Aaron likes to be at the forefront of tech developments because he feels it's important to understand trends and tech on a deep level in order to anticipate changes and form and guide them into a positive direction which serves humanity. Less dystopia, more positive utopia, please.
In a past life, he was working at the national CERT of Austria, CERT.at. He was doing mesh networks, and medical AI.
- NeuroCTI - a custom LLM for CTI - benchmarking, successes, failures and lessons learned (updates)
Adel Karimi is a senior security engineer, detection at Niantic. Before joining Niantic, he served as a lead security engineer at Google and Salesforce, specializing in detecting and responding to "badness." Beyond his day job, Adel, a longtime member of the Honeynet Project, dedicates his expertise to developing open-source projects such as Galah, reflecting his keen interests in honeypots, network fingerprinting, and the broader spectrum of threat detection.
- Decoding Galah: an LLM powered web honeypot
Aleksandr Pilgun is an independent Computer Scientist specialising on Android apps reverse engineering.
Initially, Aleksandr has got Cyber Security education. He had an intense Software Engineering experience building enterprise level web solutions before moving to Luxembourg for PhD studies.
In 2020, Aleksandr defended his doctoral thesis at the University of Luxembourg. During this research, he developed ACVTool, - an efficient instruction coverage measurement tool, and the coverage-backed shrinking technique for Android apps. He repackaged and run tons of Android apps and performed an extensive analysis for the instrumentation technique from size, performance and automated testing perspective. Aleksandr continues development of ACVTool searching to emerge his academic project closer to industry needs.
In recent years, Aleksandr was focusing on examining Android apps including technical analysis of fraudulent applications and reverse engineering. He assisted a few FinTech startups to improve their service interoperability through reverse engineering. Last year, Aleksandr moved to Portugal to enjoy sunny days and ocean views around Lisbon.
- Reverse engineering Android apps with ACVTool
Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff.
- Empowering Cybersecurity Outreach and Learning through Collaborative Challenge Building, Sharing, and Execution
I am a contractor dedicated to developing advanced Detection and Response Systems, Detection Engineering, Threat Intelligence and Hunting, SIEM/SOAR/EDR/CDR/XDR Systems Engineering and generally everything SOC Automation related. Currently maintaining the OpenTIDE project which condenses years of lessons learned on the floor of SOCs (Internal and Managed) into a streamlined Detection Engineering ecosystem for technical teams. My latest interest lie in the junction between Detection and Response Engineering, especially developing large scale signal and entity aggregation systems.
- Unleashing the power of purple teaming with OpenTIDE
A reverse engineer since the 80s who started his Infosec career as a malware analyst decades ago.
His wide knowledge of file formats is available in his hundreds of Corkami posters and visualisations, and is essential for projects like Magika, the AI-powered file type detection at Google.
His passion for retrocomputing and funky files makes him explore the darkest corners of the files' landscape:
bypassing security with ancient techniques, analyzing parsers and breaking them with extreme files, writing tools to evade detections via mock files or polyglots such as PoC||GTFO, exploiting AES-GCM via crypto-polyglots or colliding SHA1 via Shattered.
- Understanding file type identifiers & scanners
Ankshita is currently working as a security engineer and has previously worked as a cybersecurity consultant in the paradise island of Mauritius, helping the biggest firms around the world implement strategic cybersecurity best practices and comply with the required standards. Before joining consultancy, she has worked in cybersecurity for approximately two years as a SOC analyst.
Ankshita has presented her cyber blue teaming skills at Apres Trainings in Park City, Utah and at Developer and Google Devfest Mauritius. She recently also spoke about redefining DevSecOps at the Apres Cyber Trainings and at the Devcon24 Mauritius.
Coming from a diverse background in Information Technology, Ankshita is familiar with development and programming in Java, Python, Javascript and Solidity.
During university years, Ankshita has also represented the Google Developers Student Clubs on her campus at the University of Mauritius and was Huawei Campus Ambassador.
