SPEAKERS



Anshuman Bhartiya

Anshuman Bhartiya has been in the IT industry for about 11 years now and has had the opportunity to wear multiple hats. Anshuman has been a web developer, cloud consultant, systems engineer and security engineer to name a few. Anshuman has a varied skillset and he likes to tinker with the latest technology coming up with innovative solutions for difficult and challenging problems. Security, Automation and Innovation are some things he is really passionate about and he firmly believes in sharing knowledge and the Open Source community. You can find some of Anshuman's work at his Github here - https://github.com/anshumanbh where he has open sourced tools such as “git-all-secrets”, “brutesubs”, “kubebot”, “tkosubs”, etc. Anshuman has also participated and submitted vulnerabilities to some of the top bug bounty platforms like Bugcrowd, HackerOne and Synack.

Aseem Jakhar

Aseem Jakhar is the Director, research at Payatu payatu.com a boutique security testing company specializing in IoT, embedded, mobile and cloud security assessments. He is well known in the hacking and security community as the founder of null – The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, BruCON, Defcon, Hack In The Box, Hack.lu, Hack in Paris, PHDays and many more. He is the author of various open source security tools including:

- ExplIoT – An open source Internet Of Things Security Testing and Exploitation framework – https://bitbucket.org/aseemjakhar/expliot_framework

- Linux thread injection kit – Jugaad (https://bitbucket.org/aseemjakhar/jugaad) and Indroid (https://bitbucket.org/aseemjakhar/indroid) which demonstrate a stealthy in- memory malware infection technique.

- DIVA (Damn Insecure and Vulnerable App) for Android which gamifies Android App vulnerabilities and is used for learning Android Security issues. https://github.com/payatu/diva-android

- Dexfuzzer – Dex file format Fuzzer. https://bitbucket.org/aseemjakhar/dexfuzzer/src

Boris Larin, Anton Ivanov

Boris Larin is a malware analyst focused on exploits detection and vulnerability research. In his free time he likes to examine the security of embedded devices.

Anton Ivanov leads the behavior detection team at Kaspersky Lab. Anton has discovered several zero day vulnerabilities in Adobe Flash Player, Microsoft Windows kernel and Silverlight.

Christopher Elisan

Christopher Elisan is a seasoned reverse engineer and malware researcher. He is currently the Principal Malware Scientist at RSA. He has a long history of digital threat and malware expertise, reversing, research and product development. He started his career at Trend Micro as one of the pioneers of TrendLabs. This is where he honed his skills in malware reversing. After Trend Micro, he built and established F-Secure's Asia R&D where he spearheaded multiple projects that include vulnerability discovery, web security, and mobile security. After F-Secure, he joined Damballa as their resident malware subject matter expert and reverse engineer. Aside from speaking at various conferences around the world, he frequently provides expert opinion about malware, botnets and advance persistent threats for leading industry and mainstream publications. Christopher Elisan is also a published author. He authored "Advanced Malware Analysis" and "Malware, Rootkits and Botnets." He co-authored "Hacking Exposed: Malware and Rootkits." All books are published by McGraw-Hill.

Craig Smith

Craig Smith is the Director of Transportation Security and Research at Rapid7, a cybersecurity analytics and automation company. He is also the founder of Open Garages, a distributed collective of performance tuners, mechanics, security researchers and artists. Craig authored the "Car Hacker's Handbook", the de facto guide to automotive security. At Rapid7, Craig runs the Transportation Practice, which specializes in providing strategic consultancy and deep technical expertise to the transport industries. His work includes extensive testing for innovative new technologies being developed in the automotive industry. Craig has developed many free and open source tools to help teach others about vehicle security. Craig has worked in security for over 20 years, with a focus on automotive and other types of transport for the last 7 years.

Dhiraj Mishra

A security researcher, an active speaker and a bug hunter, discovered multiple zero days in modern web browsers, Metasploit Contributor and have also been nominated for WASPY Award– 2016-17.

Ed Williams

Edward Williams is a seasoned cyber security specialist with 10 years directly focused on penetration testing and consultancy for Government and private sector organisations.

He heads up penetration testing within Trustwave’s elite team of forensic investigators, researchers and ethical hackers, Spiderlabs, as Director for EMEA.

