Aaron Kaplan

Aaron has been working at the national CERT of Austria between 2008 and 2020, he has a background in maths and computer science. Since 2020 he freelances mostly for EC-DIGIT-CSIRC, the IT security team of the European Commission. He is the co-founder of funkfeuer.at (community wifi mesh network), intelmq.org, a tool for automating the typical tasks of IT security teams. He believes in using automation, open source and machine learning for improving the lives of DFIR folks.

  • Using Apple Sysdiagnose for mobile forensics and integrity checks
  • Wintermute: an LLM pen-testing buddy
Adrien Barchapt-Perrot

Adrien BARCHAPT-PERROT is the RedTeam leader at DIATEAM. Working in the field of offensive cybersecurity for 10 years, he is particularly interested and involved in the development of customized implants and the bypassing of defense systems.

  • Customize Your Own Command & Control: Design and Code Your Own Implant in a Real Infrastructure
Alexandre De Oliveira

Passionate about Telecom Networks and their security, I explore since more than 10years critical infrastructures around the world. I work today at POST Luxembourg in the Cyberforce Labs & Innovation aiming to improve the global telecom threat intelligence community and creating security solutions for mobile operators.
I had the chance to talk and give trainings at Hack.lu, HITB, Troopers, CCC, GSMA FASG, ENISA Telecom Security Forum, BSIDES Luxembourg & ETIS, sharing core network and protocol vulnerabilities among the community.

  • Threat actors & surveillance companies targeting telecom operators
Alexandre Dulaunoy

Enjoy when humans are using machines in unexpected ways.
I break stuff and I do stuff.

  • GeoOpen and mmdb-server: A Comprehensive Open Source Solution for IP Address Geolocation
  • JTAN - data sharing network
Amine Besson

Amine is a private contractor focused on designing and engineering large scalable detection systems for his clients, with a track record of innovative solutions deployed in critical sectors and challenging environments.

  • TIDeMEC : A Detection Engineering platform homegrown at the European Commission
Andras Iklody
  • Cerebrate - learning to run
  • MISP updates
  • Liberate the CSAM hashsets!
Ange Albertini

Ange is mostly known for his weird files: extreme, ambiguous, polyglots, hash collisions...
Reverse engineer since the 80s, malware analyst professionally since 2005,
he is currently an infosec engineer in the Mandiant Flare team at Google.

  • Sbud: infovis in infosec
  • Do's and don'ts in file formats
Arnaud Girault
  • Internet exposure of satellite modems, and their vulnerabilities
Arwa Alomari

Arwa Alomari is an experienced cyber threat intelligence leader working for a leading
cybersecurity provider in Saudi Arabia. She leads the threat intelligence unit for her employer.

Arwa started her cybersecurity journey as a penetration tester before turning blue, working in a
SOC, and then moving on to performing IR. She now focuses on CTI and leads the delivery of
services for clients.

  • Turbocharging IOC validation: Become a more efficient CTI analyst
Barrault Victor

Working at the French Cybersecurity Agency (ANSSI) in the IOC management unit.

  • Ensuring IoC quality at CERT-FR
Carlos Rubio Ricote

Carlos Rubio Ricote is a malware researcher at Threatray, where he is mainly responsible for reverse engineering malware to automate the detection process of new threats. In addition to researching new applications for code reuse technology that can help in different areas such as threat hunting, incident response, tracking the evolution of malware families, among others. He previously worked on reverse-engineering malware at Blueliv, S21sec Counter Threat Intelligence Unit and in the Panda Security Adaptive Defense team. He has previously spoken at Botconf (2022, 2019), BSides Zürich 2022, Virus Bulletin localhost 2020, as well as many closed-door private conferences.

  • Using systematic code reuse analysis to create robust YARA rules
Christophe Brocas
  • Security engineer @ Assurance Maladie (French public HealthCare insurance) with a particular focus on R&D in the field of security and network protocols such as Certificate Transparency, ACME or DNS.
  • Co founder and organizer of Pass the SALT, a conference dedicated to Security & Free Software : https://www.pass-the-salt.org/
  • Contact & more: https://www.brocas.org/
  • ACME: benefits of deploying an Internet Security protocol inside your corporate network
Christophe Vandeplas

Christophe Vandeplas has multiple hats: a day job as incident responder at the NATO Cyber Security Centre, a side activity as Belgian Cyber Reservist and contributor to open source projects such as the MISP Threat Sharing Platform. His main contributions to the community were the creation of MISP, MISP-maltego, pystemon and the organisation of the FOSDEM conference for many years.
He also loves hiking, climbing on rocks and mountains, sailing the sea and enjoying the beauty of our nature.

