MOM Cultural Center, Budapest // 6-7th October 2022
A well-known computer magazine once wrote that Tobias Schrödel is the “first IT-comedian”. And really, he explains technical vulnerabilities and correlations in a way everybody can understand while not letting the fun miss out. As a qualified IT-specialist, Tobias worked many years as a consultant for one of the biggest worldwide IT- and telecommunications corporations – so he knows what he is talking about.
Robert Moody is a threat intelligence and incident response expert. He currently leads the Threat Intelligence Team of THD Inc., an S&P50 global retail corporation. He is experienced in insider threat hunting as well as working with the legal community and private sector on large scale multinational projects. His background includes working in telecommunication, consulting, retail, and financial services industries. He has a M.Sc. in Cybersecurity from the ie University, and holds CRTIA, CISA, CDPSE, and CISM certifications.
Senior Consultant in Cybersecurity and Intelligence
Éric Filiol is a professor at ENSIBS, Vannes, France, and at National Research University Higher School of Economics, Moscow, Russia in the field of information and systems security. He is also a senior consultant in cybersecurity and intelligence. He directed the research and the cybersecurity laboratory of a French engineer school for 12 years. He spent 22 years in the French Army (Infantry/French Marine Corps). He holds an engineering degree in Cryptology, a PhD in Applied Mathematics and Computer Science from Ecole Polytechnique, and a Habilitation to Conduct Research (HDR) in Information from the University of Rennes. He holds several NATO certifications in the field of intelligence. He is editor-in-chief of the research journal in Computer Virology and Hacking Techniques published by Springer. He regularly gives international conferences in the field of security.
Bence Horvath is a seasoned cybersecurity executive focused on next-generation cyber defense and intelligence-led offensive operations. He currently leads the Next-Gen Security Operations and Advanced Security Testing Teams for EY’s Cybersecurity Practice in London, focused on Tier 1 clients in the financial services and CNI sectors. His background includes working in telecommunication, aerospace and defense, financial services and consulting. He has an MBA from ie Business School, an M.Sc. in Business Information Systems from the Corvinus University, and holds CRTIA, CISSP and CISM certifications.
José Garduño is a senior security consultant at Dreamlab Technologies since 2014, where he usually takes part in security audits, pentesting, and red teaming engagements. He has participated as a speaker in several technical conferences like Hackito Ergo Sum (France), Swiss Cybersecurity days (Switzerland), DSS ITSEC (Latvia), 8.8 Security Conference (Chile, Bolivia), OWASP Patagonia (Argentina), Congreso Seguridad en Computo UNAM (Mexico), DragonJar Security Conference (Colombia), where he has presented his work on privacy attacks on Latin-America (The government as your hacking partner), Hacking with open hardware platforms (revisiting hardware keyloggers, say hi to Mikey: an offensive hardware keylogger) and C2 detection (RATSPOTTING: Analysis of popular Remote Administration Tools & discovery of C2 servers on the wild).
My name is Mark Modly and as an IT (security) architect and teacher I always had the responsibility to aim for the highest standards for every design and knowledge sharing session. In my life I had the privilege to work on a lot of projects for companies in various domains like banking institutes and telecommunication companies in different countries. For a long time I was only one of the attendees at conferences like this, but now I think it is time for me to give back some value to the community. I mainly specialize on web technologies as I got hooked on it in the early 2000s so if you are interested in a working pure CSS “key logger” feel free to pop in!
Penetration Testing Lead - Standard Chartered Bank
Currently Penetration Testing Lead @ Standard Chartered Bank where he is responsible for the technical part of the whole penetration testing team (more than 20 pentesters). In the security industry for more than 14 years. Experience in the area of penetration testing, reverse engineering or vulnerability finding. Multiple conferences speaker in Poland (Confidence, WTH) and abroad (HiTB, PacSec, DefCamp, H2HC).