- Dissecting the Threat: A Practical Approach to Reverse Engineering Malicious Code
Aurimas Rudinskis is an Engineering Manager who leads the Vinted Cyber Defence team. He focuses on Threat Intelligence, security operations, and detection engineering that can automate and scale detection capabilities. Aurimas specializes in advanced threat-hunting techniques and human-driven cyber operations.
He firmly believes that cyber security is a community, and we can only succeed by helping and learning from one another.
- Scam as a Service powered by Telegram
- Reversing Flutter with Blutter and Radare2
Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience, he is focusing his time mainly on research in various fields including red teaming, reverse engineering, embedded devices, firmware emulation and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology, he starts the second shift right after work to do some research to find new vulnerabilities.
- Defeating Encryption By Using Unicorn Engine
Benjamin works as a Senior Open Source Developer at Corelight where he spends most of his time maintaining and evolving Spicy and its integration into the Zeek ecosystem. He previously worked on containerization and workload orchestration with Apache Mesos, and distributed columnar data stores. He holds a PhD in Physics from Stony Brook University.
- Spicy — Generating Robust Parsers for Protocols & File Formats
Christian is the technical lead of the Zeek project, and an engineer at Corelight. He previously spent 5 years heading the networking group at Lastline, and prior to that spent 5 years as a research scientist at the International Computer Science Institute in Berkeley. He has served on the advisory board of the Open Information Security Foundation, and holds a PhD from the University of Cambridge's Systems Research Group. He still rides skateboards, which recently earned him a busted rotator cuff.
- New features in the Zeek Network Monitor
Beyond his role as a cybersecurity consultant, Christophe actively serves as a Belgian Cyber Reservist and contributes significantly to open-source projects. He is the founder of the MISP Threat Sharing Platform. His contributions to the community also include the creation of MISP-maltego and pystemon, the development of the sysdiagnose framework, as well as his previous involvement in organizing the FOSDEM conference.
When not immersed in the world of cybersecurity, Christophe enjoys outdoor pursuits such as hiking, climbing, mountaineering, and sailing, finding solace in the beauty of nature.
- iOS Compromise Detection using open source tools
Claire Vacherot is a pentester and researcher at Orange Cyberdefense France. She likes to test systems and devices that interact with the real world and her activity consists in switching between penetration testing industrial systems and playing with industrial network protocols. Sometimes, she also speaks about all of this at conferences such as GreHack, Defcon or Pass the Salt. As a former software developer, she never misses a chance to write scripts and tools.
- Trying Gateway Bugs: Breaking industrial protocol translation devices before the research begins
Cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development book (2022)
MALWILD: Malware in the Wild book (2023)
Author and tech reviewer at Packt
Author of Malware Development for Ethical Hackers book by Packt (2024)
Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, DEFCON, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences
- Malware Development and Persistence
- Malware and Hunting for Persistence: How Adversaries Exploit Your Windows?
David Durvaux is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. Since 2015 he is actively preparing the FIRST CTF. David presented in numerous conferences including hack.lu.
- Empowering Cybersecurity Outreach and Learning through Collaborative Challenge Building, Sharing, and Execution
- iOS Compromise Detection using open source tools
- Making IOT great again
David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture design, incident response, digital forensics, and software development. David has two master's degrees, one in computer engineering and one in networks and telecommunication, and he has a bachelor's degree in electrical engineering. He holds several IT security certifications, such as GSE, GSEC, GCFE, GCED, GCIA, GCIH, GCFR, GMON, GCTD, GCDA, GPEN, GNFA, GPYC, GMOB, GMLE, GAWN, CCSK, OSCP, OSWP, CAWASP, CRTP, BTL1, and CEH.
He is also a certified instructor at SANS Institute, teaching FOR572: Advanced Network Forensics and FOR509: Enterprise Cloud Forensics and Incident Response, and he is the lead author of SANS DFIR NetWars. David regularly speaks at international conferences like BruCON, Hack.lu, Hacktivity, x33fcon, Nuit du Hack, BSides London, BSides Munich, BSides Stuttgart, BSidesLjubljana, BSidesBUD, BSides Luxembourg, Pass the SALT, Black Alps, Security Session, Future Soldier, SANS @Night Talks, Meetups, and he is a former member of the organizer team of the Security BSides Luxembourg conference.