  • Belgian Cyber Reserve Forces

Software developer, ethical hacker and cyber security enthusiast, mathematician. Contributor of the malpedia
project. Love my wife and kids.
Author of popular malware development MD MZ book: https://cocomelonc.github.io/book/2022/07/16/mybook.html
Founder of MSSP LAB - https://mssplab.github.io/
Author of Websec B.V. blog - https://websec.nl/blog
HVCK magazine contributor - https://hvck-magazine.github.io/
Mosse Cyber Security Institute lib contributor - https://library.mosse-institute.com

  • Malware AV evasion tricks. Cryptography in malware

Security researcher at CIRCL

  • Case Management
Daniel Kapellmann Zafra

Analysis Manager for Google Mandiant where he oversees the strategic coverage of cyber physical threat intelligence and information operations. He also coordinates the development of solutions to collect and analyze data. He is a frequent speaker on ICS/OT topics at international conferences and collaborates as international liaison for the ICS Joint Working Group Steering Team from CISA. As a former Fulbright scholar from Mexico, he holds a master’s degree from the University of Washington specialized in Information Security and Risk Management. In 2017, he was awarded first place at Kaspersky Academy Talent Lab's competition for designing an application to address security beyond anti-virus.

  • The Renaissance of Cyber Physical Offensive Capabilities

David Rufenacht is senior threat intelligence analyst at InfoGuard. Previously, David worked for the Swiss National Cyber Security Center providing threat assessments to critical infrastructure. He holds a master degree in international relations as well as in social anthropology.

  • CTI is dead, long live CTI!
David Durvaux

Incident responder for more than a decade, I'm now working for the European Commission since 2015. I'm currently in charge of the "Situational Awareness, Threat Intelligence and Malware Analysis" in the European Commission Internal CERT (EC Cybersecurity Operation Centre).

  • Using Apple Sysdiagnose for mobile forensics and integrity checks
Deleted User
  • Non-state actors’ cyber activity in Armed Conflict: impact, implications and remediation
Dennis Rand
  • Cratos - Use your bloody indicators
Didier Barzin

Hi there, I'm Didier, a technology and information security enthusiast. I started my career as an information security Ninja, defending information systems against cyber threats using my Jedi skills. However, I also have another side to me that comes out at night, that of a benevolent hacker. I love using my skills to support the values of open source and firmly believe in them.

  • Deming - ISMS Open Source
Didier Stevens

Didier is Senior Analyst, working for NVISO.

Next to his professional activities, Didier is also a Microsoft MVP (2011-2016 awarded MVP Consumer Security, 2016-2023 awarded MVP Windows Insider) and a SANS Internet Storm Center Senior Handler. 

He is an expert in malicious documents (PDF and Microsoft Office), pioneering research into maldocs?and authoring free, open-source analysis tools and private red team tools.

  • CyberChef: Enhancing Existing Operations and Adding New Operations
  • Analyzing Cobalt Strike Beacons, Servers and Traffic
Dimitrios Valsamaras

A cybersecurity professional with expertise in mobile, web, and network penetration testing. Dimitrios holds a degree in Computer Science, majoring in Cryptography and Security, and has worked with top companies like Microsoft and Google. He is frequent speaker at prominent security conferences such as BlackHat, Nullcon, Insomni'hack, and Troopers. He is passionate about reverse engineering and was a member of one of Greece's first reverse engineering research groups.

  • Permissionless Universal Overlays
Elena Rückheim

Elena Rückheim comes from the Geneva-based Centre for Humanitarian Dialogue (HD). As part of HD's cyber programme team, her work focuses on establishing confidence-building measures between adversaries in cyber space through dialogue and mediation. Before joining HD, Elena served as Deputy Head of Unit and Security Analyst at the National IT Situation Centre of the German Federal Office for Information Security (BSI). Prior to moving into operational IT security, she was mainly involved in the drafting of national cybersecurity policies and strategies. This was at the Federal Ministry of Defence, where she was also responsible for managing international bilateral partnerships in the field of cyber defense.

