Find Expert Speakers

Yeonwoo Park previously conducted penetration testing projects targeting Korean companies at his former workplace (Core Research Team at Raon Secure) and currently serves as a red teamer at his current workplace (Cyber Threat Analysis Team at SK AX).Through his AD zero-day research, he discovered an exception-handling flaw in the Kerberos protocol, uncovering a method to bypass Microsoft's security policies. Furthermore, through continuous research into areas undetected by popular open-source tools like BloodHound and unexplored topics, he contributes to enhancing the maturity of the red team.

I’m currently working as a Security Analyst, with experience in both red team and blue team operations. My current focus is on red team engagements, zero-day research, and malware analysis.

- Unveiling Digital identities: Device and Browser fingerprinting have been accepted at Blackhat MEA , Nullcon Goa, Bsides Bloomington, Connecticut, Sydney, Hackred Con 2024, Defcon Delhi 0x07 etc.- Ghost in the Machine: Exploiting Hardware & Network Fingerprints for Tracking Presented at Myhack Malaysia.- Reinventing Access Control: Fingerprinting for Credential Protection Presented at VulnCon 2025 and BSides Mumbai 2025.- Speaker at Defcon Delhi 0x06: Presented my research paper on analyzing the Mirai Botnet and its derivatives.

Hi, My name is Aftab Sama! 👋I'm a cybersecurity researcher. I graduated from Rashtriya Raksha University with a degree in Computer Science and Engineering with specialization in Cyber Security. My interest in Capture the Flag (CTF) competitions helped me secure my first internship at KPMG India, as I was among the top performers in a national CTF competition organized by the KPMG Cyber Security Team. I secured an on-campus internship at Quick Heal, where I had the opportunity to shadow various malware cases and learn about the investigation process. I validated Indicators of Compromise (IoC) for physical samples from CertIN and OTX, and I utilized my Python skills to automate some daily tasks. I also ranked among the top 100 in TCS HackQuest Season 7 Capture the Flag (CTF) competition, which led to an employment opportunity with TCS, where I am currently working as Penetration Tester.My passion for offensive security and penetration testing led me to obtain certifications such as CAPenX, BSCP, CNPen, CAPen, and CEH Practical, among others. I plan to enroll in further offensive security courses in the future.In my free time, I actively participate on HackTheBox and CTFTime and have taken part in several prestigious CTF competitions, winning multiple prizes. Besides my interest in security, I enjoy reading about stoicism and philosophy.You can read my blogs and writeups at https://aftabsama.com.

Alfonso De Gregorio is a globally recognised cybersecurity technologist, award-winning research artist, and strategic policy advisor. He has spoken at 25+ peer-reviewed int'l events across 5 continents, such as NATO Conference on Cyber Conflict, RSAC, and the leading hacker events. High-performance organisations engage him to spearhead relentless innovation across disciplines and fields, accelerate asymmetric advantage, and achieve peak confidence in today's interconnected operational environment—establishing Alfonso as a key figure shaping the discussion and practice of cybersecurity.Today he is Founding Director and Principal Investigator at Pwnshow, an interdisciplinary research agency investigating critical cybersecurity challenges at the complex technology-society nexus; CEO at Zeronomicon, a premium zero-day vulnerability acquisition platform; and, Member of the ETSI TC SAI (Securing AI), where he works towards ensuring the technical standards underpinning the EU AI Act are practical, effective, and innovation-friendly. At the forefront of the AI governance debate, his current work focuses on the dual-use dilemma of open-weight AI and how the proliferation of powerful models impacts the cyber threat landscape. Active in the legislative and standardization trenches as much as at the terminal prompt, he provided expert technical consultation to the European Commission regarding the EU AI Act. He successfully advocated for the "substantial modification" clauses in the GPAI Code of Practice, protecting open model developers from undue liability.

Boik Su is a security research manager at CyCraft Technology and is currently focused on Cloud Security, Web Security, and Blockchain Security. He takes an active role in the cybersecurity community and has delivered speeches at multiple seminars across the globe, including HITCON, HITB, FIRSTCTI, VB, and HackerOne. He still participates in CTF competitions, including SECCON CTF in Japan and HITCON CTF in Taiwan, and has submitted multiple reports to bug bounty programs and open-source projects.