- Zeek and Destroy with Python and Machine Learning Workshop (Part 1/2)
- Zeek and Destroy with Python and Machine Learning Workshop (Part 2/2)
Hi there, I'm Didier, a technology and information security enthusiast. I started my career as an information security Ninja, defending information systems against cyber threats using my Jedi skills. However, I also have another side to me that comes out at night, that of a benevolent hacker. I love using my skills to support the values of open source and firmly believe in them.
I believe that technology can be used to improve people's lives, but this can only be done if we work together and share our knowledge. That's why I'm also a strong advocate of collaboration and openness in the tech industry.
May the source code be with you!
- Mercator - Mapping the information system
Didier Stevens (SANS ISC Handler, ...) is a Senior Analyst working at NVISO. Didier has developed and published more than 100 tools, several of them popular in the security community.You can find his open source security tools on his IT security related blog http://blog.DidierStevens.com
- CSIRT and the Chocolate Factory
- XOR Cryptanalysis
Dimitrios is a cybersecurity professional specializing in mobile, web, and network penetration testing. He holds a degree in Computer Science with a focus on Cryptography and Security and has collaborated with top companies such as Microsoft and Google. A frequent speaker at prominent security conferences, he is passionate about reverse engineering and was a member of one of Greece's pioneering reverse engineering research groups.
- Keys to the City: The Dark Trade-Off Between Revenue and Privacy in Monetizing SDKs
Efstratios Chatzoglou received the M.Sc. degree in Security of Information and Communication Systems from the University of the Aegean, Samos, Greece. He has worked for more than 3 years in the field of cybersecurity. Currently, he is a Penetration Tester with Memorandum, and a PhD candidate at the University of the Aegean. He has identified more than 25 different CVE IDs from well-known vendors, like ASUS, MediaTek, Netgear, Huawei, LiteSpeed, etc. The most recent one is the CVE-2023-23349 from Kaspersky. He has published more than 15 research papers in well-known conferences and academic journals.
- I Need Access: Exploit Password Management Software To Obtain Credential From Memory
Eloïse Brocas is a security researcher and reverse engineer at Quarkslab She has a strong interest in creating tooling that support security analysts in their day-to-day tasks, some of these tools have been open-sourced like Pyrrha.
- Exploring Firmwares: Tools and Techniques for (New) Cartographers
Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers. Eric is a well-respected expert and speaker on network security.
- From protocol analysis to actionable algorithmic and signature detection with Suricata
Estelle is a Threat Intelligence Researcher at Flare. Having recently completed a master at University of Montreal, she is a criminology student who lost her way into cybercrime. Now she is playing with lines of codes to help computers make sense of the cyber threat landscape.
- The Ouroboros of Cybercrime: Witnessing Threat Actors go from Pwn to Pwn'd
Eva Szilagyi is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. She has more than ten years of professional experience in various areas like penetration testing, security source code review, vulnerability management, digital forensics, IT auditing, telecommunication networks, and security research. Eva has two master's degrees in electrical engineering and in networks and telecommunication. She holds several IT security certifications, such as GSEC, GICSP, GCFE, GCIH, GCFA, GMON, GRID, GSSP-JAVA, GWAPT, GDSA, GCDA, GMOB, GMLE, CDP, CCSK, eCIR, eWPT, and eJPT.
Eva regularly speaks at international conferences like BruCON, Hack.lu, Nuit du Hack, Hacktivity, Black Alps, BlackHoodie, BSides London, BSides Munich, BSidesBUD, BSides Stuttgart, Pass the SALT, Security Session, SANS @Night Talks, and she is a former member of the organizer team of the Security BSides Luxembourg conference.
