Matt Tait, “@pwnallthethings”
Sr. fellow, UT Austin's Strauss Center
Matt Tait is a senior fellow at the Robert S. Strauss Center for International Security and Law at the University of Texas at Austin. Previously he was at Google Project Zero, an exploit developer at GCHQ, and spent about two years in Building 26 and 27 on the Microsoft Redmond Campus with various folks in the Microsoft Windows Security team while a principal security consultant at iSEC Partners.
Security Researcher, Graz University of Technology
Daniel Gruss (@lavados) is a PostDoc at Graz University of Technology. He finished his PhD with distinction in less than 3 years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating systems. He implemented the first remote fault attack running in a website, known as Rowhammer.js. He spoke at top international venues, including Black Hat USA 2016, Usenix Security 2015 & 2016, ACM CCS 2016, the Chaos Communication Congress 2015, and many more. His research team was one of the four teams that found the Meltdown and Spectre bugs published in early 2018.
Security Researcher, Graz University of Technology
Moritz Lipp is a researcher in information security at Graz University of Technology. He is pursuing his PhD with a strong focus on microarchitectural side-channel attacks on personal computers and mobile devices at the Institute of Applied Information Processing and Communications. His research has been published at top academic conferences and presented on different venues around the world.
Security Researcher, Graz University of Technology
Michael Schwarz is an Infosec PhD student at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016 and Black Hat Asia 2017 where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016, NDSS 2017, and NDSS 2018.
Security Researcher. Reversing and exploiting userspace, kernel and hypervisors.
Oran is an Israeli Independent Researcher. He is excited about embedded device hacking and the security of such devices. Oran previously worked on openiBoot, an open-source alternative boot-loader to Apple's iBoot for iOS devices. He was mainly responsible for re-implementing the iPhone's Flash Translation Layer (FTL) in order to achieve filesystem I/O ability in openiBoot and Linux. He also found some of the vulnerabilities used to gain code execution on the iPhone's baseband, namely AT+XLOG and AT+FNS vulnerabilities used in "ultrasn0w" unlock utility. In his spare time, Oran is a CTF player. He is one of the founding members of Pasten CTF team. Oran currently works for Medigate.
Security Kiwi Researcher
Benjamin Delpy, is a Security Researcher known as `gentilkiwi`. A Security enthusiast, he publishes tools and articles that speak about products’ weaknesses and prove some of his ideas. Mimikatz was the first software he developed that reached an international audience. It is now recognized as a Windows security audit tool. He previously spoke at PHDays, ASFWS, StHack, BlackHat, BlueHat US and many more.
Security Researcher, Google Project Zero
James is a Security Researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities, he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.
Sr. Security Research Manager, ATA, Microsoft
Itai Grady is a Senior Security Research Manager at Microsoft, leading the Advanced Threat Analytics research team. Previously, Itai was a member of various research and development teams for 15 years in several companies, including Aorato (acquired by Microsoft) and the 8200 intelligence unit. Itai holds a B.Sc degree at Computer Science.
Security Researcher, SpecterOps
Matt Graeber is a Security Researcher at SpecterOps. Matt has made a reputation for himself demonstrating how otherwise trusted software and technology can be abused by attackers – referred to as the "living off the land" methodology. As a former malware reverse engineer, Matt has seen the extent to which attackers succeed in executing code that has no business being trusted. As such, despite regularly finding bypasses, Matt is an unapologetic supporter of application whitelisting as a means of preventing a majority of attacks (both opportunistic and targeted), enabling defenders to focus their detections on more capable adversaries who manage to slip silently through the cracks. Matt is very much fascinated by the concept of trust, what it means to people, and how assumptions of trust can be subverted.
Lead Security Architect, Azure Management, Microsoft
Lee Holmes is the lead security architect of Microsoft’s Azure Management group, covering Azure Stack, System Center and Operations Management Suite. He is author of Windows PowerShell Cookbook, and an original member of the PowerShell development team.
Team Leader, Security Research Labs, Cellebrite
Gil is a 10-year Security Researcher who leads the Android and Bootloader Research teams at Cellebrite's Security Research Labs. Prior to joining Cellebrite, he served as a Security Researcher and Officer in the IDF Intelligence Corps, completed a CS B.Sc. at Tel Aviv University, and worked at North-Bit (acquired by Magic Leap). Outside the office, Gil is an amateur singer-songwriter and a former Israeli Olympic Shooting champion.
General Manager, Threat Intelligence Center, Microsoft
John Lambert has been at Microsoft for 17 years. He is the General Manager of the Microsoft Threat Intelligence Center. The Center is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers. Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary based threats through security research, threat intelligence, forensics, and data science. Previously at Microsoft, Lambert worked in the Trustworthy Computing group for ten years and the Windows Security group on features related to cryptography and security management. He joined Microsoft after three years at IBM as a developer in their software group. Lambert holds a bachelor’s degree in computer science from Tulane University and is named on more than nine software patents and seven pending applications.
