Find Expert Speakers

Yeonwoo Park previously conducted penetration testing projects targeting Korean companies at his former workplace (Core Research Team at Raon Secure) and currently serves as a red teamer at his current workplace (Cyber Threat Analysis Team at SK AX).Through his AD zero-day research, he discovered an exception-handling flaw in the Kerberos protocol, uncovering a method to bypass Microsoft's security policies. Furthermore, through continuous research into areas undetected by popular open-source tools like BloodHound and unexplored topics, he contributes to enhancing the maturity of the red team.

Adhokshaj Mishra works as Staff Detection Engineer specializing in Linux platform. His interest lies in the offensive and defensive side of Linux malware research. He has been working on container specific attacks, and detections in his professional career. In his free time, he mostly researches new offensive techniques in malware as well as applied cryptography. He loves speaking in security meetups and conferences; and has presented in various Null and OWASP chapter meetups, apart from other security events.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Working since 15+y in telecom security, striving to move the industry to a more open and collaborative approach of critical infrastructure security. Today, leading POST Luxembourg TelcoSec team developing offensive & defense capabilities, research and building telecom security solutions to protect operators around the world. I have been previously publishing at Underground Economy, Chaos Computer Congres (CCC), Hack.lu, CTI-Summit, ETIS, GSMA FSAG, ENISA Telecom Security Forum, HITB, Troopers, TSD, HackitoErgoSum and many other private conference where we are invited to share our research.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

Alon Friedman is a Principal Security Architect at Microsoft 365 Defender, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Aryan is a senior security researcher with nearly six years of focused experience in malware development, AV/EDR evasion, and low-level system programming. His work bridges deep technical research and practical offensive security, creating advanced tooling for red team engagements. He holds the CRTO certification and has led numerous adversarial simulations against mature defenses. His research also extends to implementing fuzzing frameworks and automation.Previous Speaking Engagements:WildWest Hackin' Fest - Presented research on advanced security evasion.The Hack Summit - Delivered a talk on modern malware techniques.CarolinaCon - Shared findings in offensive security research.BSides Ahmedabad - Led technical training sessions on red team tooling and methodologies.

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and various B-Side events. He is a perennial feature at the Thotcon conference in his native Chicago, USA and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the country. 

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

20 YearsBrazilianClient Applications Squad Leader, Researcher and Malware Developer at @Hakai Offensive SecurityProgrammerGamerCat loverCompulsive pizza eaterPassionate about sysInternals, reverse engineering, low level and Client-Side applications

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 16+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.Jordan has also discovered critical vulnerabilities in Oracle, IBM and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, Infosec in the city, Code Blue and Ekoparty.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Markus Vervier is a security researcher from Germany. Software security is his main focus of work. During the last 15 years he collected professional experience in offensive IT security working as a penetration tester and security consultant for highly regarded companies. His experience combined with his personal passion regarding security research made him start his own company in 2015. Besides his daily security work, he is very actively practicing security research and discovers high profile vulnerabilities regularly such as the recent libotr heap overwrite.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision “Build Locally, Scale Globally”, and he believes in empowering the Arab World to be recognized as a leader in technology research and development.Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape.Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today’s digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally.CTM360’s technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

Over 14 years of experience in the security domain, specializing in Penetration Testing, Application Security, Cloud Security, Architecture and Forensics Investigation.Leading an Offensive Security (OffSec) and Security Architecture team with a passion for Red Teaming and Security Research.Reported multiple vulnerabilities in products and applications, recognized with CVEsHolds prestigious certifications including GIAC Cloud Penetration Tester (GCPN), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO), among othersPresented at prominent conferences such as Bsides Budapest, Bsides Milano, Hacktivity, VulnCon 2024, Hacker Halted, CyberSec Asia, Identity Shield, Microsoft BlueHat 2025, PHDays 2025, VulnCon 2025, OWASP AppSec Days 2025, Hacker Halted 2025.

Orange Tsai is the principal security researcher of DEVCORE and a core member of CHROOT security group in Taiwan. He is also the champion and title holder of 'Master of Pwn' in Pwn2Own Vancouver 2021 and Toronto 2022. Additionally, Orange has spoken at several top hacking conferences, such as Black Hat USA (6 times), DEF CON (5 times), HITCON (12 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!Currently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for "Best Server-Side Bug" in 2019 and 2021 but also secured 1st place in the "Top 10 Web Hacking Techniques" for 2017, 2018 and 2024. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

Pengfei is a Solution Architect at Picus Security, where he advise enterprise security teams in implementing automated adversary simulation operations and framework.Previously, he worked as a Cybersecurity Engineer in GovTech's GCSOC team, where he led the implementation of continuous purple teaming across the Whole-of-Government. Before this role, he served on GovTech's red team, mainly dabbling in VAPT and Adversary Simulation.Pengfei is certified with OSCP, eMAPT, Crest CRT, CCSK V4, etc. He has conducted research on emerging cybersecurity technologies and presented his findings at renowned conferences like Black Hat USA & Asia, DEFCON, SINCON, ROOTCON, etc.