Carlos Gómez Quintana is a Security Consultant at IOActive, specializing in Red Team operations and offensive security. As one of the youngest professionals to join the firm, he conducts advanced penetration testing, adversarial simulation, and security research across diverse enterprise environments.At IOActive, Carlos focuses on cutting-edge security research, including automotive security where he has developed novel attack techniques such as rollback agnostic replay attacks against vehicular systems. He regularly conducts Red Team engagements that simulate real-world adversarial scenarios for enterprise clients.Carlos is an active security researcher and contributor to Maldev Academy, where he has contributed to the phishing section and active research on malware development.

Feel free to email me on basically anything on computing or history

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Evangelos Bitsikas is a Doctoral Security Researcher at Northeastern University and a Google PhD Fellow in Cybersecurity. He specializes in wireless security, with an emphasis on cellular networks (LTE/5G), adversarial attacks against cellular infrastructure, and mission-critical networking for autonomous systems, including 5G-enabled drones and vehicles.Evangelos has trained extensively across offensive and defensive security, including network monitoring and incident response exercises, as well as hands-on exploitation and penetration-testing labs. He currently holds advanced security certifications, including CASP+ and CISSP, and speaks on topics at the intersection of wireless systems, real-world security testing, and resilient network design.

Evan "Shortrange" Cook is a physical security researcher who is passionate about hacking the planet! A first-place winner of the DEFCON 2025 Embedded Systems Village CTF and SAINTCON 2024 RFID CTF, Evan knows how to train and speak success in RFID hacking. He is a battle-tested educator who has workshopped over 300+ students — ranging from newbies to industry professionals to tier-one special forces operators — in the art of successful access control exploitation. Committed to lowering the barrier of entry for beginners, he created the world's FIRST open-source access control simulation lab built entirely with off-the-shelf parts, proving that high-end security research doesn't require a high-end budget. Evan is passionate about "bringing RFID to the people" through talks, workshops, trainings, and open-source projects. Where digital and physical worlds collide... you'll find Shortrange ready to "Hack the Planet!" with you.

I spoke at about a dozen conferences so far, mostly always about Software Supply Chain Security / Application Security. I am a regular guest on several podcasts on the same topic as well. I spoke in front of small (a few dozen) and large audiences (several hundreds) both locally and internationally (North America and Western Europe). I spoke at BlackHat SecTor, OWASP Global AppSec, NorthSec, Linux Foundation's OpenSSF event, Munich Cyber TTP, etc.

Instructor-led training and lectures in cybersecurity, bug bounty hunting, and blockchain development through Flowdiary. Regularly deliver technical walkthroughs, live exploitation demos, and vulnerability analysis sessions for learners and developers. Experience presenting complex security concepts clearly to both technical and non-technical audiences.

Jan de Vries is a senior trainer, business IT consultant, coach, researcher and public speaker in the fields of Agile, DevOps, Business Information Management, Service Management, Antifragility and Strategy Development.He (co-)founded:- BlueOceanRecon.com to facilitate the development of Blue Oceans and Lean Startups.- Antifragility.works to conduct research on the practical application of antifragility in organisations.- GRCinAgile to explore common ground between Agile/DevOps teams and Governance, Risk & Compliance.

Jonathan Bar Or ("JBO") an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry.Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.

