
I’m 0xSeeker, currently CTI & CTH analyst in the purple team @Gatewatcher. Part of my cybersecurity experience, I've spent 6 years focusing on red team and CTI on industrial area.
- French stealer ecosystem: the resurgence skid gangs in cybercrime space

Aaron Kaplan worked at cert.at for 12 years before reactivating his sole-proprietorship in 2020.
Since 2018 he has been fascinated by the possibilities, problems and pitfalls of AI for cybersecurity. He co-chairs the AI SIG at FIRST.org. Co-maintainer of IntelMQ.
- intelmq.ai - adding ML model support to intelmq

Alain Mowat is the Head of Research & Development at Orange Cyberdefense Switzerland. He joined the company (then called SCRT) in 2009 as a penetration tester and subsequently led the offensive security team in the same company for many years until turning towards R&D. While still performing various engagements throughout the year, Alain is also dedicated to exploring new approaches to be used by the offensive security industry to better secure client infrastructures.
Aside from these activities, Alain was an active member in the 0daysober CTF team that finished 3rd at DEFCON CTF in 2015 and has responsibly disclosed vulnerabilities in multiple products such as Citrix NetScaler, SonicWall, Barracuda, Twitter and McAfee.
Alain is also responsible for giving various security-related trainings at Orange Cyberdefense Switzerland and has presented at several conferences, such as Insomni’hack, where he is also one of the organisers, Secure IT VS, CyberSecurity Alliance, SIGS and Area41.
- Wyse Management Subversion : Taking over Dell's Wyse Management Suite
- From Achilles to NIS2: Slovakian Lessons on Proactive Cybersecurity and Vulnerability Disclosure

Ali is a cybersecurity researcher with over a decade of experience in tech fields. He is currently the application and offensive security manager at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as Confidence Conf 2020, Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc.
Moreover, he was a trainer at OWASP Summer of Security 2020 and 2021 July training and a reviewer for Springer Cluster Computing Journal/Elsevier and the 2021 Global AppSec U.S. event. Ali is a Microsoft MVP and has published a book, along with several papers and blog posts.
- Breaking the Signal: Red Teaming Mobile Networks in 2025

Ankshita is a cybersecurity consultant with a sharp focus on malware analysis, offensive tactics, and real-world threat detection. Her background spans the finance sector, tech industry, and incident response, where she has worked as a SOC analyst, security engineer, and consultant across corporate and critical infrastructure environments. She holds the ISTQB Certified Security Tester credential, is KLCP certified, and is currently researching advanced malware evasion techniques and system exploitation pathways.
She has presented her work at Hack.lu (Luxembourg), Après Cyber Slopes Summit (Utah), DevFest Africa, and The Developers Conference (Mauritius). Her technical approach blends dynamic analysis, code unpacking, and attacker tradecraft — often with a focus on web-based attack surfaces. Ankshita has also been recognized by Huawei Mauritius in 2024 for her innovation in engineering
- Reverse Engineering Ransomware: Hands-On Malware Analysis & IOCs Extraction
- What Malware Leaves Behind: Analysing Forensic Traces of Ransomware
- LOLBlue : Living Off the Land with Blue Team tools
Security Expert & Pentester at Synacktiv.
- Beyond post-quantum stereotypes

Antoine Goichot is a cybersecurity professional and Ethical Hacker. With ten years of hands-on experience and some certifications (CRTO/CRTL, GPEN/GXPN, GDAT), he has been into hacking since junior high school. He was always trying to find clever ways to solve technical problems and tweak his computer. In high school, he jailbroke a dozen PSPs so friends could play homebrew games between classes. He later studied computer science and networks at TELECOM Nancy.
Now as Senior Manager at PwC Luxembourg, Antoine leads projects for a large variety of clients including major corporations, banks, European institutions, and insurance companies. Beyond his day job, he has uncovered several vulnerabilities in Windows VPN clients, Cisco AnyConnect (CVE-2020-3433/3434/3435, CVE-2020-27123, CVE-2021-1427) and Ivanti Secure Access (CVE-2023-38042). These issues have been fixed by vendors after coordinated disclosure.
Antoine has contributed to the cybersecurity community through a conference paper co-authored during his studies, blog posts, articles in the MISC magazine (French periodical), etc. He also co-presented at Hack.lu in October 2017 on "Malicious use of 'Local Administrator Password Solution'"
- OverLAPS: Overriding LAPS Logic