  • Non-state actors’ cyber activity in Armed Conflict: impact, implications and remediation
Eloïse Brocas

Eloïse Brocas is a security researcher and reverse engineer at Quarkslab. She is also organizing Pass the Salt a conference about open-source and security.

  • Pyrrha: navigate easily into your system binaries
Emanuel Seemann

My name is Emanuel Seemann and I have been working as a Data Scientist at Crowdsec since 2022.
I have a degree in pure mathematics from ETH Zürich and got into programming by writing minecraft mods as a kid. Since then I have been hacking away at various coding projects in a variety of different languages. When I'm not behind my computer you can sometimes find me on the lake in a sailing boat.

  • Detecting VPNs/proxies by analyzing their attack patterns over time
  • Reviving our oldest Tool - Using Bayesian inference to detect cyber attacks
Eric Leblond

Éric Leblond is the co-founder and chief technology officer (CTO) at Stamus Networks. He sits on the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is a respected expert and speaker on all things network security.

  • Suricata Language Server
  • Modern IOCs matching with Suricata
Finn Steglich

Finn Steglich works as penetration tester for 12 years now, currently with ETAS (Bosch Group) in Stuttgart, Germany for Bosch in-house projects. He is usually working on mobile apps, Windows privilege escalation, strange binary protocols and very old client applications in an attempt to decrypt company secrets. He did live hacking presentations on several not-so-technical events, held some corporate workshops about AD and Windows security and likes to do actual live demos a lot. When he started with reverse engineering, he really would have preferred to have attended a workshop like this but couldn't find any.

  • Three Ways to Reverse-Engineering Cryptographic Functions
FrederiqueD, Thales

Senior Security Engineer in SecOps and Incident Response (PSIRT) in Thales since several years with operational and practical knowledge in audit, vulnerability management , incident response, customer support, system integration.
Active contributor to standardization security working groups and information sharing communities

  • Almost 2 years after log4j .. if your PSIRT has survived, Are the Lessons learned or not learned on security incident & vulnerability management ?
Guillaume Prigent

Guillaume is a digital freethinker and an expert in cyber security. Co-founder of DIATEAM, Guillaume started out as an engineer in information systems security, and has been working in the digital security for 25 years now. He has developed many "proofs of concept" and some tools like netglub, ipmorph, hynesim and also gives talks and classes in many engineering schools (ENIB, ENSIETA, ESM Saint-Cyr, ...). Guillaume is the author of several papers on security, and is a frequent speaker and/or attendee at security and testing conferences such as SSTIC, HITB, HACK.LU, FRHACK, ...

  • Customize Your Own Command & Control: Design and Code Your Own Implant in a Real Infrastructure
Jacob Torrey

Jacob is the Head of Labs at Thinkst Applied Research. Prior to that he managed the HW/FW/VMM security team at AWS, and was a Program Manager at DARPA's Information Innovation Office (I2O). At DARPA he managed a cyber security R&D portfolio including the Configuration Security, Transparent Computing, and Cyber Fault-tolerant Attack Recovery programs. Starting his career at Assured Information Security, he led the Computer Architectures group performing bespoke research into low-level systems security and programming languages. Jacob has been a speaker and keynote speaker at conferences around the world, from BlackHat USA, to SysCan, to TROOPERS and many more. When not in front of the computer, he enjoys trail running, volunteering as a firefighter/EMT, and hiking with his family.

  • Avoiding the basilisk's fangs: State-of-the-art in AI LLM detection

Olivier JACQ is the Chief Technology Officer of the french non-profit organization France Cyber Maritime.
Former senior officer from the French Navy, he now contributes helping the civilian maritime sector to deal with cybersecurity issues on technical and organizational aspects.
He holds a PhD from IMT Atlantique, a cybersecurity expert title from the French national cybersecurity agency (ANSSI) and a post-master's degree in cybersecurity from Centrale/Supélec.