- Zeek and Destroy with Python and Machine Learning Workshop (Part 1/2)
- Zeek and Destroy with Python and Machine Learning Workshop (Part 2/2)
George Glass is an associate managing director and EMEA lead in the Kroll Cyber Threat Intelligence team, based in London. George has more than eight years’ experience in building, deploying and operationalizing on-premise and cloud-based technologies and has a proven track record for optimizing and automating operations to reduce detection and response times.
He delivers analysis on vulnerabilities, malware and threat actors to hundreds of clients, including FTSE 50 companies, ensuring detection of the latest threats across multiple security information and event management (SEIM) and endpoint detection and response (EDR) solutions.
- TODDLERSHARK: Kimsuky's Hastily Built Variant of BABYSHARK Deployed Using an 1-Day Exploit
Golo is a malware reverse engineer and threat researcher with IBM X-Force, where he spends his time digging into the dark arts of cybercrime. With a passion for tracking threats he's developed expertise in analyzing and reporting on a wide variety of maliciousness, ranging from banking trojans and botnets to high-profile ransomware and nation state actors. He is dedicated to sharing his research to help others stay ahead of emerging threats.
- APT28: Following bear tracks back to the cave
Hilko works in the CSIRT for a transportation and logistics company. He feels most comfortable when thinking about problems that touch systems programming, operations and IT security. For more than 25 years, he has learned to take free and open source software for granted, and he is still amazed when he hears how others have found his contributions useful.
- Detection And Response for Linux without EDR
The team leader of EQST Lab in SK Shieldus,
Executive Manager of the Ransomware Response Center (KARA-Korean Anti Ransomware Alliance)
- Researching on new vulnerabilities and Identifying of Cybersecurity Trends
- Managing Cybersecurity Consulting Projects
- Delivered Various presentations on attack threats and ransomware trends
- https://x.com/EQSTLab
- https://www.skshieldus.com/eng/business/insight.do
- Chrome V8 exploitation training for beginners
Hugo Bertin is a Visiting Student in the SeRBER research group at KAUST, Saudi Arabia. He got his master degree in CS from the University of Rennes, France. During this degree he realised different internships at the IRISA research lab, in France, where he could work on isolation units in the cloud under the supervision of Prof. David Bromberg and Ass. Prof. Djob Mvondo. He also studied software engineering and cyber-security as an exchange student at Newcastle University, UK.
He is interested in the network and system aspects inherent to distributed systems, which often involve a trade-off between security and performance. He is currently working on EGaming Security under the supervision of Prof. Marc Dacier and Prof. David Bromberg. The research project aims to investigate the security aspects leveraged by the gaming industry, which has experienced unprecedented growth and is expected to continue to shape tomorrow's virtual worlds. This comes with new challenges to enhance security, mainly to prevent cheating. From a technical point of view, Hugo is investigating synchronization and security mechanisms in game engines such as Unreal Engine.
- Disconnecting games with a single packet: an Unreal untold story
Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 and Reverse Engineering at the age of 14. He spent most of his career in the Internet and Data Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an early age.
Inbar specializes in an outside-the-box approach to analyzing security and finding vulnerabilities, using his extensive experience of close to 30 years. Nowadays, Inbar is the VP of Research at Zenity, the leading platform for securing and monitoring Low-Code/No-Code development.
- The good, the bad, and the ugly: Microsoft Copilot
Jacob is the Head of Labs at Thinkst Applied Research. Prior to that he managed the HW/FW/VMM security team at AWS, and was a Program Manager at DARPA's Information Innovation Office (I2O). At DARPA he managed a cyber security R&D portfolio including the Configuration Security, Transparent Computing, and Cyber Fault-tolerant Attack Recovery programs. Starting his career at Assured Information Security, he led the Computer Architectures group performing bespoke research into low-level systems security and programming languages. Jacob has been a speaker and keynote at conferences around the world, from BlackHat USA, to SysCan, to TROOPERS and many more.