Currently working as Penetration Tester in Standard Chartered Bank. For past years handled multiple roles related to IT security / application security / software development in the financial sector. Fan of automating stuff, always curious, hanging around looking for systems/processes that can be abused.
You might know me as @xdavidhu. I am a 19-year-old CS student who has been around the IT security field ever since I can remember, sort of. I wrote my first hacking tools five years ago, and stumble upon bug bounties in 2018. Most recently I have been exclusively hacking on Google VRP, Google’s bug bounty program, where every product of the company is in scope, from the thermostat on your wall to the production Google applications serving billions of users. I found quite a few bugs, and moved up on the leaderboard, currently being one of the top 40 Google VRP hackers worldwide.
I have been working on the field of cryptography since 2001. My specialties are e-signatures, encryptions, cryptography-based protocols (SSL/TLS) and cryptography-enabled devices (PKI smart cards, MIFARE-supported NFC cards). Recently I started to work with post-quantum cryptography technologies, I analyzed virtual currencies and e-voting models (direct democracy). For more reference on cryptography (and e-government) you can check my blog: http://kormanyablak.org/it_security_index.php
Matek Kamillo (k4m1ll0) is a white hat hacker. For him, it does not just a job, it’s a lifestyle. k4m1ll0 published several vulnerabilities and made several penetration testing tools during the years. As a senior member of the KPMG Hungary Sec Lab team, he usually takes part in Penetration Testing and Source Code Reviews. His favorite topics are Exploit Development and Reverse Engineering.
Barak Sternberg is an Experienced Security Researcher who specializes in Offensive Security. Founder of “WildPointer”, and previously an author at SentinelLabs (“Hacking smart devices for fun and profit”, Defcon 2020 IoT Village) and leading innovative cybersecurity research. Barak spent more than six years at Unit 8200, IDF, as a team leader of 5-10 security researchers. He is highly skilled in offensive cyber-security, from vulnerabilities research in various areas: Linux, IoT, embedded and web apps to analyzing malware in the wild. Barak is also a CTF’s addict, posting write-ups and technical vulnerability analysis in its blog (livingbeef.blogspot.com).
Barak also acquires BSc, MSC (in CS) focused on algorithms from Tel-Aviv University and a DJ certificate from BPM college. @livingbeef // https://www.linkedin.com/in/barakolo/
I’ve been working Principal Security Engineer and Security Researcher at Zup Innovation and Security Researcher and Instructor at Hacker Security…I’m Hacking is NOT crime Advocate..I’m part of the Staff team of DEFCON Group São Paulo-Brazil, International Speakers in Security and New technologies events in many countrie such as US, Canada, Germany, Poland and others, I’ve been served as University Professor in graduation and MBA courses at colleges as FIAP / Mackenzie / UNIBTA and UNICIV, in addition, I’m Founder and Instructor of the Course Malware Attack Types with Kill Chain Methodology (PentestMagazine) and Malware Analysis – Fundamentals (HackerSec Company).
Co-founder - Hacking is NOT a Crime & We Open Tech.
Chloé Messdaghi is an award-winning changemaker who is innovating tech and information security sectors to meet today and future demands by accelerating startups and providing solutions that empower organizations and people to stand out from the crowd. She is an international keynote speaker at major information security and tech conferences and events, and serves as a trusted source to reporters and editors, such as Forbes and Business Insider. Additionally, she is one of the Business Insider’s 50 Power Players. Outside of her work, she is the co-founder of Hacking is NOT a Crime and We Open Tech.
Ph.D. in Computer Science, CISSP, CSSLP. Over ten years of working experience in application security. Current position is a Principal Security Engineer at Huawei Russian Research Institute. Associate Professor at Bauman Moscow State Technical University, OWASP contributor.
Yutai worked in various security areas for more than 5 years for an electric public company and a semiconductor manufacturing company. His main job was to respond to incidents and analyze them. After that, he made a start-up company that provides security service based bigdata and machine learning to enterprises.
