SPEAKERS



Anshuman Bhartiya

Anshuman Bhartiya has been in the IT industry for about 11 years now and has had the opportunity to wear multiple hats. Anshuman has been a web developer, cloud consultant, systems engineer and security engineer to name a few. Anshuman has a varied skillset and he likes to tinker with the latest technology coming up with innovative solutions for difficult and challenging problems. Security, Automation and Innovation are some things he is really passionate about and he firmly believes in sharing knowledge and the Open Source community. You can find some of Anshuman's work at his Github here - https://github.com/anshumanbh where he has open sourced tools such as “git-all-secrets”, “brutesubs”, “kubebot”, “tkosubs”, etc. Anshuman has also participated and submitted vulnerabilities to some of the top bug bounty platforms like Bugcrowd, HackerOne and Synack.

Aseem Jakhar

Aseem Jakhar is the Director, research at Payatu payatu.com a boutique security testing company specializing in IoT, embedded, mobile and cloud security assessments. He is well known in the hacking and security community as the founder of null – The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, BruCON, Defcon, Hack In The Box, Hack.lu, Hack in Paris, PHDays and many more. He is the author of various open source security tools including:

- ExplIoT – An open source Internet Of Things Security Testing and Exploitation framework – https://bitbucket.org/aseemjakhar/expliot_framework

- Linux thread injection kit – Jugaad (https://bitbucket.org/aseemjakhar/jugaad) and Indroid (https://bitbucket.org/aseemjakhar/indroid) which demonstrate a stealthy in- memory malware infection technique.

- DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues. https://github.com/payatu/diva-android

- Dexfuzzer – Dex file format Fuzzer. https://bitbucket.org/aseemjakhar/dexfuzzer/src

Boris Larin, Anton Ivanov

Boris Larin is a malware analyst focused on exploits detection and vulnerability research. In his free time he likes to examine the security of embedded devices.

Anton Ivanov leads the behavior detection team at Kaspersky Lab. Anton has discovered several zero day vulnerabilities in Adobe Flash Player, Microsoft Windows kernel and Silverlight.

Craig Smith

Craig Smith is the Director of Transportation Security and Research at Rapid7, a cybersecurity analytics and automation company. He is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists. Craig authored the "Car Hacker's Handbook", the de facto guide to automotive security. At Rapid7, Craig runs the Transportation Practice, which specializes in providing strategic consultancy and deep technical expertise to the transport industries. His work includes extensive testing for innovative new technologies being developed in the automotive industry. Craig has developed many free and open source tools to help teach others about vehicle security. Craig has worked in security for over 20 years, with a focus on automotive and other types of transport for the last 7 years.

Dhiraj Mishra

A security researcher, an active speaker and a bug hunter, discovered multiple zero days in modern web browsers, Metasploit Contributor and have also been nominated for WASPY Award– 2016-17.

Erez Yalon

Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher. Erez is responsible for maintaining Checkmarx's vulnerability detection technology where his previous development experience with a variety of coding languages comes into play.

Jayesh Signh Chauhan

Jayesh Singh Chauhan is a security professional with more than 6 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia 2018, BlackHat EU 2017, c0c0n 2017, 2015, 2013, GES 2014 and Ground Zero 2015. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.

John Menerick aka Project Nexus

Project Nexus works on Security @ a furniture company. Project Nexus’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.

Jordan Santarsieri

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat DC, Insomnihack, Hacker Halted, OWASP US, 8dot8 and Ekoparty.

Joshua Crumbaugh

Joshua Crumbaugh is one of the world's leading human security experts and internationally-renowned ethical hacker. He is the Chief Hacker at PeopleSec and developer of the HumanSAMM Human Security Assurance Maturity Model. He's an expert social engineer who has talked his way into bank vaults, fortune 500 data centers, US critical infrastructure facilities, and casino money cages. His experiences led him to endlessly research all aspects of human security. Through this research, he realized that cybersecurity was a human problem, not a technology problem. Joshua's passion and life devotion are fixing the human cybersecurity problem.

Matthew Daley aka Megabug

Matthew Daley is a Senior Security Consultant at New Zealand's Aura Information Security. Matthew has presented at Black Hat Asia Arsenal, BSides Wellington, and OWASP New Zealand. He enjoys vulnerability discovery and exploitation, developing tools to help pentesters in their work, and writing long mailing list disclosures.

Michel Chamberland

Michel Chamberland is the North America Practice Lead at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 20 years of experience in information technology, helping businesses protect themselves from cyber threats. Prior to Trustwave, he led various security focused roles serving in the financial sector as well as small businesses. Michel grew up in Sherbrooke, Quebec and currently lives in Sarasota, Florida with his three daughters. Michel plays a leadership role in his local OWASP chapter (Suncoast) and is a member of the FBI InfraGard and ISACA organizations. Michel holds a Bachelor of Science in Computer Science as well as a Master's of Science in Information Security Assurance from Western Governors University. Over the years, Michel has collected several industry certifications such as CISSP, OSCE, OSCP, OSWP. CEH, CHFI, CCSK, MCP, GIAC G2700, MCTS, Security+, MCP, CCNA, CCNA Security and many others.

Dr. Nguyen Anh Quynh

Dr. Nguyen Anh Quynh is a regular speaker at various industrial conferences such as Blackhat USA/Europe/Asia, DEFCON, RECON, Eusecwest, Syscan, HackInTheBox, Hack.lu, Deepsec, XCon, Confidence, Hitcon, Opcde, etc. He also presented his researches in academic venues such as Usenix, IEEE, ACM, LNCS. As a passionate coder, Dr. Nguyen is the founder and maintainer of several open source reversing frameworks: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) & Keystone (http://keystone-engine.org).

Patrick Wardle

Patrick Wardle is the Chief Research Officer at Digita Security and Founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Wardle is passionate about all things related to macOS security and thus spends his days finding Apple 0-days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Rosalia D’Alessandro, Hardik Mehta (@hardw00t), Loay Abdelrazek (@sigploit)

We are Telecom security researchers and active contributors/ developers of Sigploit - A Telecom Signaling Exploitation Framework. We work towards identifying various vulnerabilities (including zero days) in telecom network infrastructure. We work to improve network security posture of some important Telecom operators.

Salvador Mendoza

Salvador Mendoza is a security researcher focusing in tokenization processes, payment systems and embedded prototypes. He has presented on tokenization flaws and payment methods at different conferences such as Black Hat USA, DEF CON, DerbyCon, Troopers, OWASP and many others. Salvador designed different tools to pentest mag-stripe and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam, BlueSpoof and lately NFCopy.

Speakers Index

Anshuman Bhartiya

Aseem Jakhar

Boris Larin, Anton Ivanov

Craig Smith

Dhiraj Mishra aka Phish

Erez Yalon

Jayesh Signh Chauhan

John Menerick aka Project Nexus

Jordan Santarsieri

Joshua Crumbaugh

Matthew Daley aka Megabug

Michel Chamberland

Nguyen Anh Quynh

Patrick Wardle

Rosalia D’Alessandro, Hardik Mehta (@hardw00t), Loay Abdelrazek (@sigploit)

Salvador Mendoza