- From 0 to millions: Protecting against AitM phishing at scale
James worked in systems and networks for a decade before finally succumbing to the destiny of nominative determinism. After briefly flirting with pentesting he got a job as a security architect in the financial sector. He then became Head of the CERT team for a number of years but his hair had already fallen out at that point. He joined ONYPHE in 2023 as Deputy CTO and now dreams in Perl.
- The XE Files - Trust No Router
James Garratt is a Senior Security Consultant at Cosive, with over 20 years of experience spanning IT operations, software engineering, and security. Based in Melbourne, Australia, he specializes in cloud engineering and security, providing expert consulting to enhance organizations' infrastructure. Prior to joining Cosive, James held technical leadership roles at Connexity, Inc. and Experian, where he led engineering teams in deploying scalable, cloud-native solutions. His broad expertise across IT operations, systems administration, software development, and security makes him a versatile professional in the evolving field of cybersecurity.
- MISP Kickstart
I am a computer scientist with a background in software testing (automation), incident handling and threat intelligence sharing.
- Nothing to see here! On the awareness of and preparedness and defenses against cloaking malicious web content delivery
Jindřich is a Senior Cyber Threat Researcher. His research work focuses on the domains of cognitive warfare, cyber espionage, and cyber threat intelligence. You might also recognise him as the security data scientist known as 4n6strider.
- The Web of cognitive warfare
About Author
Joon Kim is the founder and CEO of Naru Security Inc. He is also an adjunct professor at SungKyunKwan University, teaching network security. He graduated from the University of Alberta in Canada, majoring in Computer Engineering. Joon Kim started his career at the Korea Internet and Security Agency as a Security Incident Responder at the national CERT/CC. Additionally, he has been a national joint incident response team member and has served as a cyber security advisor for the Korea Cyber Command and the National Police Agency. Joon Kim's contributions to the cyber security industry and governments have been recognized with several awards, including the 2008 FIRST Best Practice award, the 2018 Cyber Safety Award from the National Police Agency, the 2019 Ministry of Commerce Industry and Energy Minister's Commendation, and the 2019 and 2022 Army Chief of Staff Award.
- Open source Intelligence and Command line based BGP Hijacking Detection
Julien Terriac a French senior security researcher with a strong background of pentesting with a special taste for Windows authentication, Active Directory inner working and reverse engineering. He developed several offensive tools to automate such as ProtonPack (custom mimikatz), Lycos (share hunter), ExploitPack (privilege escalation framework), IAMBuster (AD auditing framework).
He led the R&D department at XMCO for 5 years before joining Datadog as the Team Lead for Adversary Simulation Engineering (ASE) where his team aims at building offensive tools and frameworks that will automate the simulation of real life attacks against Datadog.
- Hands-on Kubernetes security with KubeHound (purple teaming)
- KubeHound: Identifying attack paths in Kubernetes clusters at scale with no hustle
- Hands-on Kubernetes security with KubeHound (purple teaming)
Senior Threat Analysis Specialist at CERT PL, currently working on automated vulnerability discovery techniques. Before becoming a security specialist, he's been a software engineer for more than ten years. Teaches offensive security at the University of Warsaw. Formerly a CTF player, playing with the p4 CTF team. Likes cats and bad puns.
- Scanning with the Artemis security scanner
- Artemis: how CERT PL improves the security of the Polish internet
I am a passionate cybersecurity researcher who has spent the last 18 years learning and sharing as much as possible about this fascinating field.
During these years, I have been fortunate enough to work on multiple aspects of the cybersecurity world, including digital forensics, incident response, cryptography, penetration testing, reverse engineering, research and development, and threat intelligence.
- Cryptography: from zero to dont-shoot-yourself-in-the-foot
Lukas V. Dagilis is a professionally trained artist, turned Cyber Security expert. At NRD Cyber Security, he works as a Technical Product Manager at the CyberSOC department - the largest MSSP in Lithuania. His job functions include continuous process improvement, data engineering and analysis, JIRA owner, EU-funded CTI project manager, CTI program lead, and more.
- You just got a CTI program funded - now what?
