OrangeCon

The speaker’s profile picture
Brenno de Winter

Brenno de Winter has been involved in security since his early years. For 15 years he was a renowned Dutch investigative journalist. Born on December 6, 1971, in Ede, Netherlands, de Winter has made significant contributions to the field of information security and privacy. He is best known for his work in uncovering vulnerabilities in public and private sector IT systems, often bringing to light the importance of cybersecurity.

De Winter started his career as a programmer, but had several roles. In 2001 he became a journalist and quickly gained a reputation for his thorough investigative techniques and commitment to transparency and public accountability. His notable works include exposing security flaws in the Dutch public transport chip card (OV-chipkaart) and various governmental IT systems, which prompted widespread public discourse and policy changes.

In addition to his journalism, de Winter is a sought-after speaker and educator on topics related to cybersecurity, privacy, and digital rights. He has authored several articles and books, sharing his extensive knowledge and advocating for stronger security measures and better data protection practices.

Throughout his career, Brenno de Winter has received numerous accolades for his contributions to the field, cementing his status as a leading figure in cybersecurity and investigative journalism in the Netherlands and beyond.

He is the 'catfather' of the OpenKAT-project and currently leads the effort of standardizing penetration testing.

  • Making penetration testing auditable
  • Be lazy like a cat, making pentesting fun again
The speaker’s profile picture
Cas van Cooten

Cas van Cooten is an offensive security enthusiast and Red Teamer at ABN AMRO Bank in The Netherlands. He is a champion for "offensive development" - building solid tools to support every aspect of offensive operations. Particularly, he likes evading defenses by developing offensive security tooling and malware that utilize modern features of languages like Rust, Golang or Nim. He loves sharing knowledge and responsibly open-sourcing tooling via his Twitter and Github to ultimately promote the collaboration between Red and Blue.

  • Offensive Development in Modern Languages
The speaker’s profile picture
Cedric Van Bockhaven

Cedric loves solving offensive computer security puzzles, researching new attack vectors, and finding vulnerabilities in obscure technologies. At Outflank, he performs Red Teaming projects and works on the Outflank Security Tooling (OST).

  • The Registry Rundown
The speaker’s profile picture
Daan Keuper

Daan Keuper is the head of security research at Computest Security. This division is responsible for advanced security research on commonly used systems and environments.

Daan participated four times in the internationally known Pwn2Own competition by demonstrating zero-day attacks against Zoom and multiple ICS applications. In addition Daan did research on internet connected cars, in which several vulnerabilities were found in cars from the Volkswagen Group.

  • Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth
The speaker’s profile picture
Dirk-jan Mollema

Dirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.

  • Attacking Primary Refresh Tokens using their MacOS implementation
The speaker’s profile picture
Erwin Paternotte

Erwin currently works as a CTI specialist at the Dutch government. In his previous life he was a penetration tester/red teamer for over 20 years. During these years tested a large variety of systems and networks and let complex assignments. Over the years he specialized in OT systems and networks, IoT devices and hardware hacking. He previously presented his OT research at the S4 conference, DEF CON, Hardwear.io and Hack in the Box.

  • Securing OT, too hard or not for me?
The speaker’s profile picture
Fish_, Cherry and Stef

We like Oranges.

  • Orange is the new Black
The speaker’s profile picture
Hal Martin

Hal studied Computer Systems Engineering and works as a software developer. One of his many hobbies is asking companies for their GPL source code, and reverse engineering embedded devices. Hal is the main developer behind the postmerkOS open-source firmware for several Meraki switch models.

You can find more information on his blog «WatchMySys» : https://watchmysys.com/blog/

  • Securing devices or profits? Examining the device security of a network appliance vendor
The speaker’s profile picture
Inge Bryan

Inge Bryan, chair of the Dutch Institute for Vulnerability Disclosure, former CEO of Fox-IT, is a trusted advisor to boards and policymakers. Her career spans two decades of intelligence and criminal investigations, mainly tech and data related. She has vast experience in leading investigations, leading change in organizations and managing crises. She is intimately familiar with all sides of cybercrime, espionage and warfare. After leaving law enforcement in 2016, she has led cyber security programs in large organizations primarily in the public sector and critical infrastructure.

Inge’s ancillary positions are: Board member of Royal Holland Society for the Sciences – Chair of the Supervisory Board of Datenna, Supervisory board member at the Clingendael Institute – Advisory board member at the National Archives – Chair of the Anti-Abuse Network - Supervisory Board Member of the Victim Support Fund - Member of the evaluation committee for the Data Protection Authority.