Benjamin Koltermann is CEO and Security Architect for Cloud and Kubernetes environments at KolTEQ. He works on various projects for large regulated organizations, enabling them to securely manage the transformation to the cloud and Kubernetes.
In addition he is co-organizer of the Defcon Kubernetes CTF and is playing CTF for FluxFingers in his free time.
- Hacking Kubernetes
Penetration tester @ Synacktiv
- Beyond post-quantum stereotypes

Ben is massive cyber-nerd, with a passion for creative defence-evasion techniques, reverse-engineering malware and fighting adversaries! He works at Huntress as a Security Operations Analyst. In his spare time you'll find him dissecting malware captured in his honeypots, pwning boxes and recording his solutions for his YouTube, or enjoying a pint in the pub.
- Compromising Threat Actor Communications

Bogdan Trufanda is a Threat Hunter in CrowdStrike's Cloud Runtime Security Team.
Bogdan is responsible for gathering actionable application and security intelligence for CrowdStrike products, specialising in gathering Threat Intelligence and researching exploitation techniques involving containers and the cloud space.
- Containing the Threat: Analyzing cryptomining campaigns

Christian is the technical lead of the Zeek project, and an engineer at Corelight. He previously spent 5 years heading the networking group at Lastline, and prior to that spent 5 years as a research scientist at the International Computer Science Institute in Berkeley. He has served on the advisory board of the Open Information Security Foundation, and holds a PhD from the University of Cambridge's Systems Research Group. He still rides skateboards, which recently earned him a busted rotator cuff.
- Integrating Zeek With Third-Party Applications

In addition to providing his services as an independent cybersecurity expert, Christophe actively serves as a Belgian Cyber Reservist and contributes significantly to open-source projects. He is the founder of the MISP Threat Sharing Platform. His contributions to the community also include the creation of MISP-maltego and pystemon, the active development of the sysdiagnose framework, as well as his previous involvement in organizing the FOSDEM conference.
When not immersed in the world of cybersecurity, Christophe enjoys outdoor pursuits such as hiking, climbing, mountaineering, and sailing, finding solace in the beauty of nature.
- iOS analysis using the Sysdiagnose analysis framework workshop - advanced session
- iOS analysis using the Sysdiagnose analysis framework workshop - beginners guide

Infosec Librarian.
- The cloud journey 2013-2025 of the European Commission

cybersecurity enthusiast, author, speaker and mathematician. Author of popular books:
MD MZ Malware Development Book (2022, 2024)
MALWILD: Malware in the Wild Book (2023)
Malware Development for Ethical Hackers Book: https://www.amazon.com/dp/1801810176 (2024)
Author and tech reviewer at Packt. Co founder of MSSP Research LAB, author of many cybersecurity blogs, HVCK magazine
Malpedia contributor
Speaker at BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc conferences
- Malware Development for Ethical Hackers (Windows, Linux, Android)
- Exploiting Legit APIs for Covert C2: A New Perspective on Cloud-based Malware Operations

Cristiana Brafman Kittner is a subject matter expert in cyber threat intelligence with a focus on Chinese military strategy and the development of the People's Republic of China's distributed cyber threat ecosystem. With over two decades of experience in military strategy, weapons analysis, and strategic geopolitical analysis, Cris has made contributions to cybersecurity controls, specifically NIST 800-53. She is a board member with The Diana Initiative and Torchlight and serves as a mentor and coach with Girl Security, The Women's Society for Cyberjutsu, and the Executive Women's Forum. She has significant experience as a trusted advisor providing cutting-edge cyber threat intelligence and risk management solutions to enterprise customers across various industries, as well as senior executives and government officials.
- The Human Factor: Psychological Safety in Cybersecurity Frontlines

