Find Expert Speakers

- Unveiling Digital identities: Device and Browser fingerprinting have been accepted at Blackhat MEA , Nullcon Goa, Bsides Bloomington, Connecticut, Sydney, Hackred Con 2024, Defcon Delhi 0x07 etc.- Ghost in the Machine: Exploiting Hardware & Network Fingerprints for Tracking Presented at Myhack Malaysia.- Reinventing Access Control: Fingerprinting for Credential Protection Presented at VulnCon 2025 and BSides Mumbai 2025.- Speaker at Defcon Delhi 0x06: Presented my research paper on analyzing the Mirai Botnet and its derivatives.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

I am a versatile Application Security Engineer dedicated to enhancing the security posture of both web and mobile applications. My primary focus is on implementing robust security measures through thorough assessments, comprehensive source code reviews, and the integration of security practices within the DevSecOps framework. I specialise in embedding security into Continuous Integration and Continuous Deployment (CI/CD) pipelines through various methods, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Mobile Application Security Testing (MAST). By driving effective threat modelling sessions, I identify and mitigate potential vulnerabilities early in the development lifecycle, ensuring that security is a fundamental component rather than an afterthought.Additionally, I work on building secure-by-default pipelines and guardrails tailored to the unique requirements of each project, fostering a culture of security awareness among development teams. My goal is to empower organisations to deliver secure applications without compromising on agility or performance.

I'm Hrishikesh Somchatwar, a Storyteller, Electronics Hacker, and Bestselling Author based in France.🔗 Connect With Me: Email: hrishikeshsom@gmail.com LinkedIn: linkedin.com/in/hrishikesh-somchatwar/📖 Publications: "Exploitation of Embedded Systems" – Presented at Car Hacking Village "Hacking with Physics" – Showcased at HackFest Canada 2021 "Car Hacking Village" – Authored publication🎙️ Speaker & Trainer:I've had the privilege of speaking and providing training at esteemed cybersecurity conferences, including: DeepSec Austria SCSA Georgia SecurityFest Sweden Defcamp Romania (2019, 2023) Bsides Ahmedabad Bsides Delhi c0c0n HackFest CanadaKey Topics: Automotive Cybersecurity Hardware Security IoT Security Car hacking techniques Tools for embedded system exploitation📚 Author:As the bestselling author of "Hacking the Physical World", my book topped Amazon charts in the USA and India.🎧 Podcast:Check out "The Storytelling Hacker", where I blend storytelling with electronics hacking. Available on: Spotify Apple Podcasts Google Podcasts💼 Professional Journey: Valeo: Worked on cutting-edge automotive cybersecurity solutions and advanced hardware technologies. Security Researcher: Contributed to NDA-protected projects at a confidential company in Maharashtra, India. Hardware Security Intern: Played a pivotal role in a cybersecurity startup, conducting security testing on: Cars IoT devices PLCs SCADA systems

20 YearsBrazilianClient Applications Squad Leader, Researcher and Malware Developer at @Hakai Offensive SecurityProgrammerGamerCat loverCompulsive pizza eaterPassionate about sysInternals, reverse engineering, low level and Client-Side applications