  • Closing Keynote: U-matter
The speaker’s profile picture
Jan-Jaap Korpershoek

Jan-Jaap Korpershoek is an experienced ethical hacker working at the Adversary Simulation team of Northwave. He blends his experience in the areas of reverse engineering, red teaming and penetration testing to find new and creative ways to test infrastructure and applications. Jan-Jaap has a bachelor in technical computer science and a master in Cyber Security. He has a broad interest in all things computer science related and is always up for an interesting challenge.

  • Exploiting the Core: A Deep Dive into Kernel Driver Vulnerability Hunting
The speaker’s profile picture
Jeroen van Beek

Jeroen van Beek is a penetration tester & IT security consultant at Dexlab, and dataleak expert at Scattered Secrets. Besides cracking passwords, he likes fast red Italian motorcycles and red wine.

  • How to crack seven billion passwords?
The speaker’s profile picture
Jorian Woltjer

-

  • HackTheBox & CTF Methodology - Hands-on workshop
The speaker’s profile picture
Max Grim

Max is a Red Team operator and software developer at Outflank. He earned his Master’s degree in System and Network Engineering at the University of Amsterdam with a focus on network- and system security. Max has a background in security testing, software engineering, cloud environments and DevOps practices and he applies that knowledge building the Outflank Security Tooling (OST). He also has a keen interest in designing and hacking (embedded) hardware devices.

  • The Registry Rundown
The speaker’s profile picture
Mischa van Geelen

I am a security researcher, speaker and entrepreneur. Do you rely upon your own IT network, applications or website(s) and are you unsure about its technical security status? As a specialist in information security, I will help you to regain control over your IT environment and infrastructure, investigate what is going on and solve it! 24 Hours a day, 7 days a week.

In my spare time, I report security vulnerabilities to organizations in an effort to make the digital landscape safer. I also take care of workshops, presentations and lectures on the dangers of the Internet for more and better awareness within organizations.

I am frequently asked by the media to explain the dangers of the digital landscape. In 2017 I was featured in the New Revu, explaining the new dangers for organizations, such as Ransomware, Internet-of-Things and other digital threats.

I am currently focusing on these subjects:
- Implementing CIS, performing CIS Benchmarks
- Implementing and endorsing open security standards (OWASP WSTG, OWASP MSTG, PTES, Norea DigiD, CVSSv3.1)
- Penetration testing
- Incident Response (IR)
- Root-cause analysis & Failure mode and effects analysis (FMEA)
- Threat Hunting
- Threat Intelligence
- Automated Intelligence Gathering
- Open-Source Intelligence (OSINT)

  • Be lazy like a cat, making pentesting fun again
The speaker’s profile picture
Olaf Hartong

Olaf is a defensive specialist and security researcher at FalconForce and specialize in understanding the attacker tradecraft and thereby improving detection.

  • Attacking Primary Refresh Tokens using their MacOS implementation
The speaker’s profile picture
Orange Tsai

Orange Tsai, is the principal security researcher of DEVCORE and the core member of CHROOT security group in Taiwan. He is the champion and the "Master of Pwn" title holder at Pwn2Own Vancouver 2021 and Toronto 2022. In addition, Orange has spoken at several top hacker conferences such as Black Hat USA (5 times), DEF CON (5 times), HITCON (11 times), CODE BLUE (6 times), POC, Hexacon, RomHack, HITB, and WooYun!

Currently, Orange is a 0day researcher focusing on Web and Application Security. His research not only earned him the Pwnie Awards winner for "Best Server-Side Bug" in 2019/2021 but also secured 1st place in the "Top 10 Web Hacking Techniques" for 2017/2018. In his free time, Orange also engages in bug bounties. He is especially enthusiastic about RCE, successfully identifying critical RCEs across a broad range of vendors, including Twitter, Facebook, Uber, Apple, Netflix, Tesla, GitHub, Amazon, and more.

You can find Orange on X @orange_8361 and https://blog.orange.tw/

  • Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
The speaker’s profile picture
Parthiban R

Parthiban is working as a Sr. Threat Intelligence Analyst at Atlassian, with around 10 years of experience in the cybersecurity domain, and holds a Master's degree in Information Security & Cyber Forensics. Previously he worked as a Threat Researcher at Anomali as part of the Threat Research Team. He was responsible for researching and tracking threat actors, writing threat intel blogs, and analyzing actor infrastructure. He also worked as an Incident Handler at Symantec and Microsoft, handling various security incidents and attacks on Fortune 500 companies. Outside of work he enjoys traveling and exploring different food cuisines.