Marc spent his career in the R&D for telecommunication and space systems (mobile networks, optical communications, xDSL...) while working for major companies such as Alcatel and Philips. He held different R&D management positions and retired as CTO of Thales-Alenia Space Belgium. Since them, he is very busy as a volunteer but keeps some free time to tinker with sensors, signal processing and IoT. He is also an expert for EU's European Innovation Council. Marc is graduated in physics from UCLouvain and holds a PhD in electronics and telecommunication from INP Grenoble. He is author or co-author of several patents.
- Making IOT great again
Mathieu is a member of CERT-EU's Digital Forensics and Incident Response team. He has two hats: respond to security incidents, including significant ones, and engineer CERT-EU's detection strategy. He was a speaker at the 36th Annual FIRST Conference.
- Sigma Unleashed: A Realistic Implementation
Michael Bargury is a hacker, builder and a cybersecurity educator. He is the co-founder and CTO of Zenity, the first application security company enabling enterprises to empower business users without paying for it in security incidents. He leads the OWASP LCNC Top 10, has a column on DarkReading, and delivers research, tools and talks regularly at top conferences including BlackHat, DEFCON and RSAC.
- The good, the bad, and the ugly: Microsoft Copilot
Miguel Hernández, Sr. Threat Research Engineer at Sysdig, is a lifelong learner with a passion for innovation. Over the past decade, Miguel has honed his expertise in security research, leaving his mark at prominent tech companies and fostering a spirit of collaboration through personal open-source initiatives. Miguel has been a featured speaker at cybersecurity conferences such as HITB, HIP, CCN-CERT, RootedCon, TheStandoff, Bsides Barcelona, and Codemotion, among others.
- Insights from Modern Botnets
Mike is a Vice President at a cyber risk practice situated in London. Mike has extensive experience in applied threat intelligence, as well as intelligence-based threat hunting and the development, delivery, and operation of on-premises and cloud solutions.
- Revolutionizing IoC Sharing: MISP, ZMQ and the Power of Smart Workflows & Taxonomies
Paul Gerste (@pspaul95, @pspaul@infosec.exchange) is a vulnerability researcher on Sonar's R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
- SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
Pauline is the founder of Cubessa. Her focus gravitates towards offensive cybersecurity, artificial intelligence, and programming culture. She has a background with experience in various fields including linguistics, criminology, cybersecurity, computer engineering, and education. By blending together approaches from humanities and deep technical insight, she provides a unique lens on cyber threats and their evolution. She provides these days AI developments and trainings, to make AI accessible to all. She is the founder of the Defcon group Paris and a French vice-champion para-climber.
- NLP deep-dive: Transformers for Text Mining and Text Generation in Cybersecurity
Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.
His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.
Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.
- Blowing up Gas Stations for fun and profit
Peter Manev is the co-founder and chief strategy officer (CSO) of Stamus Networks and a member of the executive team at Open Information Security Foundation (OISF). Peter has over 15 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter is also the lead developer of SELKS, the popular turnkey open-source implementation of Suricata. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.
Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead. He is currently a Suricata executive council member. Peter has 15 years of experience in the IT industry, including as an enterprise-level IT security practitioner.
SELKS maintainer - turn-key Suricata-based IDS/IPS/NSM. A frequent contributor to and user of innovative open source security software, Peter maintains several online repositories for Suricata-related information: https://github.com/pevma , https://github.com/orgs/StamusNetworks/repositories and https://twitter.com/pevma.
Peter Manev is a co-author of the The Security Analyst’s Guide to Suricata book written with Eric Leblond.
Additionally, Peter is one of the founders of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata. Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, Locked Shields, DeepSec, Troopers, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others
- From protocol analysis to actionable algorithmic and signature detection with Suricata
Philippe has over 20 years of experience in Information Security. Prior to founding Seralys, Philippe was a Senior Manager within the Information & Technology Risk practice at Deloitte Luxembourg where he led a team in charge of Security & Privacy engagements. In his previous work experience, Philippe held several roles within the information system security department of a global pharmaceutical company in London. While working with a heterogeneous network of over 100,000 users across the world and strict regulatory requirements, Philippe gained hands-on experience with various security technologies (VPN, Network and Application Firewalls, IDS, IPS, Host Intrusion Prevention, etc.).
