Find Expert Speakers

Hushcon West 2019Presented a technical talk on cellular infrastructure security, focusing on real-world weaknesses in mobile and carrier-adjacent systems. The session drew from hands-on research into cellular protocols, deployment realities, and how attackers exploit assumptions in telecom environments that are often treated as “trusted” or out of scope by enterprise security teams.Hushcon East 2023Delivered a talk centered on hacker culture, attacker mindset, and how security thinking evolves outside formal frameworks. The session explored how curiosity-driven exploration, informal knowledge sharing, and cultural norms shape real attacker behavior more accurately than checklists, tooling, or compliance-driven models.PRaSEC 2023Presented a red-team-focused session on Domain Admin attack paths, blending practical exploitation techniques with philosophical perspectives on adversary reasoning. The talk emphasized how attackers model trust, authority, and system design to move from initial access to full domain control.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Speaker at multiple International Security conferences: NullCon, AVAR Singapore, AVAR Chennai, Bsides Delhi. Did first lock picking workshop in India with Nullcon in 2012 and multiple lock picking workshops in Nullcon , Hackers conference.  Did workshop on Arduino in NullCon hackers conference and created first ever Hardware badge in India for Hackers conference.

As a seasoned speaker and trainer, Anant has shared his expertise at various prestigious platforms including Black Hat (USA/ASIA/EU), Defcon, Nullcon, c0c0n, and Rootconf. His extensive involvement in these conferences extends to serving as a CFP reviewer for Blackhat EU, nullcon, Rootconf by Hasgeek, and multiple villages at Defcon (Recon, Adversary and Cloud), showcasing his dedication to nurturing and elevating the discourse within the field.

Andreas Wiegenstein is engaged in SAP cyber security since 2003. He discovered quite a number of zero-day vulnerabilities in SAP software and supported development of a market leading static code analysis tool for the business programming language ABAP. He has spoken at more than 70 conferences world-wide about SAP security, including Black Hat, DeepSec, Hack In The Box, IT Defense, RSA, SAP TechEd and Troopers (alphabetical order). His current research is focused on SAP malware and supply chain attacks.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Chris Carlis is an unrepentant penetration tester with an extensive background in network, wireless and physical testing. Across his career, Chris has worked to expand the value offensive testing provided via open communication and goal driven engagements. Additionally, Chris has presented at a variety of conferences, including Thotcon, Hushcon, Hackfest, ShowMeCon, DeepSec, CypherCon and various B-Side events. He is a perennial feature at the Thotcon conference in his native Chicago, USA and helps to organize “BurbSec”, the best attended Information Security monthly gatherings in the country. 

Christian Herrmann – RFID Hacker | Co-Founder of AuroraSec & RRG | MCPD Enterprise ArchitectChristian Herrmann, better known in the hacker community as “Iceman”, is a co-founder ofAuroraSec and RRG, and has helped develop many of today’s most widely used RFIDresearch tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-knownRFID hacking and Proxmark3 evangelist, serving the community as both a forumadministrator and a major code contributor alongside other developers since 2013.Christian has spoken at hacker conferences around the world, including Troopers, Black HatAsia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon. He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.With over 14 years of experience in bespoke software development, Christian specializes in.NET platforms and is a Certified MCPD Enterprise Architect.He possesses near-unmatched expertise in the Proxmark3 architecture and various RFIDtechnologies, and has served as an instructor for Red Team Alliance (RTA), including trainingsessions at Black Hat.

As an ethical hacker, I equip enterprises with the advice and solutions to improve their digital security posture and their overall business growth. Throughout my career as an ethical hacker I’ve worked across several industries including:💥 Government💥 Advertising💥 Retail💥 Financial Services💥 Blockchain💥 Technology💥 Publishing💥 Non-Profit💥 And more!This has provided me the opportunities to gain a breadth of knowledge on all things security testing.