  • Graph API Mastery - Logs to Real World Attacks
The speaker’s profile picture
Remco van der Meer

Ethical Hacker, CTF player & student

  • HackTheBox & CTF Methodology - Hands-on workshop
The speaker’s profile picture
Rik van Duijn

Rik has over 10 years of experience in offensive security area working as a penetration tester. Next to his work assessing the security of infrastructures, he spends time researching trends within IT security and on developing defensive measures.

  • Protecting organizations against AITM: lessons learned.
The speaker’s profile picture
Sebastiaan Groot

Sebastiaan is an Ethical Hacker at KPN with an interest in binary analysis and exploitation, system security and breaking programs in general. Before that, he worked as an incident responder and forensic analyst at KPN-CERT. Whenever opportunity arises, he can be found at CTF events. Free time consists of GMing D&D campaigns, playing board games, traveling, cooking and daydreaming legitimized as worldbuilding for D&D sessions.

  • Getting familiar with DESFire
The speaker’s profile picture
Shiva P

Shiva is currently working as a Sr. Security Researcher at Dart Microsoft.

With a background in engineering and operational security, he has over 9 yrs of experience working in various parts of security operations specializing in Threat Hunting, Incident Response, Detection Engineering and helping build SOC's from ground up.

Apart from work, he loves visiting trekking and is an avid gamer.

  • Graph API Mastery - Logs to Real World Attacks
The speaker’s profile picture
Sylwia Budzynska

Sylwia is security researcher at GitHub Security Lab, where she works with finding vulnerabilities in open source software. See hers, as well as other Security Lab researchers' advisories at securitylab.github.com/advisories.
In her free time, she enjoys Magic The Gathering and other TCGs, reading, and playing JRPGs.

  • Finding vulnerabilities with CodeQL
The speaker’s profile picture
Tijme Gommers

As Reverse Engineer & Red Teamer, Tijme (@tijme) supports in the development of Adversary Simulation services to conduct ART & TIBER. He facilitates teams with knowledge, tools & techniques used to simulate nation-state actors as accurately as possible, ultimately increasing cyber resilience of critical organisations and infrastructure throughout Europe. Furthermore, with his polyglot software engineering background, he works on the development of malware and zero-day exploits. This is once again used to realistically train blue teams in repelling nation-state cyber-attacks.

  • Elevate Your Skills: From COM object fundamentals to UAC bypasses
The speaker’s profile picture
Timothy Hjort

I'm the type of guy who finds it funny when my car engine is full of glitter or when my home router runs a minecraft server. I entered the computer security field due to movies (HACKERS) and youtube videos before proceeding to study for a master of science in engineering: computer security degree. My professional experience includes being the head of IT for the student union at BTH along with part-time and now full-time work at Vulnerability Research in Outpost24. My primary interest is focused on computers, hardware, software architecture and cars.

  • An angel, python, root and config walked into a bar...
The speaker’s profile picture
Wesley
  • Protecting organizations against AITM: lessons learned.
The speaker’s profile picture
Winn Schwartau

Winn Schwartau is one of the world’s top experts on security, privacy, infowar, cyber-terrorism, and related topics. He has lived cybersecurity since 1983 and his predictions about the Internet and security have been scarily spot on.

  • Cybersecurity’s New Imperative: Metawar - Defending the Cognitive Infrastructure.
The speaker’s profile picture
Wouter Bokslag

Wouter Bokslag is a co-founding partner and security researcher at Midnight Blue. He is known for the reverse-engineering and cryptanalysis of several proprietary in-vehicle immobilizer authentication ciphers used by major automotive manufacturers as well as co-developing the world's fastest public attack against the Hitag2 cipher. He holds a Master's Degree in Computer Science & Engineering from Eindhoven University of Technology (TU/e) and designed and assisted in teaching hands-on offensive security classes for graduate students at the Dutch Kerckhoffs Institute for several years.

He co-authored the TETRA:BURST research and currently provides security consultancy services for clients ranging from government agencies and critical infrastructure to IT and OT companies across industry verticals.

  • All cops are broadcasting: Breaking TETRA after decades in the shadows
The speaker’s profile picture
Yassir Laaouissi

Senior Security Researcher @ PaloAltoNetworks-Unit42
Blog: https://verysecret.agency
Twitter: @kladblokje_88 or @UnflippedBit

  • Detect and Reverse engineer - Quick wins for defenders