I have delivered technical presentations at leading cybersecurity conferences worldwide, sharing vulnerability research and offensive security methodologies with international audiences:Featured Conference Appearances:HITB (Hack In The Box) – Technical deep-dive on vulnerability discovery methodologiesBlack Hat KSA – Offensive security research and exploitation techniquesBSides – Community-focused talks on practical security testingtenguCon – Advanced threat research and attack surface analysisAdditional platforms globally – Continuing to share research across diverse security communitiesSpeaking Style: accessible delivery, making complex vulnerability research understandable for both seasoned security professionals and those newer to offensive security. Presentations include live demonstrations, real-world case studies from 0-day discoveries, and actionable takeaways that audiences can implement immediately.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor.With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally.He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Talks within my organisationTech Talks: I have delivered over 10 internal technical presentations tailored to a wide range of audiences across multiple product development disciplines within my organisation(netskope).Hybrid Engagement: These sessions were conducted through both face-to-face and online formats, allowing me to interact with a significant number of colleagues and refine my ability to communicate complex technical topics to diverse teams.Knowledge Transfer: Beyond formal talks, I have led dedicated mentoring sessions and deep-dive technical walkthroughs to help ramp up team members on specialized security research.External Industry RecognitionBlackHat Europe (Arsenal): I was selected to present my research and open-source tool, IOCTL Hammer, at BlackHat Europe.Expert Engagement: This experience involved presenting to an international audience of cybersecurity experts, where I successfully managed high-traffic live interactions at the Arsenal booth.Communication Mastery: Preparing for and executing this talk helped me hone my skills in articulating the technical value and novelty of my work to an external, expert-level audience.

Louis Nyffenegger is an experienced speaker and trainer known for delivering high-impact talks on web security, vulnerability research, and security code review.Highlights include:Keynote Speaker at BSides Canberra Delivered the keynote “A journey to Mastery” sharing actionable strategies for building skills.DEF CON: multiple workshops and talks at DEFCON and villages on SAML, JWT and code reviewOWASP California: talk on JWTNumerous talks at meetups, private workshops and training sessions with top red teams, pentesters, and application security teams worldwide.Louis’s talks are known for blending technical depth with practical, experience-driven advice, helping attendees level up their security skills beyond checklists and automated tools.

Previous talks:Black Hat USA 2020: “Fooling Windows through Superfetch”Fooling Windows through Superfetchc0c0n 2022, India: “Intel SGX: the ransomware strongbox?”REcon 2023, Canada.: “Press Play to Restart: Under the Hood of the Restart Manager”Mathilde Venault Press Play To Restart Under the Hood of the Windows Restart ManagerSinCon 2025, Singapore “DrawMeATree: the master key to WinDbg’s fortress”Previous workshops:Diana Initiative 2023, USA: “Introduction to Reverse Engineering” https://infocondb.org/con/diana-initiative/diana-initiative-2023/blackhoodie-introduction-to-reverse-engineering-workshop-for-women 44con 2024, London: “Trick-or-treat WinDbg: taming the Windows debugger”https://44con.com/44con-2024-talks-and-workshops/ SinCon 2025, Singapore “Trick-or-treat WinDbg: taming the Windows debugger”https://www.infosec-city.com/schedule/sin25-con

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision “Build Locally, Scale Globally”, and he believes in empowering the Arab World to be recognized as a leader in technology research and development.Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape.Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today’s digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally.CTM360’s technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

Orange Tsai is the principal security researcher of DEVCORE and a core member of CHROOT security group in Taiwan. He is also the champion and title holder of 'Master of Pwn' in Pwn2Own Vancouver 2021 and Toronto 2022. Additionally, Orange has spoken at several top hacking conferences, such as Black Hat USA (6 times), DEF CON (5 times), HITCON (12 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!Currently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for "Best Server-Side Bug" in 2019 and 2021 but also secured 1st place in the "Top 10 Web Hacking Techniques" for 2017, 2018 and 2024. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.

Jian-Lin Peng, aka YingMuo (@YingMuo), is a security researcher at DEVCORE. His work primarily focuses on IoT, macOS kernel and hypervisor security. He has participated in Pwn2Own competitions 2 times, successfully compromising QNAP NAS. He was also a speaker at HITCON PEACE 2022 and DEVCORE CONFERENCE 2024.

Rafie Muhammad is a Lead security researcher at Patchstack. He specializes in web application security, WordPress security and PHP code review. Rafie is passionate about web application security with a white-box approach. He likes listening to podcasts while reading a bunch of PHP code on VSCode. With 3+ years experience on WordPress security, Rafie has secured critical and most popular WordPress environments ranging from WordPress Core, Plugins and Themes.Rafie also likes doing CTF and bug bounty in his free time.