Damien works as a Senior Malware Researcher at ESET, where he has specialized in targeted attack research. With a primary focus on APT, his main duties include hunting and reverse engineering of the latest threats. As a background, he holds an M.Sc. in Computer Science and previously worked in incident response, cyber threat intelligence, and malware analysis.
- RomCom exploits Firefox and Windows zero days in the wild

David Durvaux is active in the incident response field for more than a decade. He has work on many IT security incidents and especially on computer forensics aspects. Since 2015 he is actively preparing the FIRST CTF. David presented in numerous conferences including hack.lu.
- Building a pipeline to analyse iOS devices at scale

David Sopas leads a team of security researchers at Char49. With more than 15 years experience in pentesting and vulnerability research, his work was presented on security conferences worldwide - DEFCON, RSA, BSides Lisbon, among others). He's been privileged to see his work create ripples in the cybersecurity community and feature in notable publications like Techcrunch, Softpedia, TheRegister, SecurityWeek, and ThreatPost.
- The Parking Chronicles - A DIY Guide to Agents Detection

Didier Stevens (SANS ISC Senior Handler) is a Senior Analyst working at NVISO. Didier has developed and published more than 100 open-source tools mostly for malware analysis, several of them popular in the security community. You can find his open source security tools on his IT security related blog https://blog.DidierStevens.com
- Practical Maldoc Analysis Workshop

Dimitrios is a seasoned cybersecurity professional with a specialization in mobile, web, and network security. Holding a degree in Computer Science with a focus on Cryptography and Security, he has collaborated with leading companies such as Microsoft and Google, bringing a wealth of expertise to each engagement. With deep expertise in reverse engineering, Dimitrios has been an active member of one of Greece's earliest reverse engineering research groups since his early career. As a frequent speaker at leading security conferences such as BlackHat, Nullcon, Insomni’hack, and Troopers, he is recognized for his in-depth analysis of emerging threats and innovative defense mechanisms.
- My other ClassLoader is your ClassLoader: Creating evil twin instances of a class
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle

Dom Lutz is a security engineer with experience in manufacturing, gov, retail, healthcare, higher ed. Current areas of focus are incident response and threat/vulnerability management.
- Krash Kourse: Intro to KQL for Defenders

Reverse engineer, creator of x64dbg, Dumpulator, IDA Pro MCP and 100+ other projects. Love binary analysis and Windows internals. Worked in DRM for 5 years and currently working as a mobile security researcher.
- Payload Obfuscation for Red Teams
- Payload Obfuscation for Red Teams

Edouard is a Senior Cybersecurity Advisor at PwC Luxembourg with a strong focus on incident response and digital forensics. A hands-on generalist, he also works across malware reverse engineering, threat hunting, and broader security architecture. Lately, he's been exploring hardware attacks and low-level exploitation, combining field experience with curiosity-driven research. His work bridges the gap between high-level response and deep technical digging — whether in memory, firmware, or signals on a scope.
- Field guide to physical attacks against full-disk encryption
- Hands-On Hardware Hacking: Extracting Keys and Owning Encrypted Laptops
Elyssa Boulila is a security researcher and a PhD student affiliated with Amadeus IT Group and EURECOM. Her research work is related to Phishing and Threat Intelligence.
- Slipping Through the Cracks: How Malicious Emails Evade Detection

Éric Leblond is the co-founder and chief technology officer (CTO) of Stamus Networks and a member of the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities.
He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is also the lead developer of the Suricata Language Server, a real-time syntax checking and autocomplete app for Suricata rule writers.
Eric is a well-respected expert and speaker on network security.
- Threat detection engineering with Suricata
- New advanced network detection with Suricata 8
- What's New in Suricata 8: Enhanced Detection and Performance
Security researcher at Ampere Software Technology's pentest lab (focus on vulnerability detection in automotive embedded systems).
- Audit and retrospective of an automotive application: Carplay