Jyoti Raval serves as Director of Cyber Security Engineering at Baker Hughes, where Jyoti is responsible for ensuring end-to-end product security and actively contributes across multiple phases of the security lifecycle. Jyoti is the author of Phishing Simulation and MPT tools, and has delivered presentations at leading security conferences, including InfosecGirls, Nullcon, DEF CON 27, Black Hat Asia, HITB Singapore, OWASP New Zealand, Shecurity, DEF CON 32, and Black Hat London. Additionally, Jyoti leads the OWASP Pune Chapter.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Pallavi is a Cloud Security Manager, overseeing cloud security operations and IAM, with 15 years of experience in cybersecurity. Passionate about application security, she excels in navigating complex security challenges, consistently working to strengthen defenses against emerging threats. With deep expertise in penetration testing, Pallavi focuses on identifying vulnerabilities and strengthening defenses in complex and challenging environments. She has spoken at multiple industry-leading conferences like HackerHalted, Vulncon, Identity Shield and BlueHat and continues sharing her knowledge and expertise in cybersecurity.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Pengfei is a Solution Architect at Picus Security, where he advise enterprise security teams in implementing automated adversary simulation operations and framework.Previously, he worked as a Cybersecurity Engineer in GovTech's GCSOC team, where he led the implementation of continuous purple teaming across the Whole-of-Government. Before this role, he served on GovTech's red team, mainly dabbling in VAPT and Adversary Simulation.Pengfei is certified with OSCP, eMAPT, Crest CRT, CCSK V4, etc. He has conducted research on emerging cybersecurity technologies and presented his findings at renowned conferences like Black Hat USA & Asia, DEFCON, SINCON, ROOTCON, etc.

I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020);  (HITB)Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024), Hack Lu and BlackHat MEA (2025) With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.

I'm a security researcher with a passion for OS internals and all things low-level. Over the years I have specialised in Android & the Linux kernel, but have dabbled in a number of domains. When I'm not figuring out how things work and breaking them, I love to share my experiences and help others; whether it's via my blog, talks or mentoring.

I am a cybersecurity professional with over 10 years of experience across industries like telecom, healthcare, product development, and banking. I graduated with a Postgraduate Diploma in Information Security from CDAC. My expertise includes application and network security assessments, focusing on mobile app security for Android and iOS. I've disclosed critical vulnerabilities in platforms like Salesforce and Oracle, including CVE-2023-22042.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

Sergey has over 20 years of experience in software and hardware development and reverse engineering. He began learning programming and the basics of reverse engineering at the age of 12, and started his career at Kaspersky Lab as a malware analyst at the age of 18. Over his long tenure at the company, he has made significant contributions to a wide variety of projects. Being an university lecturer, he shares his knowledge with the next generation of security engineers and researchers.