- Internal Domain Name Collision 2.0
Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.
- Lookyloo, Pandora, and all the bells and whistles to go with them.
I work in Cyber Security for 25 years . At the European Commission I lead the Threat Hunting and Detection Engineering team. Anytime I apply "Sharing is caring" principle and I support and participate to several open source projects. OpenTIDE is the framework developed by the team to support our work and has been opensourced in March 2024
- Unleashing the power of purple teaming with OpenTIDE
An engineer by training, Saâd has more than 25 years of cybersecurity experience. Leading CERT-EU since 2019, he reshaped the Cybersecurity Service for the European Union institutions, bodies, offices and agencies into a highly trusted, highly regarded inter-institutional provider of cybersecurity services to all the European Union institutions, offices, bodies and agencies.
Before that, he built and managed the CSIRT of a French multinational food products corporation covering more than 120.000 employees worldwide and worked at the CERT of one of the major banking groups to fight against cybercrime and respond to cyberattacks. He also created CERT-BDF, the CSIRT of Banque de France, making it one of the most advanced central bank CSIRTs.
He regularly presents at well known conferences including past Hack.lu editions, NorthSec, Botconf and FIRST.
- Tales of the Future Past
Samira CHAYCHI holds a PhD from the University of Luxembourg, specializing in computer science. Additionally, she possesses a master's degree in Information and Computer Science, specializing in Reliable Software & Intelligent Systems, with expertise in RDF streaming data processing using asynchronous iterative routing frameworks. Furthermore, she pursued studies in Computer Simulation in Science, specializing in Financial Mathematics. She is also the co-founder of LuxQuantum, contributing her expertise to the advancement of quantum technologies.
- Quantum Cybersecurity - Pioneering a Secure Future
Ex-Police Officer and Cloud Incident Responder with 10+ years of IT experience. During the course of my career, I’ve worn many different hats, being able to intervene in incidents of multiple magnitudes in both the private and public sector, from bank robberies to cybersecurity breaches to confidential information leaks.
- Dredge: An Open Source Framework for Cloud Incident Response
Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-Box, Deepsec and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world, and taking pictures.
- ROP on ARM64 - a hands-on tutorial
Shanna Daly has over 20 years experience across the information security industry. Shanna’s expertise has been called upon during countless data breach investigations, giving her an in-depth understanding of the security implementations that work, and the ones that don’t. Shanna continues to share her knowledge with the industry and has built and managed consulting teams of industry experts responding to all types of intrusions and breaches.
- MISP Kickstart
Sharif Shahani is a physicist and materials scientist with a robust foundation in academic research and entrepreneurial ventures. Holding a PhD in Physics from the University of Luxembourg and two MSc degrees in Physics and Materials Science & Engineering from Sorbonne University and Sharif University of Technology, Sharif has a diverse and rich educational background. His extensive academic journey has equipped him with expertise in graphene-based 2D materials, optics, quantum materials, and nanotechnology. As the co-founder of LuxQuantum, Sharif leads efforts to advance quantum cryptography technologies. His work focuses on bridging the gap in quantum technologies, aiming to enhance their interoperability.
- Quantum Cybersecurity - Pioneering a Secure Future
SHIHAO XUE is Engineer of CATARC Automotive Data of China Co., Ltd.He mainly engages in research on communication protocols for automotive components, focusing on vehicle protocol technologies such as Ethernet and CAN networks.
In recent years, he has supported key industry enterprises in conducting research related to communication software testing.
- Cyber Threats to Advanced Intelligent Connected Vehicle Systems
Shing-Li (Yuki) Hung is currently a cybersecurity researcher at CyCraft and he is graduated from National Tsing Hua University, Taiwan. His research primarily focuses on the analysis of dark web intelligence, applying deep learning models within the cybersecurity field. He has also conducted visiting research at the National Institute of Information and Communications Technology (NICT) in Japan. Yuki's research findings have been presented at prestigious platforms such as HITCON and PyCon TW. Additionally, he is a co-author for the cybersecurity resource website https://sectools.tw.