Felipe Custodio Romero (@_localo_) is a vulnerability researcher at Neodyme, obsessed with finding weaknesses in all sorts of systems. Whether he's exploiting game clients like Counter-Strike, compromising IoT devices (such as printers and routers at Pwn2Own), or digging into low-level bootroms, Felipe's interests are broad and deep. Beyond his research, he's dedicated to forming the next generation of security professionals by organising CTFs like the CSCG, providing a platform for newcomers to explore IT security and allowing existing talents to sharpen their abilities. Much of his practical experience was gained by participating in numerous CTFs with teams ALLES! and FluxFingers.
- Revisiting Widevine L3: DRM as a playground for Hackers

Long time member of syn2cat hackerspace. Sysadmin and security officer. Really good in linux, yoga, retrocomputing and massage.
- yoga for geeks
- yoga for geeks

Gopika Subramanian is a security researcher with primary focus on Web and Mobile Application Security. She is currently working as a Secops Engineer at Fuze. Gopika is responsible for engineering, threat modeling and implementing security Initiatives at Fuze. In her free time she participates in CTF competitions and has presented/trained in a multitude of conferences.
- Integrating secure coding to DevSecOps cycle

Harpreet (Harry) is a seasoned cybersecurity expert with over a decade of dedicated service in Ethical Hacking, Penetration Testing, Vulnerability Research, and Red Teaming. As the esteemed author of Infrastructure Attacks for Ethical Hacking, Hands On: Web Penetration Testing with Metasploit, and Hands On: Red Team Tactics, Harry has built a reputation as a thought leader in the cybersecurity community. His extensive field experience is complemented by prestigious certifications, including Offensive Security Exploit Developer (OSED), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), and Certified Red Team Operator (CRTO). Harry has shared his profound insights and innovative strategies at notable international conferences such as Pass-The-Salt (2021) and Vulncon 2024.
- THAT PICTURE IS A LIE: SMUGGLING BINARIES WITH STYLE
Hayk is a seasoned penetration tester and red teamer at PwC, with over five years of experience in offensive security.
His work spans complex adversary simulations, assumed breach scenarios, and stealth operations targeting modern enterprise environments.
Driven by a strong curiosity for hardware hacking, Hayk has explored topics like SPI/I2C bus sniffing and BitLocker key extraction, expanding red team capabilities beyond traditional boundaries.
- Field guide to physical attacks against full-disk encryption
- Hands-On Hardware Hacking: Extracting Keys and Owning Encrypted Laptops

Hendrik is a security researcher and engineer with vast experience in different areas of IT Security. Since many years he is an security enthusiast and started his career as security researcher with a focus on network and telecommuinication security. Currently, he is working in an Incident Response Team of a large enterprise.
- Security Monitoring and Response in Large Linux Environments

Hilko works in the CSIRT for a transportation and logistics company. He feels most comfortable when thinking about problems that touch systems programming, operations and IT security. For more than 25 years, he has learned to take free and open source software for granted and he is still amazed when he hears how others have found his contributions useful.
- Security Monitoring and Response in Large Linux Environments
Passionate about programming, I began my career as a developer and private tutor in C/C++ before transitioning into offensive cybersecurity. For the past five years, I have worked as an offensive security auditor at Deloitte Cyber, where I conduct a wide range of penetration tests and technical audits. I am also responsible for designing and developing Pentest and Red Team infrastructure using Infrastructure as Code, with a strong focus on automation and operational efficiency.
This dual role - combining offensive security with infrastructure development - naturally led me to specialize in the security of CI/CD workflows. Through numerous audits and penetration tests for a wide range of clients across various environments, I have developed a deep and critical expertise in pipeline security, particularly within platforms such as Azure DevOps and GitHub Actions.
- From YAML to Root: CI/CD Pipeline Attacks and Countermeasures

Ignacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he's currently working as an Application Security. Their interests include code analysis, web application security, and cloud security. o
Speaker at DEFCON, H2HC, Troopers, LeHACK, NorthSec, TyphoonCon, Security Fest, SASCON, 8.8 among others.
@Ignavarro1
- Oops, I Hacked It Again: Tales and disclosures

Inbar has been teaching and lecturing about Internet Security and Reverse Engineering for nearly as long as he has been doing that himself. He started programming at the age of 9 and Reverse Engineering at the age of 14. He spent most of his career in the Internet and Data Security field, and the only reason he's not in jail right now is because he chose the right side of the law at an early age.
Inbar specializes in an outside-the-box approach to analyzing security and finding vulnerabilities, using his extensive experience of close to 30 years.
- Reversing a Pay Phone for Fun but No Profit
- Fake Jobs, Real Malware. Uncovering How Cybercriminals are Exploiting the Employment Market

Jindřich is a Lead Security Researcher in Rapid7. His research work focuses on the domains of cognitive warfare, cyber espionage, AI threats and cyber threat intelligence. You might also recognise him as the security data scientist known as 4n6strider.
- Smack my LLM up!