Vincent Le Toux
Vincent LE TOUX, 37 years old, French Security Manager in a large company SOC / CSIRT / SECOPS manager / AD expert CEO of My Smart Logon - smart card logon (www.mysmartlogon.com) Author of Ping Castle - an AD security tool (www.pingcastle.com) Contributions in Mimikatz Many open source contributions (OpenPGP, OpenSC, GIDS applet, ...) Presenter in many conferences including FIRST (Puerto Rico, 2017) & in France.
Security Researcher, Intel
Marion Marschalek is a former Malware Analyst and Reverse Engineer who recently started work at Intel in order to conquer the field of low level security research. She has spoken at all the conferences and such, and seen all the things, and if you want more details on her current activities you'll have to find your way around Intel's legal department. Also, she runs a free reverse engineering workshop for women, because the world needs more crazy researchers.
CTO Security, Microsoft
Günter Ollmann serves as CTO for Security and helps oversee the cross-pillar strategy for the Cloud and Enterprise Security groups at Microsoft. Before joining Microsoft, Günter served as Chief Security Officer at Vectra AI, driving new research and innovation into ML-based threat detection of insider threats. Over the last couple of decades Günter built and led multiple world-renowned advanced security R&D and consulting teams, having held CTO and executive strategy roles, at companies such as NCC Group PLC, IOActive Inc., Damballa Inc., IBM, and Internet Security Systems. He is a widely respected authority on security issues and technologies, and has researched, written and published hundreds of technical papers and bylined articles over the years.
Security Researcher, OSR, Microsoft
Jordan is a researcher on Microsoft WDG's Offensive Security Research (OSR) team. After joining in 2016, he did work which has contributed to the security of Windows, Edge, Windows Phone, Xbox, Hyper-V, Windows Defender Advanced Threat Protection and Application Guard.
Director, GReAT, Kaspersky Lab
Director, Global Research and Analysis Team (GReAT) Kaspersky Lab, Romania. Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He leads the Global Research and Analysis Team at Kaspersky and worked on Stuxnet, Regin, Careto and the Equation group, as well as other high profile APTs. Costin has over 20 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board and a member of the Computer AntiVirus Researchers’ Organization (CARO). Some of his hobbies include chess, high precision arithmetic, cryptography, chemistry, photography and Science Fiction literature.
Security Researcher, Microsoft
Marina Simakov is a Security Researcher at Microsoft, with a special interest in network security and authentication protocols. She holds an M.Sc. in computer science with several published articles, and with a main area of expertise in graph theory. Previously spoke at BlueHat IL 2017 and DefCon.
Matt Suiche is the founder of the cybersecurity start-up Comae Technologies. Prior to founding Comae, he was the Co-Founder and Chief Scientist of the application virtualization start-up CloudVolumes, which was acquired by VMware in 2014. Matt has also been a frequent speaker on memory forensics and blockchain stuff at various computer security conferences such as Black Hat Briefings, Microsoft Blue Hat Hacker Conference, Hackito Ergo Sum, Europol High Tech Crime Experts Meeting, CanSecWest, PacSec, Hack In, The Box, SyScan and Shakacon.
Sr. Director, Security Research Labs, Cellebrite
Shahar joined Cellebrite in 2015 to lead an amazing research group tasked with forensic extraction of mobile devices (before such challenges became mainstream news items). Prior to joining Cellebrite, Shahar held technological leadership roles with the IDF Intelligence Corps and Air Force, followed by leading security-giant Check Point’s research group, where he was fortunate to present at awesome infosec cons around the world (DEF CON, CCC and many others).
Postdoctoral Researcher, KU Leuven
Mathy Vanhoef is a postdoctoral researcher at KU Leuven. He did his PhD on the security of WPA-TKIP, TLS, and RC4. His research interest is in computer security with a focus on wireless security (e.g. Wi-Fi), network protocols in general, the RC4 stream cipher (where is discovered the RC NOMORE attack), and software security (discovering and exploiting vulnerabilities). Currently his main research is about automatically discovering vulnerabilities in network protocol implementations, and proving the correctness of protocol implementations.
Group Manager, Windows team, Microsoft
David Weston is a group manager in the Windows team at Microsoft, where he currently leads the Windows Device Security and Offensive Security Research teams. David has been at Microsoft working on penetration testing, threat intelligence, platform mitigation design, and offensive security research since Windows 7. He has previously presented at security conferences such as Blackhat, CanSecWest and DefCon.