Seungyeon worked in various security areas for more than 5 years for an electric public company and a semiconductor manufacturing company. His main job was to respond to incidents and analyze them. After that, he made a start-up company that provides security service based big data and machine learning to enterprises.
Changmin worked in various security areas for more than 5 years for an electric public company and a semiconductor manufacturing company. His main job was to respond to incidents and analyze them. After that, he made a start-up company that provides security service based bigdata and machine learning to enterprises.
Rashid Feroze is head of infrastructure security at CRED, one of the fastest growing fintech in India. He loves to break into networks, cloud, applications while implementing defenses for the same. He is an active community speaker and likes to talk about securing infrastructure on a scale. He has helped to secure multiple banks, financial entities and govt agencies across the globe. He has previously given talks at security conferences such as Nullcon, Bsides and Rootconf.
Patrick (0xn00b), a DEF CON 26 Black Badge holder, is the co-founder of Village Idiot Labs which helps run IoT Village across the globe. Patrick has created a fully immersible/virtual web-based lab environment that people can learn how to hack IoT without the need for their own tools, equipment or even prior knowledge.
Senior Engineer running petabyte-scale Log Management program at the second largest bank in Switzerland, former SIEM Consultant for Tieto, Nordea, and UBS. Enthusiast of Cloud Security and Zero Trust architecture. Holder of multiple industry certifications, including CISSP, CCSP, CISA and a few others. Member of ISACA Zurich. Constantly looking for the holy grail of Log Management.
Balazs is an electrical engineer who is interested in low-level programming, printed circuit board design, embedded firmware development, and FPGA’s. His favorite reverse engineering project was re-creating the full schematic of the 6502 processor by analyzing its silicon die images. He has worked as a private entrepreneur for 20 years and is a co-founder of a Californian software development company called Screamingbox LLC. He spends his free time in nature: hiking, running, flying a glider, or a Cessna 172.
Simon is a self-taught Vulnerability Researcher at SonarSource who is passionate about playing CTF, traveling, and sports. He has come up with ways to find 0days in some of the most popular web applications such as WordPress, MyBB, and Magento2. He has also developed exploits for the Linux Kernel and Counter-Strike: Global Offensive.
Security Engineer & Evangelist - Balasys IT Security
Szilárd graduated from the University of Óbuda with a degree in electrical engineering. He gained 15+ years of experience in the development of network security products in C/C++ and Python languages. During these years the developments have been made in a Linux environment using free software. As committed to free culture and content, network and data security he is a regular speaker at conferences and trainings and regularly publishes articles on these topics. With many years of development leadership behind him, he is a believer in agility. He currently works as a security engineer and evangelist at Balasys IT Security. Its primary responsibilities include expert participation in R&D projects and IT security evangelism. In his spare time, he develops a command line tool and Python library for checking cryptographic (TLS/SSL/SSH) settings of client/server applications, of course under a free software license.
Eugene Neelou is a security researcher and author of the industry report that covers the past 10 years of AI vulnerability research, the field known as adversarial machine learning. He is a Co-Founder & CTO of Adversa.AI, an Israeli startup on a mission to protect AI systems from cyber threats, privacy issues, and safety incidents.
Marcel Seibert, Senior Associate at PwC Germany, is a passionate Penetration Tester specialised on the topics Embedded and IoT. Besides testing embedded and IoT systems he supports customers with prototype implementation of security-relevant mechanisms, e.g. secure automatic hard drive encryption/decryption on Linux. He is mainly engaged in penetration tests of control units in many sectors such as marine, rail, automotive and critical infrastructure. He also has project experience in fuzzing firmware or applications, reverse engineering x86 and ARM and general pentesting knowledge, e.g. web applications etc. As a fan of automation and efficiency, he likes to code in C++, Go and Python. Besides work and his passion for interesting technical stuff, you can find him bouldering or biking with friends.
Mohit Sharma is working as a Developer Advocate at MongoDB, helping developers architect clean and testable app’s. He has been working with Android for more than 10 years, since Android 2.2, previously with OLX group and believes that sharing knowledge is the best way of learning something new.