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

A Telco Security Researcher and Embedded System Developer with over 10 years of experience in telecommunication protocol analysis, embedded system design, and cybersecurity research. Founder and principal researcher at NOZ Berkarya Indonesia, focusing on emerging network security, OpenBTS/Osmocom stack integration, and SIEM for Telco networks. Specialized in combining radio frequency analysis, reverse engineering, and real network behavior modeling to improve detection, response, and resilience in telecom infrastructures (2G–5G). Committed to advancing Sustainable Development Goal (SDG) 9: Industry, Innovation, and Infrastructure, by fostering innovation and resilient digital infrastructure through open-source research and secure communication technologies.These are some of the results of my research that I have published.1. 2 Januari 2015 - Publication of research result at Infosec Institute with title “Introduction to RFID Security” At this research we do Reverse Engineering at ticket commuter line and make a attack scenario RFID   2. Januari 2015 - Research RFID – Berdikari Standalone RFID Reader dan Emulator At this research we do a design PCB use ATmega328P to be Reader and Emulator to do cloning RFID Tag.  • Deep learning microcontroller  • Emulate RFID Tag  • RFID cloning more than 3 tags in 1 Device   3. 12 Februari 2015 - Publication of research result at Infosec Institute with title “Introduction to Smartcard Security”At this research we learn about communication of protocol used on Smartcard EMV Debit Card and 4G Provider BOLT and implement several attack  • Deep learning about SIM Card  • Smartcard Architecture  • simulated attack identification     ◦ Physical attack: Reverse engineering, Smartcard cloning    ◦ Remote attack: IMSI catcher, OTA     4. 19 Maret 2015 - Publication of research result at Infosec Institute with title “Introduction to GSM security” At this research we learn about communication of protocol used on Handphone and BTS (base transceiver station). We do analysis using radio (Universal Software Radio Peripheral) to know type of encription used and tracking handphone location used LAC and Cell ID.  • Analisys 2G GSM Protocol  • Tracking IMSI in your area   5. 9 Juni 2015 - Publication of research result at Infosec Institute with title “Reverse Engineering of Embedded Devices”At this research we learn about how to work “broadcasters livestream” with identify all CHIP used and learning about protocol communication used, we do Reverse Engineering using Bus Pirate and Saleae Logic Analyzer.  • Device disassembly and PCB design analysis.  • Debugging Communication Protocol 1-Wire, UART, I2C, SPI, JTAG.  • Analyze the logic signals, capture sampling and decode protocol.  • extracting the firmware.  • Mapping the component Device and protocol used   6. Maret 2016 - Publication Mini Course of INFOSEC INSTITUTE with title “Advanced Pentesting Techniques with Metasploit”    • AUXILIARY — Scanners (Intermediate → Advanced). Mastery of additional modules for discovery, fingerprinting, and brute force against services  • AUXILIARY — Fuzzers (Intermediate). Find crashes/vulnerabilities in services through Metasploit's built-in fuzzing  • Credential Harvesting & Social-Engineering (Intermediate → Advanced). Technique to retrieve credentials from endpoints via post-exploit modules.  • Post-Exploitation — Privilege Escalation (Advanced).  • Post-Exploitation — Lateral Movement & Persistence (Advanced).  • IE Proxy PAC / Proxy Abuse (Attack on Browsing Infrastructure) (Advanced).  • Misc: NOP generator & Encoders (Exploit robustness / Evasion) (Advanced).  • Advanced module/payload configuration & custom Metasploit modules (Expert)   7. Desember 2018 - Research and manufacture of post-disaster telecomunication equipment. Post-disaster telecommunications equipment (portable BTS / emergency comms kit) aims to provide emergency voice/data services when commercial infrastructure is damaged. This solution involves the design of radio equipment (small/portable BTS), a standalone power system, backhaul options (satellite / microwave / cellular fallback), antenna and RF tuning, signal security, and field operations and logistics procedures.8. 24 Agustus 2019 - Publication of research result at Infosec Institute with title “Mobile Phone Tracking”At the research we learning about protocol communication between Mobile Phone and BTS (base transceiver station) working, with identification LAC , Cell ID and Timing advance (TA) we could to know where the signaling come from.   9. September 2025 – SIEM Telco Research at the research we make a idea inovasion combination of OpenBTS , Osmocom Stack , and ella-core to build a telco-aware SIEM pipeline, benefit for analysis behavior endpoint and cell realtime for detection response, low level kernel analysis behavior realtime detection response, fraud detection realtime. 

Bio: Venkata Kiran Vemula Alli is a seasoned Technology Leader & Architect with 18+ years of experience specializing in Generative AI, Cloud solutions, and Enterprise architecture. Currently serving as Principal Engineer – Systems Architecture at Verizon Communications, he leads the driving innovation in Generative AI, with a focus on building enterprise-grade AI Conversational bots and agents using Retrieval-Augmented Generation (RAG), multi-agent systems, and Agentic AI architectures.His work involves leveraging advanced platforms such as Neural Seek, IBM Watson services, and the Google Agentic platform, like VertexAI and discovery engine, enabling the design and deployment of intelligent, domain-specific agents that solve complex business problems. Kiran has a proven track record of architecting scalable, secure solutions across diverse industries, including telecom, retail, finance, and HR. His expertise spans AWS, GCP, and Azure cloud platforms, containerized services with Kubernetes and Docker, and modern development frameworks. He holds a US Patent in Generative AI Innovation and is AWS Certified as both a Cloud Solutions Architect and Cloud Developer.With an MTech in VLSI Design and a BTech in Electrical and Electronics Engineering, Kiran combines deep technical knowledge with strong leadership skills, successfully managing global cross-functional teams and delivering high-impact projects. His experience ranges from building AI-driven chatbots and computer vision solutions to implementing enterprise-scale microservices architectures and DevOps automation.