professional work, I’m an active bug bounty hunter on platforms like Bugcrowd and Synack. I’ve earned recognition in 70+ Hall of Fame lists, including those of Microsoft, Apple, Google, Zoom, Okta, Canva, Indeed, Atlassian, Dell, and many more. Helping organizations strengthen their security by identifying vulnerabilities and contributing to their overall cybersecurity efforts.Constantly learning, always hacking, I thrive on offensive security challenges and take pride in discovering the unknown before attackers do.

Chiao-Lin Yu (Steven Meow) currently serves as a Red Team Cyber Threat Researcher at Trend Micro. He holds numerous professional certifications including OSCE³ , OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as DEFCON Main Stage, IoT Village, Car Hacking Village, Security BSides Tokyo, HITCON Bounty House, and CYBERSEC. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans red team exercises, web security and IoT security.

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRG | MCPD Enterprise ArchitectChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder ofAuroraSec and RRG, and has helped develop many of today’s most widely used RFIDresearch tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-knownRFID hacking and Proxmark3 evangelist, serving the community as both a forumadministrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black HatAsia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon. He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 14 years of experience in bespoke software development, Christian specializes in.NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFIDtechnologies, and has served as an instructor for Red Team Alliance (RTA), including trainingsessions at Black Hat.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

My journey in cybersecurity didn't start at the finish line. I built my foundation from the ground up, working extensively as a Security Analyst and Penetration Tester. Those early years spent analyzing defenses gave me the perspective I needed to evolve into my current role as a Head RND practitioner and Red Teamer.Sharing knowledge has always been a core part of my professional growth. Since 2012, I have been actively presenting materials on network security, Man-in-the-Middle attacks, and wireless security within university environments. This passion for research eventually led me to my current specific focus: biometric security.To truly test the limits of these systems, I realized I needed to build my own arsenal. This led me to develop several custom security tools specifically for biometric device pentesting, including zksentinel, Bac0d, GAMPAR, Tab0k, B0c0r, and BA RAT.I’ve been fortunate enough to share the insights from this development journey on larger stages like IDSecConf, where I first presented "Semi-automating Vulnerability Scanner and Exploitation in Biometric Systems." Most recently, I took that research further with a talk titled "Beyond the Match: From Biometric Bypass to Full Control - The Post-Exploitation Secrets Red Teams Use."At the end of the day, my goal isn't just to break systems, but to understand them deeply. My sincere hope is that the tools and knowledge I share can serve as useful resources for others and contribute positively to our community."

I'm Hrishikesh Somchatwar, a Storyteller, Electronics Hacker, and Bestselling Author based in France.🔗 Connect With Me: Email: hrishikeshsom@gmail.com LinkedIn: linkedin.com/in/hrishikesh-somchatwar/📖 Publications: "Exploitation of Embedded Systems" – Presented at Car Hacking Village "Hacking with Physics" – Showcased at HackFest Canada 2021 "Car Hacking Village" – Authored publication🎙️ Speaker & Trainer:I've had the privilege of speaking and providing training at esteemed cybersecurity conferences, including: DeepSec Austria SCSA Georgia SecurityFest Sweden Defcamp Romania (2019, 2023) Bsides Ahmedabad Bsides Delhi c0c0n HackFest CanadaKey Topics: Automotive Cybersecurity Hardware Security IoT Security Car hacking techniques Tools for embedded system exploitation📚 Author:As the bestselling author of "Hacking the Physical World", my book topped Amazon charts in the USA and India.🎧 Podcast:Check out "The Storytelling Hacker", where I blend storytelling with electronics hacking. Available on: Spotify Apple Podcasts Google Podcasts💼 Professional Journey: Valeo: Worked on cutting-edge automotive cybersecurity solutions and advanced hardware technologies. Security Researcher: Contributed to NDA-protected projects at a confidential company in Maharashtra, India. Hardware Security Intern: Played a pivotal role in a cybersecurity startup, conducting security testing on: Cars IoT devices PLCs SCADA systems

KaiJern (xwings). Founder of open source reverse engineering project, Qiling Framework (https://qiling.io). His research topic is mainly on developing cutting edge cross platform reverse engineering framework, embedded devices security, blockchain security, and various security topics.He presented his findings in different international security conferences like Blackhat, Defcon, HITB, Codegate, QCon, KCon, Brucon, H2HC, Nullcon, etc. He conducted hardware hacking courses in various conferences around the globe. He is also actively involved in Unicorn Engine (https://unicorn-engine.org), Capstone Engine (https://capstone-engine.org), Keystone Engine (https://keystone-engine.org) and hackersbage.com

Pwning Automotive and IoT eco-systems

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Markus Vervier is a security researcher from Germany. Software security is his main focus of work. During the last 15 years he collected professional experience in offensive IT security working as a penetration tester and security consultant for highly regarded companies. His experience combined with his personal passion regarding security research made him start his own company in 2015. Besides his daily security work, he is very actively practicing security research and discovers high profile vulnerabilities regularly such as the recent libotr heap overwrite.

Niek brings over 10 years of expertise to the device security field. With a background in System and Network Engineering and an intrinsic interest, he's able to digest the complexities of device security efficiently.He shared his research with the community at various security and academic conferences, as well as journals, such as Black Hat, Bluehat, Usenix WOOT, hardwear.io, FDTC and PoC||GTFO.He gave trainings at HITB, hardwear.io and Ringzer0.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Jian-Lin Peng, aka YingMuo (@YingMuo), is a security researcher at DEVCORE. His work primarily focuses on IoT, macOS kernel and hypervisor security. He has participated in Pwn2Own competitions 2 times, successfully compromising QNAP NAS. He was also a speaker at HITCON PEACE 2022 and DEVCORE CONFERENCE 2024.

His research focuses on IoT/IoV Security and System Security.

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020);  (HITB)Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024), Hack Lu and BlackHat MEA (2025) With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

Sergey has over 20 years of experience in software and hardware development and reverse engineering. He began learning programming and the basics of reverse engineering at the age of 12, and started his career at Kaspersky Lab as a malware analyst at the age of 18. Over his long tenure at the company, he has made significant contributions to a wide variety of projects. Being an university lecturer, he shares his knowledge with the next generation of security engineers and researchers.

NICT NICTER解析チームにてダークネット解析業務に従事感染ホストの調査/特定・IoT機器のファームウェア解析など

"3rd-year student at Waseda University, School of Fundamental Science and Engineering, Department of Communications and Computer Engineering, specializing in cybersecurity.