Anshuman Bhartiya has been in the IT industry for about 11 years now and has had the opportunity to wear multiple hats. Anshuman has been a web developer, cloud consultant, systems engineer and security engineer to name a few. Anshuman has a varied skillset and he likes to tinker with the latest technology coming up with innovative solutions for difficult and challenging problems. Security, Automation and Innovation are some things he is really passionate about and he firmly believes in sharing knowledge and the Open Source community. You can find some of Anshuman's work at his Github here - https://github.com/anshumanbh where he has open sourced tools such as “git-all-secrets”, “brutesubs”, “kubebot”, “tkosubs”, etc. Anshuman has also participated and submitted vulnerabilities to some of the top bug bounty platforms like Bugcrowd, HackerOne and Synack.
Aseem Jakhar is the Director, research at Payatu payatu.com a boutique security testing company specializing in IoT, embedded, mobile and cloud security assessments. He is well known in the hacking and security community as the founder of null – The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, BruCON, Defcon, Hack In The Box, Hack.lu, Hack in Paris, PHDays and many more. He is the author of various open source security tools including:
- ExplIoT – An open source Internet Of Things Security Testing and Exploitation framework – https://bitbucket.org/aseemjakhar/expliot_framework
- Linux thread injection kit – Jugaad (https://bitbucket.org/aseemjakhar/jugaad) and Indroid (https://bitbucket.org/aseemjakhar/indroid) which demonstrate a stealthy in- memory malware infection technique.
- DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues. https://github.com/payatu/diva-android
- Dexfuzzer – Dex file format Fuzzer. https://bitbucket.org/aseemjakhar/dexfuzzer/src
Boris Larin is a malware analyst focused on exploits detection and vulnerability research.
In his free time he likes to examine the security of embedded devices.
Anton Ivanov leads the behavior detection team at Kaspersky Lab. Anton has discovered several zero day vulnerabilities in Adobe Flash Player, Microsoft Windows kernel and Silverlight.
Craig Smith is the Director of Transportation Security and Research at Rapid7, a cybersecurity analytics and automation company. He is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists. Craig authored the "Car Hacker's Handbook", the de facto guide to automotive security. At Rapid7, Craig runs the Transportation Practice, which specializes in providing strategic consultancy and deep technical expertise to the transport industries. His work includes extensive testing for innovative new technologies being developed in the automotive industry. Craig has developed many free and open source tools to help teach others about vehicle security. Craig has worked in security for over 20 years, with a focus on automotive and other types of transport for the last 7 years.
A security researcher, an active speaker and a bug hunter, discovered multiple zero days in modern web browsers, Metasploit Contributor and have also been nominated for WASPY Award– 2016-17.
Erez Yalon heads the security research group at Checkmarx. With vast defender and attacker experience and as an independent security researcher. Erez is responsible for maintaining Checkmarx's vulnerability detection technology where his previous development experience with a variety of coding languages comes into play.
Jayesh Singh Chauhan is a security professional with more than 6 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia 2018, BlackHat EU 2017, c0c0n 2017, 2015, 2013, GES 2014 and Ground Zero 2015. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.
Project Nexus works on Security @ a furniture company. Project Nexus’s interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.
Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.
He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.
Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat DC, Insomnihack, Hacker Halted, OWASP US, 8dot8 and Ekoparty.
Joshua Crumbaugh is one of the world's leading human security experts and internationally-renowned ethical hacker. He is the Chief Hacker at PeopleSec and developer of the HumanSAMM Human Security Assurance Maturity Model. He's an expert social engineer who has talked his way into bank vaults, fortune 500 data centers, US critical infrastructure facilities, and casino money cages. His experiences led him to endlessly research all aspects of human security. Through this research, he realized that cybersecurity was a human problem, not a technology problem. Joshua's passion and life devotion are fixing the human cybersecurity problem.
Matthew Daley is a Senior Security Consultant at New Zealand's Aura Information Security. Matthew has presented at Black Hat Asia Arsenal, BSides Wellington, and OWASP New Zealand. He enjoys vulnerability discovery and exploitation, developing tools to help pentesters in their work, and writing long mailing list disclosures.
Michel Chamberland is the North America Practice Lead at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 20 years of experience in information technology, helping businesses protect themselves from cyber threats. Prior to Trustwave, he led various security focused roles serving in the financial sector as well as small businesses. Michel grew up in Sherbrooke, Quebec and currently lives in Sarasota, Florida with his three daughters. Michel plays a leadership role in his local OWASP chapter (Suncoast) and is a member of the FBI InfraGard and ISACA organizations. Michel holds a Bachelor of Science in Computer Science as well as a Master's of Science in Information Security Assurance from Western Governors University. Over the years, Michel has collected several industry certifications such as CISSP, OSCE, OSCP, OSWP. CEH, CHFI, CCSK, MCP, GIAC G2700, MCTS, Security+, MCP, CCNA, CCNA Security and many others.
Dr. Nguyen Anh Quynh is a regular speaker at various industrial conferences such as Blackhat USA/Europe/Asia, DEFCON, RECON, Eusecwest, Syscan, HackInTheBox, Hack.lu, Deepsec, XCon, Confidence, Hitcon, Opcde, etc. He also presented his researches in academic venues such as Usenix, IEEE, ACM, LNCS. As a passionate coder, Dr. Nguyen is the founder and maintainer of several open source reversing frameworks: Capstone (http://capstone-engine.org), Unicorn (http://unicorn-engine.org) & Keystone (http://keystone-engine.org).
Patrick Wardle is the Chief Research Officer at Digita Security and Founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Wardle is passionate about all things related to macOS security and thus spends his days finding Apple 0-days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
We are Telecom security researchers and active contributors/ developers of Sigploit - A Telecom Signaling Exploitation Framework. We work towards identifying various vulnerabilities (including zero days) in telecom network infrastructure. We work to improve network security posture of some important Telecom operators.
Salvador Mendoza is a security researcher focusing in tokenization processes, payment systems and embedded prototypes. He has presented on tokenization flaws and payment methods at different conferences such as Black Hat USA, DEF CON, DerbyCon, Troopers, OWASP and many others. Salvador designed different tools to pentest mag-stripe and tokenization processes. In his designed toolset includes MagSpoofPI, JamSpay, TokenGet, SamyKam, BlueSpoof and lately NFCopy.
Boris Larin, Anton Ivanov
Dhiraj Mishra aka Phish
Jayesh Signh Chauhan
John Menerick aka Project Nexus
Matthew Daley aka Megabug
Nguyen Anh Quynh
Rosalia D’Alessandro, Hardik Mehta (@hardw00t), Loay Abdelrazek (@sigploit)