Donavan is a Physics graduate turned into cybersecurity consultant with >8 years of experience in a variety of cybersecurity domains (e.g. offensive security, threat modeling, maturity assessments, security architecture) and business domains (cyber GRC).He blends his understanding of clients across both public and private sectors to identify key cybersecurity concerns and solutions to enable companies' cybersecurity compliance, confidence and cost-effectiveness (3 Cs).He has numerous contributions to the cybersecurity community since 2018. He has written hacking challenges, spoken at numerous conferences and events (SECCON JP, Threat Modeling Connect Japan, GCC 2025 @ Taiwan, Seasides 2025 @ Goa, SINCCON @ Singapore, DefCamp @ Romania) on topics ranging from threat modeling to application security. He has conducted career talks to encourage younger students from middle school to university levels to enter the cybersecurity industry. He also sits on the advisory board of VULNCON (since 2024), BSides Mumbai and Vazig, and has authored numerous articles on ISACA on topics ranging from post-quantum cryptography, to the relations between social sciences and cybersecurity as well as threat modelling. His views on cybersecurity has also been quoted by "The Pentester Blueprint" written by Phillip L. Wylie and Kim Crawley, and Offensive Security. He also contributes to the ISC2's Unified Body of Knowledge (UBK) through the Technical Advisory Panel Workshop.In Thales, he has also led a team to create a made in Singapore cybersecurity gamification experience, "Defend the Breach" (DTB), in three months, where players role-play CISO roles to make difficult cybersecurity decisions, taking into account both cyber and non-cyber factors such as the overall health of the business, manpower and operational requirements.Donavan also possesses certifications ranging from Offsec certifications (OSCE3, OSCP), ISC2 (CISSP), ISACA (CRISC) and is more than halfway through his Masters in Cybersecurity at Georgia Tech (OMSCY).On the mentorship front, he has developed and helped two mentees secure jobs, and mentors a dozen mentees in various capacities (individuals, cyber start-up founders)Outside cybersecurity, Donavan has also represented Singapore in international forums such as the ASEAN-India Youth Summit as a delegate.Find out more about me at https://donavan.sg and my cybersecurity writing at https://donavan.sg/blog.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

Dr. Gregory Carpenter is Principal Partner at CW PENSEC and a retired U.S. Army officer with over two decades of operational experience spanning intelligence, counterintelligence, electronic warfare, deception, and security testing. He previously served in senior roles across joint and interagency environments and was recognized as NSA Operations Officer of the Year for his work in advanced operational analysis and mission execution.Dr. Carpenter’s professional focus centers on adversary modeling and the failure modes of trust, identity, and attribution under adaptive threat pressure. His work examines how emerging technologies—including cyber-physical systems, in vivo and nano-scale technologies, automation, and information operations—alter attacker behavior and invalidate long-standing defensive assumptions. He has led and advised offensive and defensive programs across cyber, information, and electronic warfare domains, with particular emphasis on how identity collapses when human operators are no longer stable or external to the systems they access.At conferences and in research settings, Dr. Carpenter translates complex adversary behavior into practical defensive insight, emphasizing how organizations must redesign identity, access control, and trust models for environments where compromise is expected rather than exceptional. He has presented at DEF CON’s Misinformation Village (2023), Adversary Village (2025), and the DEF CON Creator Stage (2024, 2025).

Haakon is currently a security consultant working for Binary Security in Oslo, focusing mostly on WebApps and backend security. He has a strong background in Cybersecurity, with expertise in analyzing and securing applications and operating systems. His experience includes working at the Norwegian National Defense Research Establishment (FFI), where he conducted in-depth security assessments. Additionally, his background as a mathematician has equipped him with the skills to analyze and understand complex systems effectively.

20 YearsBrazilianClient Applications Squad Leader, Researcher and Malware Developer at @Hakai Offensive SecurityProgrammerGamerCat loverCompulsive pizza eaterPassionate about sysInternals, reverse engineering, low level and Client-Side applications

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 16+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.Jordan has also discovered critical vulnerabilities in Oracle, IBM and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, Rootcon, NanoSec, Hacker Halted, OWASP US, Infosec in the city, Code Blue and Ekoparty.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Mohit Kulamkolly works at Netskope as an Security Analyst ll - Red team and Offensive Operations, a Santa Clara-based company that offers the Cloud Native Security Platform to assist enterprises secure their growing cloud footprint.He has been working with the Appsec division Pen-testing applications and product features for more than 4 years , in addition to making sure firms’ product development projects are secure. His particular areas of interest are binary exploitation, fuzzing, exploit development and reverse engineering. In his tenure at Netskope he has discovered multiple critical vulnerabilities within the Application and driven by passion for cutting edge research in his domain. An accomplished speaker, he presented at Black Hat Europe Arsenal 2025 and has delivered over 10+ technical presentations to a diverse range of product development disciplines within his current organization. His research has made contributions to the cyber security community including reporting CVE-2024-46455 and open source contributions.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.