Jiří Vinopal is a threat Researcher, malware researcher and reverse engineer at Check Point Research, who specializes in analysing and dissecting advanced cyber threats and techniques, alongside conducting in-depth malware research and reverse engineering. When he's not diving deep into the world of cybersecurity, he shares his passion for reverse engineering through his free YouTube channel and blog content, providing tips and tricks to fellow enthusiasts.
- Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign

I'm a recovering Java Developer. I started my career as a Java developer writing Archive/Backup software before moving to a large financial company working on webapps and the backend APIs. However, after a while, writing yet another microservice isn't that much fun anymore but breaking them was. So, I moved to Application Security and from there to research. I now work as a Staff Application Security Researcher for Contrast Security.
- Attacking The Developer Environment Through Drive-by Localhost Attacks

Julien is a french penetration tester and security researcher, currently working at Orange Cyberdefense. As a Python lover with a background in software development, he is fervent open-source advocate who contributed to several offensive security projects including KeePwn, KeeFarce Reborn, Scapy, Metasploit, CrackMapExec and Impacket.
- DCOM Turns 20: Revisiting a Legacy Interface in the Modern Threatscape
- Audit and retrospective of an automotive application: Carplay

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, known for uncovering and responsibly disclosing critical security vulnerabilities in national and international systems. An expert in penetration testing, network flow analysis, and reverse engineering, he is also a lifelong command-line enthusiast. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor. He uses bash daily for hacking, automation, and large-scale data processing and is sometimes contracted by major online education providers to proofread their bash certification exams. He currently is the lead researcher at Possible Security.
- So you're interested in social engineering? The very first steps
I do reverse engineering as a personnal activity since years (https://github.com/lclevy/Uvk, https://connect.ed-diamond.com/MISC/mischs-006/mecanisme-de-controle-d-authenticite-des-photographies-numeriques-dans-les-reflexes-canon) and recently applying this passion as a full time job. Before I was a Digital Forensic analyst and working in computer security long before it was call Cyber :-)
- Digic8 Oracle

Marina Bochenkova wears many hats as a cybersecurity analyst focusing on digital forensics, incident response, and OT security, while also dabbling in security awareness and culture. She combines a passion for protecting people, a strong belief in digital privacy as a human right, and an overly-enthusiastic approach to problem-solving. When not defending digital spaces, Marina actively nurtures her already-unhealthy obsession with cats and resorts to baking or martial arts when desperate.
- Nightmare on NTLM street: Legacy’s Revenge
- From Buzzword to Battlefield: The Cybersecurity Challenges of Smart Cities

Dr. Martin Salfer is an IT security researcher at the Technical University of Munich (TUM) and a tech lead at an automaker. He earned his Ph.D. in IT Security from TUM, completed his M.Sc. with honours in Software Engineering at UniA/LMU/TUM, and obtained his B.Sc. in Computer Science from HM, with a study abroad at KPU in Vancouver, Canada, and ESIEA in Paris, France, and a research visit at NII in Tokyo, Japan. He is the lead author of 28 publications, including five IT security patents.
- Automotive Security Analyzer for Exploitability Risks: An Automated and Attack Graph-Based Evaluation of On-Board Networks