  • A deep dive into Maritime Cybersecurity.
  • Digital Tug of War: Unraveling the Cyber Battle Between Ukraine and Russia
Jarosław Jedynak
  • Build your own malware analysis pipeline using open source tools
JeongGak Lyu, @lazarusholic

He works at the Financial Security Institute in South Korea. FSI serves as an ISAC and CERT in the financial sector, offering a range of services to financial institutions. With over 20 years of experience, he has been involved in various tasks such as security operations, vulnerability assessments, and incident response.

  • He is everywhere: A tale of Lazarus and his family
Jeroen Pinoy

I am a computer scientist with a background in software testing (automation), incident handling and threat intelligence sharing.

  • Cloaking malicious web content delivery
  • Lessons learned from sharing intel about potential fraud / compromise
JJ Josing

JJ Josing is the Principal Threat Researcher at the Retail & Hospitality ISAC. Over the last 5 years in the retail space he has had a strong focus on automation and tool development with Python and using free and open source software to assist in his research. He likes to design networks, automate the tools and break all the things. Author of PyOTI - the python open threat intelligence library.

  • FOSStering an ISAC: Enabling a Community with Open-Source Tools
Joel Doenne

Joel Doenne is a Cyber Security Analyst at ATRUVIA AG with preferences for CTI, Reverse Engineering and Digital Forensics.

  • PXF-X - A modular python framework to hunt, extract and enrich Post-Exploitation Framework artifacts
Jonas Wagner

Jonas Wagner is the founder and CTO of Threatray and has built the technological foundation of its code search engine based on years of research and development. He holds a Masters Degree in Cybersecurity from the Bern University of Applied Sciences. He has previously spoken at botconf, FIRST CTI, BSides Zürich, DFRWS and many private events.

  • Using systematic code reuse analysis to create robust YARA rules
Lionne Stangier

Lionne has 7+ years of experience in the IT security sector. He has been working as an Incident Response Analyst for about 3 years and is a DFIRtrack contributor.

  • DFIRTrack - The Incident Response Tracking Application
Lukasz Olejnik

Dr Lukasz Olejnik is an independent cybersecurity and privacy researcher and consultant, and a fellow of Geneva Academy of International Humanitarian Law and Human Rights.

He holds a Computer Science PhD at INRIA (France). He worked at CERN (European Organisation for Nuclear Research), and was a research associate at University College London. He was associated with Princeton's Center for Information Technology Policy, with Oxford's Centre for Technology and Global Affairs. Former cyberwarfare advisor at the International Committee of the Red Cross in Geneva, where he worked on the humanitarian consequences of cyber attacks. He authored scientific articles, op-eds, and a book. Former member of the W3C Technical Architecture Group.

His comments appeared in places such as Financial Times, Washington Post, New York Times, Wall Street Journal, Sueddeutsche Zeitung, El Pais, or Le Monde. He authored scientific publications, and opinion articles in venues like Wired or Foreign Policy.

  • Introduction to cyberwarfare: theory and practice
Markus Vervier

During the last 18 years Markus collected professional experience in offensive IT security working as a security researcher, code auditor, and penetration tester. He likes to do review code, reverse engineer the unknown, and to discover vulnerability in applications on various platforms and architectures.
Some of his notable accomplishments include conducting security analysis and reverse engineering of embedded firmware for mobile devices, discovering vulnerabilities in the Signal Private Messenger in collaboration with JP Aumasson, and finding a remote vulnerability in libOTR.

  • Embedded Threats: A Deep Dive into the eSIM World
Mathias Stuhlmacher

Digital Forensics analyst for more than 9 years, Incident Response consultant for more than 7 years, Remediation avoider since forever, initial creator of DFIRTrack and Awesome Event IDs.

  • DFIRTrack - The Incident Response Tracking Application
Matthias Vallentin

Founder of Tenzir, building open source security data pipelines empowering threat hunters, detection engineers, and SOC analysts.

  • Velocity Raptor: Accelerating Velociraptor Hunting with Tenzir Pipelines
Matthieu Mazzolini

I am passionate about analyzing large datasets to solve complex problems. If data are unique, it’s an even higher source of motivation. I joined CrowdSec in September 2021 to make sense of the datalake and add machine learning to the solution.