Cybersecurity Enthusiast, CTF Player and Bug Hunter. Contributed to the organization of SECCON CTF, took the stage at AVTOKYO2020/2023/2024, Security Analyst Summit 2024, Hack Fes. 2024, m0leCon 2025, TyphoonCon Seoul 2025, HITCON 2025 and competed in the DEF CON CTF Finals. Renowned for uncovering and reporting vulnerabilities in web services and softwares including Google and Firefox.

I got into cybersecurity the messy, curious way - hacking games as a teenager to get extra coins and superpowers, then later reverse-engineering ransomwares to understand how they worked. That same curiosity and passion led me to a career in offensive cyber security.In the past 5+ years of work experience across India, UAE & USA, I’ve worked on:• Mobile application penetration testing (Android & iOS)• Web application and API penetration testing• Secure code review across C/C++, Python, Java, Golang, JavaScript, Typescript and C# .NET• Custom Signature Code Analysis (Semgrep, YARA & Coverity CodeXM custom checkers)• Adverserial tradecraft and Cyber threat intelligence• Network and infrastructure assessments with Segmentation penetration tests for cloud and on-prem setups• Software Composition Analysis (Coverity, Black Duck, GitHub Advisories, PlexTrac)• Innovative research & automated pentest tools development (AI, OSINT, Python, Bash script)Currently, I work as a Security Researcher at OnDefend, where I help secure user data of a large-scale social media platform & contribute to U.S. national security.🌟 Key Achievements:• Awarded the first-ever “Magical Mention” as an intern at Equinix for uncovering and reporting multiple critical security misconfigurations. Recognized for investigative persistence, curiosity, and successfully improving internal security workflows through proactive analysis and alerting.• Bug Bounty & Hall of Fame mentions: Tesco, IKEA, SecureLayer7 live hacking event, Accenture, Ericsson, Springer Nature, OSIsoft🔍CVE Research:• CVE-2020-11539 : Access control issue in Tata Sonata Smartwatch• CVE-2020-11540 : Access control issue in Tata Sonata Smartwatch• CVE-2020-25498 : Chained CSRF & Stored XSS vulnerabilities in Beetel router• CVE-2020-35262 : Stored XSS vulnerability in Digisol router👾 Outside of work, I’m always exploring new tools, ways to use AI as leverage in security, hacking techniques & trying to level up. I love building my own custom IoT devices as well as hacking them.🧑‍🤝‍🧑As an active member of 'Women in Cybersecurity', 'Women in Security & Privacy' and 'The Diana Initiative' volunteer at Defcon, I’m also passionate about making cyber security more inclusive and human, especially for women and underrepresented voices.

Cybersecurity Consultant with over three years of hands-on industry experience, I specialize in offensive security—driven by a passion for uncovering and exploiting weaknesses before adversaries can. My work spans Red Team operations, Network Security, and Web/API Vulnerability Assessment & Penetration Testing (VAPT), with successful engagements across BFSI, IT Products & Services, and Healthcare sectors.With a strong research focus on Adversarial Tactics, Techniques, and Procedures (TTPs), I continuously explore emerging threat vectors and offensive methodologies to deliver actionable security insights that directly reduce business risk. My approach blends technical precision with creative attack strategies, ensuring organizations stay ahead of evolving cyber threats

I spoke at CONFidence 2025, one of the most established infosec conferences in Central Europe. My talk focused on advanced API authorization vulnerabilities and practical exploitation techniques, drawing from real-world engagements. I’ve compressed years of pentesting and secure code review experience into research-driven content and I’m eager to bring more of that to the stage.