Ákos Csilling is a senior manager at the Bosch Engineering Center in Budapest. He leads an automotive communications testing team, as well as a cross-organizational core team for product security. He earned a PhD in Physics from Eötvös University and an MBA in international management from the University of Geneva. As a Bosch Scientist, he is also promoting collaboration between industry and academia for research and education.
Aseel is a security researcher at Kaspersky’s GReAT (Global Research and Analysis Team). Her research mainly focuses on threat groups and attacks active in the Middle East region. Aseel received her Bachelor’s degree in computer science and English literature, and speaks Arabic, Hebrew and English. Some of her work has been presented at security conferences such as Virus Bulletin, CCC, Botconf, and TheSASCon.
Software developer turned rogue, went from developing apps for small businesses to 2M+ DAU Facebook games while keeping an eye for everything shiny and new. For a couple of years, I’ve shifted gears and started my career as a security researcher while speaking at various conferences (SAS, AVAR, PHDays) in my free time showcasing whatever random stuff I hacked. Fortunately, after joining WhiteOps, I turned this passion into my full-time job. With a background in electronics engineering and various programming languages, I like to dismantle and hopefully put back whatever I get my hands on.
Mark Lechtik is a Senior Security Researcher at Kaspersky`s GReAT (Global Research & Analysis Team), based in Israel. After working as a researcher and manager in Check Point’s malware research team, he is focused mainly on analysing malware of all shapes and forms, digging up its underlying stories and profiling the actors behind it. Today he is tasked with breaking down implants and campaigns in the realm of APT and putting it all into intelligence reports for Kapserky’s customers. Mark has previously presented some of his work at known security conferences including REcon, CCC, CARO Workshop, AVAR and TheSASCon.
Csaba graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big networks. After that he worked for 8 years as a blue and red teamer focusing on network forensics, malware analysis, adversary simulation, and defense bypasses. Currently, he is working as a content developer at Offensive Security. He gave talks and workshops on various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON, NULLCON and Objective By The Sea.
Csaba spends his free time with his family, practices ashtanga yoga before sunrise or simply hikes in the mountains.
Paul Rascagneres is a security researcher within Kaspersky GReAT (Global Research & Analysis Team). As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has been involved in security research for ten years, mainly focusing on malware analysis, malware hunting and more specially on advanced persistent threat (APT) campaigns and rootkit capabilities. He previously worked for several incident response teams within the private and public sectors.
Director of Security Research - TASZK Security Labs
Dániel Komáromy earned computer science degrees from BME and Georgia Tech. He’s worked in the mobile security field ever since, gaining a decade-plus of vulnerability research experience playing both defense and offense. At Qualcomm, he hunted baseband 0-days, authored exploit mitigations, trained developers, and fought the SDLC machine. Later, he worked as a security consultant in the automotive security industry, followed by years of playing offense: at Pwn2Own, at CTFs around the world, and also for real. Today he is the founder and director of security research at TASZK Security Labs, still following the motto: there’s no crying in baseband!
Zoltan (@zh4ck) is the Head of Vulnerability Research Lab at CUJO AI, a company focusing on smart home security. Before joining CUJO AI he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes. He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras.
With more than 15 years’ experience in Application and Serverless Security, Tal recently co-founded CloudEssence, a cloud-native Application Security company that was acquired by Contrast Security in 2020, where he now leads the new innovation centre in Israel. Previous to CloudEssence, Tal headed the security research at Protego Labs, a Serverless security startup that was acquired by Check Point. To follow his moto “security through education” ,Tal trains hundreds of developers and security teams around the world while also serving as an AWS Community builder, an Open-Source projects leader and a professor at the cybersecurity master’s program at Quinnipiac University.