My background is mostly applied mathematics and machine learning, which I gained studying in Paris-Dauphine University and Ecole Normale Supérieure de Cachan.
Prior CrowdSec, I experienced 4 years working in a Satellite images company as a Data Scientist, where I contributed to major research projects related to methane emissions mitigation.
Outside working hours you will most likely see me bouldering or hiking outdoor.

  • How Crowdsec is building a collaborative, trustable, and crowdsourced CTI to change the cybersecurity landscape
Mauro Vignati

In 2003 Mauro Vignati started working at the first unit of the Swiss Federal Police fighting cybercrime. Later on, he collaborated to the establishment of MELANI, Switzerland's first centre for public-private partnership on cybersecurity for critical infrastructure. Back in 2013, he set up and led the Cyber Threat Intelligence Division within the Department of Defence in Bern. In 2021, he was tasked to create the Vulnerability Management unit within the National Cyber Security Centre NCSC.ch, established to manage vulnerabilities, and lead several projects testing the security of the government infrastructure. He then joined the International Committee of the Red Cross one year later, as advisor on new digital technologies of warfare.

  • How Digital Technologies are Redefining Warfare and Why It Matters
  • Non-state actors’ cyber activity in Armed Conflict: impact, implications and remediation
Maxime Clementz

Maxime Clementz is a Senior Manager within the Cybersecurity Advisory team of PwC Luxembourg. He develops his ethical hacker skills by committing himself to various assignments for big companies, banks and European institutions. As a technical specialist, he leads penetration tests, red-teaming, digital forensics and incident response missions.
He contributes to the development of the team’s hacking capabilities by sharing the results of his technology watch and R&D and is now leading the CSIRT and Threat Intelligence initiatives of PwC Luxembourg. He especially enjoys sharing knowledge by presenting the results of each mission or by giving talks (Hack.lu 2012, 2015, 2017) and training courses. Maxime teaches IT security at a French engineering school and organizes a Capture the Flag event for the students.

  • Defeating VPN Always-On
Melanie Niethammer

Melanie is a cyber threat intelligence (CTI) analyst and responsible for the development of the CTI function at Bosch. Due to previous roles at the Bosch Group she has experience in Incident Response and Industrial Security Research. She holds a Master of Science degree in Computer and Information Science from the University of Konstanz.

  • How to operationalize CTI - A real world example
Michael Hamm

Michael Hamm, Operator and analyst at Computer Incident Response Center Luxembourg (CIRCL), c/o "Luxembourg House of Cybersecurity"

Michael Hamm has worked for more than 10 years as Ingenieur-Sécurité in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research center “CRP Henri Tudor” in Luxembourg. Since 2010, he has been working as an operator and analyst at CIRCL – Computer Incident Response Center Luxembourg where he is working on forensic examinations and incident response.

  • As We Are Many
Michał Praszmo

Security researcher at cert.pl

  • Build your own malware analysis pipeline using open source tools
Mohammed Benhelli

Intern at FuzzingLabs and student at 2600.

  • Cryptocurrency & Web3 OSINT Workshop
Ondra Rojcik

Ondra Rojcik is a Senior Cyber Threat Intelligence Analyst at Red Hat CTI team. He is providing intelligence analysis and strategic perspective to the Red Hat’s CTI program and its analytical production. Previously he worked for the Czech National Cyber and Information Security Agency (NUKIB) as a Deputy-Director of Department and Head of Strategic Analysis Unit which he co-founded.

  • Why does the CTI industry struggle with communicating uncertainties?
Ondrej Nekovar

Ondrej Nekovar (Th30ne) currently works as a CISO at some state company, where he and his team provides cyber security for the national data centre and eGovernment cloud (critical information infrastructure). His other role is Chief Deception Officer, where he is responsible for the strategic development of active measures elements and adversary engagement and its use. He also specializes in cybersecurity legislation and Active Cyber Defense (ACD) issues like its use by private organizations.

With his esteemed colleague and co-speaker Jan, They created a modernized Active Cyber Defense Gray Zone and its taxonomy, a few MISP addons for ACD, ACD loop, custom Alerting and Detection Strategy with ACD use and Adversary emulation Lab. They set up a DEF CON GROUP for the Czech Republic (DCG420) which organizes meetups of cyber and ACD enthusiasts, custom R&D (open methodologies, addons, tools) and trips with kids. They are a frequent speakers at conferences such as BlackHat, Qubit and others.