A Telco Security Researcher and Embedded System Developer with over 10 years of experience in telecommunication protocol analysis, embedded system design, and cybersecurity research. Founder and principal researcher at NOZ Berkarya Indonesia, focusing on emerging network security, OpenBTS/Osmocom stack integration, and SIEM for Telco networks. Specialized in combining radio frequency analysis, reverse engineering, and real network behavior modeling to improve detection, response, and resilience in telecom infrastructures (2G–5G). Committed to advancing Sustainable Development Goal (SDG) 9: Industry, Innovation, and Infrastructure, by fostering innovation and resilient digital infrastructure through open-source research and secure communication technologies.These are some of the results of my research that I have published.1. 2 Januari 2015 - Publication of research result at Infosec Institute with title “Introduction to RFID Security” At this research we do Reverse Engineering at ticket commuter line and make a attack scenario RFID   2. Januari 2015 - Research RFID – Berdikari Standalone RFID Reader dan Emulator At this research we do a design PCB use ATmega328P to be Reader and Emulator to do cloning RFID Tag.  • Deep learning microcontroller  • Emulate RFID Tag  • RFID cloning more than 3 tags in 1 Device   3. 12 Februari 2015 - Publication of research result at Infosec Institute with title “Introduction to Smartcard Security”At this research we learn about communication of protocol used on Smartcard EMV Debit Card and 4G Provider BOLT and implement several attack  • Deep learning about SIM Card  • Smartcard Architecture  • simulated attack identification     ◦ Physical attack: Reverse engineering, Smartcard cloning    ◦ Remote attack: IMSI catcher, OTA     4. 19 Maret 2015 - Publication of research result at Infosec Institute with title “Introduction to GSM security” At this research we learn about communication of protocol used on Handphone and BTS (base transceiver station). We do analysis using radio (Universal Software Radio Peripheral) to know type of encription used and tracking handphone location used LAC and Cell ID.  • Analisys 2G GSM Protocol  • Tracking IMSI in your area   5. 9 Juni 2015 - Publication of research result at Infosec Institute with title “Reverse Engineering of Embedded Devices”At this research we learn about how to work “broadcasters livestream” with identify all CHIP used and learning about protocol communication used, we do Reverse Engineering using Bus Pirate and Saleae Logic Analyzer.  • Device disassembly and PCB design analysis.  • Debugging Communication Protocol 1-Wire, UART, I2C, SPI, JTAG.  • Analyze the logic signals, capture sampling and decode protocol.  • extracting the firmware.  • Mapping the component Device and protocol used   6. Maret 2016 - Publication Mini Course of INFOSEC INSTITUTE with title “Advanced Pentesting Techniques with Metasploit”    • AUXILIARY — Scanners (Intermediate → Advanced). Mastery of additional modules for discovery, fingerprinting, and brute force against services  • AUXILIARY — Fuzzers (Intermediate). Find crashes/vulnerabilities in services through Metasploit's built-in fuzzing  • Credential Harvesting & Social-Engineering (Intermediate → Advanced). Technique to retrieve credentials from endpoints via post-exploit modules.  • Post-Exploitation — Privilege Escalation (Advanced).  • Post-Exploitation — Lateral Movement & Persistence (Advanced).  • IE Proxy PAC / Proxy Abuse (Attack on Browsing Infrastructure) (Advanced).  • Misc: NOP generator & Encoders (Exploit robustness / Evasion) (Advanced).  • Advanced module/payload configuration & custom Metasploit modules (Expert)   7. Desember 2018 - Research and manufacture of post-disaster telecomunication equipment. Post-disaster telecommunications equipment (portable BTS / emergency comms kit) aims to provide emergency voice/data services when commercial infrastructure is damaged. This solution involves the design of radio equipment (small/portable BTS), a standalone power system, backhaul options (satellite / microwave / cellular fallback), antenna and RF tuning, signal security, and field operations and logistics procedures.8. 24 Agustus 2019 - Publication of research result at Infosec Institute with title “Mobile Phone Tracking”At the research we learning about protocol communication between Mobile Phone and BTS (base transceiver station) working, with identification LAC , Cell ID and Timing advance (TA) we could to know where the signaling come from.   9. September 2025 – SIEM Telco Research at the research we make a idea inovasion combination of OpenBTS , Osmocom Stack , and ella-core to build a telco-aware SIEM pipeline, benefit for analysis behavior endpoint and cell realtime for detection response, low level kernel analysis behavior realtime detection response, fraud detection realtime.