- Automating Dark Web CTI Reports with RAG Insight for MISP Sharing
Pentester at Synacktiv.
- Back to the failure - Did your physical security really evolved in the last 40 years?
Stanislav Dashevskyi is a Security Researcher at Forescout. He received his PhD from the International Doctorate School in Information and Communication Technologies (ICT) at the University of Trento (Italy) in 2017. His main research interests are open source software, software security, and vulnerability analysis.
- Ghosts'n'gadgets: common buffer overflows that still haunt our networks
Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.
- In-Depth Study of Linux Rootkits: Evolution, Detection, and Defense
- The Gist of Hundreds of Incident Response Cases
Trying to combine fun with some security related stuff
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
- The Heist: get your hands on the goods!
Thomas has been a DFIR practitioner for 10+ years. He's currently a Security Engineer in the DFIR team at Google who loves running towards the proverbial cyber fires. He enjoys detective work and poking malware with a long stick, and has given talks about DFIR, malware analysis, and threat intelligence at many conferences throughout Europe and the US.
- DFIQ - Codifying digital forensic intelligence
Thomas has 18 years experience in information security and has done lots of stuff in this area, from offensive to defensive security topics. Now he is doing incident response, threat hunting and threat intelligence at the Evonik Cyber Defense Team. Furthermore, he is co-founder of the Sigma project and maintains the open source toolchain (pySigma/Sigma CLI).
- Lessons Learned from (almost) 8 Years of Sigma Development
- Operationalization of Sigma Rules with Processig Pipelines
Tristan is a dedicated and motivated professional committed to delivering positive results and fostering continuous improvement in his work. Over the years, he has accumulated extensive experience in both Offensive (Red Teaming, Penetration Testing, Vulnerability Research) and Defensive Security (Threat Hunting, Incident Response, Digital Forensics, Malware Reverse Engineering), as well as systems and networks. Additionally, Tristan finds fulfillment in sharing his knowledge through Cyber Security Training, recognizing the value of collaboration and ongoing learning in this dynamic field.
- Predictive Analytics for Adversary Techniques in the MITRE ATT&CK Framework using Rule Mining
Vic Huang
Independent researcher / Security engineer
Member @ UCCU Hacker
Working on Web/Mobile/ICS/Privacy domain
He shared his research on several cybersecurity conference such as HITB,CODE BLUE,Ekoparty,ROOTCON,REDxBLUE pill,HITCON, CYBERSEC,DEFCON.
- Securing the Stars: Comprehensive Analysis of Modern Satellite Vulnerabilities and Emerging Attack Surfaces
Vladimir Kropotov is an Advisor and Sr. Researcher with the Trend Micro Forward-Looking Threat Research team. Active for over 20 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies and was head of the Incident Response Team at Positive Technologies. He holds a master's degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations.
- IoT hacks humans - unexpected angles of Human Process Compromise
William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his ASN.1 templating tool at Pass the SALT 2023 in Lille. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.
- NLP deep-dive: Transformers for Text Mining and Text Generation in Cybersecurity
- Exploring OpenSSH: Hands-On Workshop for Beginners
YUQIAO NING is the Technical Director of CATARC Automotive Data of China Co., Ltd. He has extensive experience in computer systems and software security research. In his current role, he is primarily responsible for pioneering research in automotive penetration technology and the development of automated detection tools.His work focuses on analyzing security risks within automotive open-source software, with a particular emphasis on understanding the critical intersection of automotive security vulnerabilities and functional safety. He has played a pivotal role in organizing numerous automotive information security attack and defense challenges, contributing significantly to the advancement of safer and more secure automotive technologies.Furthermore, He has played an instrumental role in shaping national automotive information security standards, contributing to the drafting of several key national standards.
- Cyber Threats to Advanced Intelligent Connected Vehicle Systems