  • Digital Tug of War: Unraveling the Cyber Battle Between Ukraine and Russia
Patrice Auffret
  • Internet exposure of satellite modems, and their vulnerabilities
Patrick Ventuzelo

Patrick Ventuzelo is a senior security researcher, CEO & founder of Fuzzinglabs. After working for the French Ministry of Defense, he specialized in fuzzing, vulnerability research, and reverse engineering. Over the years, Patrick has created multiple fuzzers, found hundreds of bugs, and published various blog posts/videos/tools on topics like Rust, Go, Blockchain, WebAssembly, and Browser security. Patrick is a regular speaker and trainer at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, RingZer0, PoC, ToorCon, hack.lu, NorthSec, SSTIC, and others.

  • Cryptocurrency & Web3 OSINT Workshop
  • IPFS Unveiled: Exploring Data Collection, Analysis, and Security
Pauline Bourmeau

Cookie has spent a long-time fixing languages and bikes with very little money and great ingenuity, squatting university benches and corrupting teachers for beer. Working for the past four years as a Threat Analyst, she is also a trained linguist and former teacher who brings a unique perspective to her work by exploring and exploiting threats through criminology, social anthropology, philosophy, and psychology. She actively participates in the open-source community and promotes defensive security practices by training industry practitioners.

  • You can learn anything.
Paweł Pawliński

Building things at CERT.PL.

  • JTAN - data sharing network
Pedro Umbelino

Pedro is a security researcher and enthusiast for as long as he can remember. He started messing with computers on a Spectrum, watched the bulletin board systems being dropped for the Internet, and still roams around in IRC. Known by the handle [kripthor], he likes all kind of hacks, hardware and software. If it’s security related even better. Currently, he works at Bitsight as a Principal Security Researcher where he has the liberty to work on a wide range of security research topics.

  • SLP DoS Amplification - someone is having fun
Peter Manev

Peter Manev is the co-founder and chief strategy officer (CSO) of Stamus Networks and a member of the executive team at Open Information Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is also the lead developer of SELKS, the popular turnkey open-source implementation of Suricata. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.

Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead. He is currently a Suricata executive council member. Peter has 15 years of experience in the IT industry, including as an enterprise-level IT security practitioner.

SELKS maintainer - turn-key Suricata-based IDS/IPS/NSM. A frequent contributor to and user of innovative open source security software, Peter maintains several online repositories for Suricata-related information: https://github.com/pevma , https://github.com/orgs/StamusNetworks/repositories and https://twitter.com/pevma.

Peter Manev is a co-author of the The Security Analyst’s Guide to Suricata book written with Eric Leblond.

Additionally, Peter is one of the founders of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata. Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, DeepSec, Troopers, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others

  • Modern IOCs matching with Suricata
Philippe Ombredanne

I am a passionate FOSS hacker, lead maintainer of ScanCode, purlDB and VulnerableCode and on a mission to enable easier and safer to reuse FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery, license & security compliance at https://aboutcode.org

I am also a co-founder of SPDX and the creator of Package URL (purl) a de-facto standard to identify packages in SBOMs, SCA tools and vulnerability database used throughout the industry.

  • The composition analysis of binary Java, ELF, Go, and JavaScript apps
  • SBOMs: are they a threat or a menace?
  • Non vulnerable package dependency resolution
Pol Thill

Pol Thill lives for the hunt! Be it nation-state adversary or eCrime actor, he will explore any means to expose their operations and unmask the individuals hiding behind the digital veil. Drawing upon this expertise, Pol has held different Threat Intelligence positions as well as lead the Luxembourgish cybersecurity team. Cybercriminal investigations are what he thrives for.

  • Operation Duck Hunt - A peak behind the curtain of DuckTail

Paweł Srokosz is a security researcher and a malware analyst at CERT.PL, constantly digging for fire and doing reverse engineering of ransomware and botnet malware. Main developer of CERT.pl open-source projects for malware analysis automation: MWDB Core and Karton. Free-time spends on playing CTFs as a p4 team member.