Working as a DFIR analyst in Synacktiv's CSIRT, Maxence Fossat is passionate about digital forensics, detection engineering and malware analysis. After working for a few years with different EDR/XDR solutions, he moved on from detection to response. With a keen interest in attacker tradecraft and reverse engineering, his goal is to make significant contributions to the cybersecurity ecosystem, with efficient detection rules and tools. He is first and foremost dedicated to sharing his findings via talks, classes and tools.
- LOLBlue : Living Off the Land with Blue Team tools
Maxime Escourbiac is the Red Team Leader at Michelin CERT, specializing in offensive security, penetration testing, and advanced vulnerability exploitation. He has contributed to the discovery of vulnerabilities in widely used products such as PAN-OS, Grafana, VMware Aria Operations, Backstage, Artifactory, and ForgeRock AM.
- Palo Alto GlobalProtect : Remote Full Compromise Exploit Chain
Melina Phillips is an Offensive Security Engineer with a background in Security Operations and Incident Detection. She has over ten years of IT experience and six years working directly in cybersecurity, blending hands on blue team work with her current focus on adversary simulation and endpoint compromise.
Her recent talks have been featured at Bsides Cambridge, Security Fest, BruCon and LeHack. She's known for making complex technical concepts accessible without watering them down, and for delivering practical insights grounded in real world attack and defense experience.
Outside of breaking into infrastructure and chasing down Linux threats, she's usually at CrossFit or playing with makeup, ideally not at the same time.
- Confessions of a Linux Drama Queen: Incident Response When Hackers Try to Steal Your Spotlight
Michal is a lawyer at the Slovak Government CSIRT unit (CSIRT.SK), where he provides legal advice on cyber security and regulation. He is a PhD. student and lecturer at the Institute of Information Technology and Intellectual Property Law at the Faculty of Law of Comenius University in Bratislava.
Michal is the author of several scientific articles focused on information technology law and cybersecurity. He is also co-author of the university textbook "Law and Artificial Intelligence". In his practice and academic research he focuses on cybersecurity, AI and criminal law. He is a member of ISACA Slovakia Chapter and also a certified Cyber Security Manager.
- From Achilles to NIS2: Slovakian Lessons on Proactive Cybersecurity and Vulnerability Disclosure

Mihai Vasilescu is a Threat Hunter in CrowdStrike's Cloud Runtime Security Team.
Mihai's expertise lies in gathering Threat Intelligence on recent botnets and network attack exploitation techniques, including malware analysis and botnet tracking.
- Containing the Threat: Analyzing cryptomining campaigns

Parth Shukla is a dedicated Cybersecurity Analyst at Cequence Security with a strong passion for Web Application Security. He is an accomplished bug hunter, community builder, and cybersecurity enthusiast with a relentless drive to uncover vulnerabilities and share knowledge. Parth’s work focuses on securing modern web applications by addressing critical threats like those outlined in the OWASP API Top 10, including BOLA, SSRF, and Broken User Authentication.
In addition to his professional achievements, Parth has mentored over 600 aspiring cybersecurity professionals, empowering them with skills in ethical hacking, bug bounty hunting, and advanced web application testing. An advocate for continuous learning and collaboration, Parth is a frequent speaker at leading cybersecurity conferences worldwide. Guided by the principle that “security is a myth,” he strives to challenge assumptions and push the boundaries of what’s possible in cybersecurity.
- API Underworld: Red Team Hacking Secrets

Paul Gerste (@pspaul95, @pspaul@infosec.exchange, @pspaul95.bsky.social) is a vulnerability researcher at Sonar. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Grafana. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
- Lethal Language Models: From Bit Flip to RCE in Ollama

Pauline Bourmeau works at the intersection of artificial intelligence, human cognition, and information security.
She is the founder of Cubessa, where she puts humans at the center of its research. With a diverse background including linguistics, programming, and criminology, she brings a unique perspective blending humanistic and technical approaches to analyze cyber threats and their evolution.
She is also involved in AI education and open-source projects, notably within the MISP community. Outside of her work, Pauline is a medal-winning para-climber and interested in projects that make AI more accessible.
- Hack your brain
- Practical intro to deeplearning: chihuahuas vs muffins
Log time Cyber Threat Intelligence Analyst. Author of open source tools nfdump.
Passionate photographer.
Location: 127.0.0.1
- When Netflow meets Pcap - A network forensic approach.