Piotr specializes in the use of DNS in cybersecurity systems. For the last 3+ years he has been researching various malware and APT examples for their use of DNS. He has experience in administration, design and implementation of network solutions acquired during over 20 years of work in various types of companies, from a service provider, through integrator, to vendors of network and cybersecurity solutions. Currently working as a senior solution architect at Infoblox, where he deals with the technical side of Secure DNS solutions. Cisco CCIE Emeritus #15966.
Vasiliy joined Kaspersky in 2010 as a member of the Anti-Malware Research Team, specifically the Anti-Rootkit Group. He was responsible for discovering complex threats that are difficult to detect or cure, specifically those that bypass Kaspersky security systems and technologies. Since 2016, he has worked in the Targeted Attacks Research Group (TARG) and researches targeted and complex threats (APTs), writing detection logic that allows Kaspersky products to hunt previously unknown activity of that nature
Loránt Szabó is a security researcher at TASZK Security Labs. An electrical engineer by trade with an MSc from BME, he got introduced to the infosec world by joining the !SpamAndHex CTF team 5 years ago. He has been an avid CTF player and explorer of hardware hacking and embedded and wireless security ever since. He has never met a hardware requirement that he didn’t want to DIY from scratch and his co-workers call him the frequency whisperer, which is an inside joke that he doesn’t like very much.
Penetration tester and security auditor with 10+ years of experience. I am passionate about searching bugs, vulnerabilities in the source code of different applications, have vast experience in banking systems and web application penetration testing. Also a security trainer and lecturer in a university.
After 13 years in itsec and 20 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 (cure53.de) and Version 1 (www.version1.com). Creator of “Practical Web Defense” – a hands-on eLearnSecurity attack / defense course (www.elearnsecurity.com/PWD), OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications
Istvan works as an IT security specialist for Deloitte, mainly focusing on security review and penetration testing of AWS Cloud infrastructures and web applications. He is keen on engaging in a wide range of ethical hacking projects, discussions, and solving hacking challenges in his free time. Istvan also held workshops at the Hacktivity conference in 2018 and 2020 regarding web application penetration testing and game hacking.
Levente lives in a world of zeros and ones. Founder and CTO of the bug bounty platform called HACKRATE. He is an active bug hunter, successfully reported bugs to US DoD, Adobe, Logitech, BMW, Sony, and other big enterprises. As an IT Security Engineer, he planned, implemented, and managed various IT security solutions. He worked on international projects in Kuwait and Oman as an ethical hacker.
Peter works as a senior red teamer and security specialist and holds the OSCP and OSWE certifications. While his main area of interest is red teaming, he also routinely performs penetration tests for web and binary applications where he enjoys white box testing in particular, getting to know the applications inside and out and finding vulnerabilities in the source code that would otherwise remain hidden.
Attila is a seasoned information security professional with 20+ years of experience in cyber security. He holds CISSP, CISA, CISM certifications. He has worked with various security vendors, implemented security solutions for the largest Hungarian and Eastern European companies. In the last 5 years, he has been focused on designing and building security operations centers (SOC) including incident management, playbook and process design, maturity assessment, and a lot more.
Daniel is a software developer and trainer by the heart, and he enjoys guiding others in the field of IT Security. Daniel partnered with SCADEMY to brings his vision of secure coding education to life. He is a father of two, likes interesting conversations, spending time outdoors with his family, and tinkering with anything IT.
Fõ érdeklõdési területei: exploitok, fuzzolás, malware analízis.
OSCE, ECSA, CHFI, CISSP minõsítésekkel rendelkezik. 2005 Cerified Ethical Hacker képzés mellett forensic analízist, malware analízist, illetve alkalmazások biztonsági tesztelését is tanítja. Rendszeresen oktat külföldön is, így többek között Hollandiában, Szlovákiában, Romániában és az USA-ban is tartott már képzéseket IT-biztonsági témákban.
Az oktatás mellett szabadúszóként etikus hekkerként dolgozik: elsõsorban Windows alkalmazások, valamint belsõ és külsõ hálózatok tesztelését végzi.