  • Build your own malware analysis pipeline using open source tools
Quentin JEROME

Quentin has been working as an incident responder for several years before focusing on endpoint threat detection. He recently dedicated all his time developing several open-source projects. His main topics of interest are ranging from threat detection to bug hunting but what he likes the most is to develop tools and open-source them when he judges it is relevant enough to do so.

  • Kunai workshop: your new Threat Hunting tool for Linux
  • Kunai: your new Threat Hunting tool for Linux
  • Kunai: your new Threat Hunting tool for Linux
Raphaël Vinot

Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.

  • Managing spam, phishing and other boring tasks with your users and constituents
  • Managing spam, phishing and other boring tasks with your users and constituents
Rascagneres Paul

Paul Rascagneres is a principal threat researcher at Volexity. He performs investigations to identify new threats. He has presented his findings in several publications and at international security conferences. He has been involved in security research for 10 years, mainly focusing on malware analysis, malware hunting, and more specifically on advanced persistent threat (APT) campaigns and rootkit capabilities.

  • Ongoing EvilEye Campaigns Targeting CCP Adversaries
Rémi Matasse (@_remsio_)

Pentester @Synacktiv

  • PHP filter chains: How to use it
Remi Seguy

I work in cybersecurity for more than 15 years mainly in Blue teams but I am interested to foster purple teaming. I fully support Libre software and try to contribute to the open source community.

  • MISP42: connecting CTI and SOC teams
Rintaro Koike

Rintaro Koike is a security analyst at NTT Security Holdings. He is engaged in threat research and malware analysis. In addition, he is a founder of "nao_sec" and is in charge of threat research. He focuses on APT attacks targeting East Asia and web-based attacks. He has been a speaker at VB, SAS, AVAR, Black Hat USA Arsenal and others.

  • The rise of malicious MSIX file
Saâd Kadhi

Saâd has over 25 years of cybersecurity experience. An engineer by training, he started working in the fields of cyber threat intelligence, incident response and digital forensics more than a decade ago and never looked back.

Starting from 2008, he built and managed the Computer Security Incident Response Team (CSIRT) of a French multinational food products corporation covering more than 120.000 employees worldwide and worked at the CERT of one of the major banking groups to fight against cybercrime and respond to cyberattacks.

In 2013, Saâd joined Banque de France to create and develop their CERT, making it one of the most advanced central bank CSIRTs. In 2019, he became the Head of CERT-EU, the CERT for all the EU institutions, bodies, and agencies, a key cog of the EU’s cybersecurity landscape and one of the most mature CERTs in the EU.

During his long-standing cybersecurity career, Saâd dealt with several major incidents and large-scale cyber crises.

  • Supply chain resilience: challenges & solutions
Sami Mokaddem

Sami Mokaddem is a software developer who has been contributing to the open-source community since 2016 in the fields of information sharing and leak detection. He is working for CIRCL and is part of the MISP core team where he develops and maintains the software as well as its related tools.

  • Building Your Own Workflows in MISP: Tutorial and Hands-on
Saumil Shah

Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-Box, Deepsec, No Hat and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world, and taking pictures

  • An Introduction to ARM64 Assembly and Shellcode
Sébastien Larinier

A lecturer and researcher at ESIEA and an independent consultant in Threat Intelligence, he contributes to numerous open source projects such as MISP and Yeti. He is also the author of numerous articles, an international speaker and lecturer on malware analysis, digital forensics and Cyber Threat Intelligence at ESIEA, and co-author of the book "Cybersécurité et Malwares
Détection, analyse et Threat Intelligence (4e édition)".

  • Full Stack Forensics with FOSS
  • Yeti - old dog, new tricks
Shogo Hayashi

Shogo Hayashi is a security analyst at NTT Security Holdings. His main specialization is responding to EDR detections, creating IoCs, analyzing malware and research cyber threat. He is a cofounder of SOCYETI, an organization for sharing threat information and analysis technique to SOC analysts in Japan. He has spoken at JSAC, VB, SAS, CODE BLUE and has written several white papers and blogs.