Holding an MSc degree in Information Security and Computer Crime Edward previously worked as a Principal Security Consultant specializing in Internal Infrastructure, Security Architecture and Red Teaming where he conducted many STAR and CBEST engagements. Edward was also responsible for the creation and maintenance of many internal methodologies, standards and practices.

Much of Edward’s work concentrated on securing critical national infrastructures. Edward holds many industry certifications including CREST CCSAS and is now a CREST assessor where he creates and proctors exams within the U.K.

Edward has authored many tools and blogs, and was TSC (Technical Security Consultancy) consultant of the year 17/18 for the largest non-government penetration testing team in the world.

Jayesh Signh Chauhan, Shivankar

Jayesh Singh Chauhan is a security professional with more than 6 years of experience in the security space. In past, he has been part of security teams of PayPal, PwC and currently works as the senior security engineer for Sprinklr. He has authored CS-Suite, OWASP Skanda, RFID_Cloner and CSRF PoC generator and has presented in BlackHat Asia 2018, BlackHat EU 2017, c0c0n 2017, 2015, 2013, GES 2014 and Ground Zero 2015. He is the project leader for OWASP Skanda and leads the NULL Bangalore chapter.

Shivankar works as a security engineer for Sprinklr and has more than 2 years of experience in Devops as well. His expertise varies from web, mobile to infra-structure pen-testing. He is a core contributor for CS-Suite and has spoken at c0c0n 2017,Blackhat Europe 2017,Blackhat Asia 2018, BlackHat USA 2018. He is also an active member of null community.

Jordan Santarsieri

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat DC, Insomnihack, Hacker Halted, OWASP US, 8dot8 and Ekoparty.

Michel Chamberland

Michel Chamberland is the North America Practice Lead at Trustwave. He is a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, and application security. He has over 20 years of experience in information technology, helping businesses protect themselves from cyber threats. Prior to Trustwave, he led various security focused roles serving in the financial sector as well as small businesses. Michel grew up in Sherbrooke, Quebec and currently lives in Sarasota, Florida with his three daughters. Michel plays a leadership role in his local OWASP chapter (Suncoast) and is a member of the FBI InfraGard and ISACA organizations. Michel holds a Bachelor of Science in Computer Science as well as a Master's of Science in Information Security Assurance from Western Governors University. Over the years, Michel has collected several industry certifications such as CISSP, OSCE, OSCP, OSWP. CEH, CHFI, CCSK, MCP, GIAC G2700, MCTS, Security+, MCP, CCNA, CCNA Security and many others.

Patrick Wardle

Patrick Wardle is the Chief Research Officer at Digita Security and Founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Wardle is passionate about all things related to macOS security and thus spends his days finding Apple 0-days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Rosalia D’Alessandro, Hardik Mehta (@hardw00t), Loay Abdelrazek (@sigploit)

We are Telecom security researchers and active contributors/ developers of Sigploit - A Telecom Signaling Exploitation Framework. We work towards identifying various vulnerabilities (including zero days) in telecom network infrastructure. We work to improve network security posture of some important Telecom operators.

Vladimir Katalov

Vladimir Katalov is CEO, co-owner and co-founder of ElcomSoft Co.Ltd. Born in 1969 and grew up in Moscow, Russia. He studied Applied Mathematics in Moscow Engineering-Physics Institute (State University); from 1987 to 1989, was sergeant in the Soviet Army. Vladimir works in ElcomSoft from the very beginning (1990); in 1997, he created the first program the password recovery software line has started from: Advanced ZIP Password Recovery. Now he coordinates the software development process inside the company and develops strategic plans for future versions.

Vladimir manages all technical researches and product developments in the company. He regularly presents on various events and also regularly runs it security and computer forensics trainings both for foreign and inner (Russian) computer investigative committees and other organizations.

Speakers Index

Anshuman Bhartiya

Aseem Jakhar

Boris Larin, Anton Ivanov

Christopher Elisan

Craig Smith

Dhiraj Mishra

Ed Williams

Jayesh Signh Chauhan, Shivankar

Jordan Santarsieri

Michel Chamberland

Patrick Wardle

Rosalia D’Alessandro, Hardik Mehta (@hardw00t), Loay Abdelrazek (@sigploit)

Vladimir Katalov