Peter Manev is member of the executive team at Open Network Security Foundation (OISF) and Suricata Project Evangelist. Peter has over 20 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead.
Peter is also one of the lead developers of SELKS / ClearNDR Community, the popular turnkey open-source based implementation of Suricata IDS/IPS/NSM. Peter is a regular speaker and educator on open-source security, threat hunting, and network security.
Peter Manev is a co-author of the The Security Analyst’s Guide to Suricata book written with Eric Leblond.
Additionally, Peter is the co-founder and chief strategy officer (CSO) of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata. Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, Locked Shields, DeepSec, Troopers, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others.
- Threat detection engineering with Suricata
- New advanced network detection with Suricata 8
- What's New in Suricata 8: Enhanced Detection and Performance

Petr has been working with binary formats since 2019. In 2020, he became the administrator of Kaitai Struct - a binary analysis tool. He occasionally contributes to other open-source projects on GitHub.
In 2025, Petr completed a Master's degree in Security and Network Engineering at the University of Amsterdam.
- Kaitai Struct: a tool for dealing with binary formats

I am a passionate FOSS hacker; lead maintainer of ScanCode, PurlDB and VulnerableCode; and on a mission to enable easier and safer to reuse of FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery and license and security compliance at https://aboutcode.org . I am also a co-founder of SPDX and the creator of Package-URL (PURL), a de-facto standard to identify packages in SBOMs, along with SCA tools and a vulnerability database used throughout the industry.
- Open source is a virus
Passionated by offensive web security and more specifically anything related to backend languages.
- Livewire : remote command execution through unmarshalling
Piotr Białczak is a researcher at CERT.PL. His professional interests include network traffic analysis, phishing detection, and applying machine learning to security problems.
- Phishing detection using various parts of DNS ecosystem

Quentin has been working as an incident responder for several years before focusing on endpoint threat detection. He recently dedicated all his time developing several open-source projects. His main topics of interest are ranging from threat detection to bug hunting but what he likes the most is to develop tools and open-source them when he judges it is relevant enough to do so.
- Kunai: From Zero to Ninja
Rahul (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he's a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Nullcon, PHDays, c0c0n, and BSides. He's also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul's passions lie in information security, automation, human behavior, and—of course—breaking things.
- Automate Your Hacking: Writing New Tools & Extending Existing Ones
I (@h4ckologic) am a cybersecurity researcher passionate about uncovering and addressing critical vulnerabilities in complex technology implementations. My work includes identifying and reporting issues to top tech companies like Apple, Google , Microsoft and many others, some of my CVES identified are Apple (CVE-2021-31001), PhantomJS (CVE-2019-17221), and NPM html-pdf (CVE-2019-15138). I’ve had the privilege of sharing my research at leading conferences, including NoNameCon, Ekoparty, and Hacktivity (2020); Hack in the Box and Romhack (2023); and HITB Bangkok and BSides Ahmedabad (2024). With a focus on practical solutions and deep technical insights, I’m dedicated to advancing security practices and contributing to the global infosec community.
- Breaking Android IPC: A Deep Dive into AIDL Fuzzing
Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.
- Web forensic with Lookyloo

Paul Rascagneres is a principal threat researcher at Volexity. He performs investigations to identify new threats. He has presented his findings in several publications and at international security conferences. He has been involved in security research for 10 years, mainly focusing on malware analysis, malware hunting, and more specifically on advanced persistent threat (APT) campaigns and rootkit capabilities. He previously worked for several incident response teams within the private and public sectors.
- Exploring Threats Leveraging Blockchains

Rémi Matasse
I am Rémi Matasse (pseudo Remsio), a pentester that worked at Synacktiv for the past four years, passionated by offensive web security, especially on anything related to PHP.
I passed some years working on concrete PHP filters chain exploitation, documenting it in blogpost and presenting it in several conferences such as Pass The Salt or hack.lu.
I then decided to focus on the Laravel since we often come across this framework during audits before jumped in with both feet on exploitation based on APP_KEY leaks.
Pierre Martin
My name is Pierre Martin (pseudo Worty), I'm 24 and I've been doing cybersecurity for about 3 years. I take part in a lot of CTFs with the TheFlatNetworkSociety team and I specialize in the web category, mainly on the backend side.
Before becoming a pentester at Synacktiv, I did a lot of bug bounty on YesWeHack and HackerOne, and I had the opportunity to take part in the HackerOne world championship with the French team, where we finished third.
Moreover, I was twice in the French team for the ECSC competition organized every year.
I mainly do vulnerability research on opensource projects, on my own time or at work, notably with Rémi Matasse.
- Livewire : remote command execution through unmarshalling

Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-Box, Deepsec and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world, and taking pictures.
- Crafting an Infoleak exploit - A Hands On tutorial
Sebastian Wagner is a Free Software enthusiast, full-stack software developer, and project manager currently working for a small software firm, and is active in NGOs for the common good. He co-maintains IntelMQ for 11 years and previously worked at CERT.at for six years.
- intelmq.ai - adding ML model support to intelmq

Stanislav Dashevskyi is a Security Researcher at Forescout. He received his PhD from the International Doctorate School in Information and Communication Technologies (ICT) at the University of Trento (Italy) in 2017. His main research interests are open source software, software security, and vulnerability analysis.
- No way to enable SSH access to your new router? The vendor might have something to hide

Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.
- Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant)

I love to create fun activities with a touch of IT related tasks
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle
- Tech Duel: The Escape Battle

Tammy is a Senior Threat Intelligence Researcher and Certified Dark Web Investigator at Flare. She currently is an admin and volunteer researcher for the open source project RansomLook and a contributor to the DeepDarkCTI project. When she is not working on infiltrating dark web communities she is listening to techno and ambient and sipping a delicious matcha latte. Her other hobbies include street and nature photography, reading, hiking, and camping.
- Persōna Theory: Infiltration & Deception of Emerging Threat Groups

Thomas has almost 20 years experience in information security and has done lots of stuff in this area, from offensive to defensive security topics. Now he is doing incident response, threat hunting and threat intelligence at the Evonik Cyber Defense Team. Furthermore, he is co-founder of the Sigma project and maintains the open source toolchain (pySigma/Sigma CLI).
- Detection Engineering with Sigma
- A pragmatic approach to build a threat landscape

Vladimir Kropotov is an Advisor and principal researcher with the Trend Micro Forward-Looking Threat Research team. Active for over 20 years in information security projects and research, he previously built and led incident response teams at Fortune 500 companies. He holds a master's degree in applied mathematics and information security. He also participates in various projects for leading financial, industrial, and telecom companies. His main interests lie in network traffic analysis, incident response, and botnet and cybercrime investigations. Vladimir was a speaker at a variety of cyber security events, including BHEU, BHAsia, HITB, hack.lu, FIRST and others.
- Russian-speaking underground - changes in the risks, attack surface and modus operandi

Walter started hacking in the late 1980s, after he got his first UNIX account at his university. It was a time of pioneering. No computer crime laws existed but he was in some scary situations. Luckily, Walter was able to become an ethical hacker and make it his profession. He is also a known lockpicker and wrote a book on the subject. When Walter is not hacking, he likes to read, sail, and drive in rally cars in Finland.
- Hacking - 30+ years ago

William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.
- Back to basics - Exploring OpenSSH: hands-on workshop for beginners
- Practical intro to deeplearning: chihuahuas vs muffins
- CLI ambush
- In bed with Qubes OS - tips & tricks exchange party

Will Moffat co-founded Muuselabs, a Belgian IoT startup that developed a screen-free streaming audio speaker for kids. Before diving into hardware entrepreneurship, he was a software engineer at Google in San Francisco and a microelectronics researcher at IMEC Leuven. He holds a BEng in Computer Science and Electronics from the University of Edinburgh.
- The “S” in IoT: Tales from inside the IoT industry
Xavier Mertens is a freelance security consultant running his own company based in Belgium (Xameco). With 15+ years of experience in information security, Xavier finds “blue team” activities more attractive. Therefore, his day job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualization, and OSINT). Besides his day job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610, FOR710), security blogger and co-organizer of the BruCON security conference.
- One day at the Internet Storm Center