  • The rise of malicious MSIX file
Stefan Hager

Stefan works for the Internet Security Team at German company DATEV eG. He started messing with computers in the 80s and turned it into a job as a programmer in the early 90s. Since 2000 he has been securing networks and computers for various enterprises in Germany and Scotland. His main focus nowadays is security research, raising security awareness, coming up with creative solutions to security problems and discussing new ideas concerning threat mitigation. When not trying to do any of the stuff mentioned above, he is either travelling, producing hacker music and other electronic beats or gardening.

  • Raiders of the Lost Arts
Stef van Dop

"Ooh what does this button do?"

Senior Ethical Hacker at the internal REDteam of KPN. One of the founders of Techinc (Amsterdam Hackerspace). I used to organise the hacker villages at HITB, and generally enjoy helping as orga or volunteering at hacker cons.

  • Building an evil phone charging station.
Stijn Tomme

Trying to combine fun and security

  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
  • Dismantle the bomb
Tanguy Laucournet

Tanguy is a security engineer currently working as a Blockchain/OSINT expert at FuzzingLabs. He has four years of hands-on experience in blockchain technology, gained through multiple projects at leading tech companies and French research institutions. In addition to his expertise in blockchain, Tanguy possesses a deep knowledge of OSINT. At FuzzingLabs, he focuses on developing tools to facilitate investigations, profiling, and de-anonymization related to blockchains. Tanguy is also exploring the use of new Web3 protocols such as IPFS, with the aim of deepening our understanding of these emerging technologies.

  • Cryptocurrency & Web3 OSINT Workshop
  • IPFS Unveiled: Exploring Data Collection, Analysis, and Security


  • Token Smart Contract Analyzer
  • Token Smart Contract Analyzer
Thomas Chopitea

Thomas has been a DFIR practitioner for 10+ years. He's currently a Security Engineer in the DFIR team at Google who loves running towards the proverbial cyber fires. He enjoys detective work and poking malware with a long stick, and has given talks about DFIR, malware analysis, and threat intelligence at many conferences throughout Europe and the US

  • Full Stack Forensics with FOSS
  • Yeti - old dog, new tricks
Thomas Patzke

Thomas has more than 15 years experience in various areas of information security. He started as consultant, then developed into offensive security and switched to defensive topics. Now he's incident responder, threat hunter and does some threat intelligence at the Evonik Cyber Defense Team.

Thomas doesn't holds a single infosec certification, so no list of three-to-four-upper-cased-letter-combinations here. Instead he focuses on building open source security tools and is one of the co-founders and a core maintainer of the Sigma project.

  • Sigma Project News
  • The new Sigma Toolchain
Tomás Philippart

MSc Security and Network Engineering, University of Amsterdam

  • Building an evil phone charging station.
Vincent Hinderer

CTI team manager at CERT Orange Cyberdefense
Previously at CERT Lexsi, acquired by Orange

  • Cobalt Striked?
Vladimir Kropotov

Vladimir Kropotov is a researcher with the Trend Micro Forward-Looking Threat Research team. Active for over 20 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team at Positive Technologies. He holds a master's degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations.

  • Your unknown Twins: Identity in the era of Deepfakes, AI and mass Biometrics exposure
  • Do we consider this as a risks already
William Robinet

William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working with free and opensource software on a daily basis for more than 25 years. Recently, he presented his ASN.1 templating tool at Pass The SALT 2023 in Lille. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoy tinkering with open and, not so open, hardware.

  • DER Editing, Easy-Peasy with asn1template
Xavier Mertens

Xavier Mertens is a freelance security consultant. His day job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualisation, and OSINT). Besides his day job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610/FOR710), security blogger and co-organiser of the BruCON security conference.

  • Are Leaked Credentials Dumps Used by Attackers?
Xeno Kovah

Prior to working full time on OpenSecurityTraining2 (ost2.fyi), Xeno worked at Apple designing architectural support for firmware security; and code auditing firmware security implementations. A lot of what he did revolved around adding secure boot support to the main and peripheral processors (e.g. the Broadcom Bluetooth chip.) He led the efforts to bring secure boot to Macs, first with T2-based Macs, and then with the massive architectural change of Apple Silicon Macs. Once the M1 Macs shipped, he left Apple to pursue the project he felt would be most impactful: creating free deep-technical online training material and growing the newly created OpenSecurityTraining 501(c)(3) nonprofit.

  • Open Wounds: The last 5 years have left Bluetooth to bleed