Senior Research Fellow, Citizen Lab
Bill Marczak is a Senior Research Fellow at Citizen Lab and a Postdoctoral Researcher at UC Berkeley, where he received his PhD in Computer Science. Bill's work focuses on novel technological threats to Internet freedom, including new censorship and surveillance tools. Coverage of his work has been featured in Vanity Fair, the New York Times, the Washington Post, on CNN, and on Larry King.
Senior Researcher, Citizen Lab
John Scott-Railton is a Senior Researcher at Citizen Lab (at The University of Toronto). His work focuses on technological threats civil society, including targeted malware operations, cyber militias, and online disinformation. His greatest hits include a collaboration with colleague Bill Marczak that uncovered the use of NSO Group's Pegasus spyware to target civil society in several countries, including Mexico and the UAE. This investigation also uncovered the first iPhone zero-day and remote jailbreak seen in the wild. Other investigations include the first public report of ISIS-led malware operations, the Government of China's nation-scale DDoS attack (the "Great Cannon"), and the 'tainted leaks' Russian disinformation campaigns. John has also investigated the successful manipulation of news aggregators such as Google News, and privacy and security issues with fitness trackers. Recently, John was a fellow at Google Ideas and Jigsaw at Alphabet. Previously he founded The Voices Projects, collaborative information feeds that bypassed internet shutdowns in Libya and Egypt.
Cybersecurity Writer, The Associated Press
Raphael Satter is the Cybersecurity Writer for The Associated Press, where he covers leaks, hacks and espionage. His recent work includes a year-long series on the Russian hacking group Fancy Bear that prompted Congress to call for changes in the way the FBI notifies targets of state-backed hacking and an inside look at the WikiLeaks organization.
Whistleblower at Christopher Wylie
Christopher Wylie is the former Director of Research for Cambridge Analytica and SCL Group, which was a UK-based military contractor specializing in information warfare. He witnessed first hand how culture, information and algorithms were being weaponized by militaries, governments and companies to undermine elections around the world. In 2018, Christopher worked with The Guardian and New York Times as a whistleblower to expose how social media data was being exploited and turned against ordinary citizens.
Ido Kenan is a veteran journalist, blogger and podcaster, covering the tech culture scene for over two decades.
Kiwi Researcher / Banque de France
Benjamin is a Security Researcher known as `gentilkiwi`. A Security enthusiast, he publishes tools and articles that speak about products' weaknesses and prove some of his ideas. Mimikatz was the first software he developed that reached an international audience. It is now recognized as a Windows security audit tool. He has previously spoken at PHDays, ASFWS, StHack, BlackHat, BlueHat and many more.
VP R&D, CTS Labs
Uri is a cybersecurity expert and former researcher in Israel’s Unit 8200. Following a few years of tech entrepreneurship, Uri joined CTS Lab as VP R&D, where he played a major role in the company’s recent discovery of security flaws in AMD processors.
Ulf is a pentester in the Swedish financial sector by day, and a Security Researcher by night. Ulf is the author of the PCILeech direct memory access attack toolkit and has previously presented his work at DEF CON and the Chaos Communication Congress. Ulf is interested in things low-level and primarily focuses on Memory Analysis and Direct Memory Access.
Malware Intelligence Analyst, Malwarebytes & Owner, Hashereware
Hasherezade is passionate about IT since early teenage years. From that time she collected a wide range of experience – working as a scientific researcher, programmer, pentester and analyst. Currently, she spends most of her time analyzing malware for Malwarebytes, and sharing knowledge about it in technical blog posts, as well as on a private YouTube channel. She builds software with the same enthusiasm as she takes it apart. She is an author and active maintainer of several free and open-source tools, mostly related to malware analysis. In 2018, she was included on a Forbes Europe list of 30 under 30 in technology.
bunnie is best known for his work hacking the Microsoft Xbox, as well as for his efforts in designing and manufacturing open source hardware, including the chumby (app-playing alarm clock), chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop). He received his PhD in EE from MIT in 2002. He currently lives in Singapore where he runs Kosagi, a private product design studio. bunnie actively mentors several startups and students of the MIT Media Lab.
Independent Security Researcher
Bruno is an independent security researcher with a strong interest in browser security and full chain exploitation through browsers. He previously wrote and presented about Firefox exploitation. He demonstrated Firefox RCE and Firefox info leak at Hack2Win eXtreme 2018. He also enjoys playing CTF with the German team Eat, Sleep, Pwn, Repeat.
Security Researcher, Trend Micro
Lucas Leong (@_wmliang_) is currently a security researcher at Trend Micro. His research interests focus on vulnerability discovery, binary exploitation, reverse engineering and symbolic execution. Lucas is also one of the MSRC Top 100 recent years and HITCON CTF team member.
CEO, CTS Labs
Ido is a tech entrepreneur with over 16 years of experience in cybersecurity. He was formerly a team leader in Israel’s Unit 8200 (the Israeli equivalent of the NSA), worked as a security consultant to defense and financial institutions, and founded three companies in the field. Ido founded CTS Labs in 2017 and served as CEO. The company recently made news when it uncovered security flaws in AMD’s new line of processors.
Security Engineer, Microsoft
Matt Miller is a security engineer working as part of the Microsoft Security Response Center (MSRC). In this role, Matt drives strategy and engineering related to proactive vulnerability defense across Microsoft’s products and services. Prior to joining Microsoft ten years ago, Matt was a core contributor to the Metasploit framework and an editor for the Uninformed journal.
Product Security Consultant, Pulse Security
Cristofaro is a Product Security consultant, providing support for design and development of secure products. He also performs device-level security testing with advanced SW and HW techniques. He has more than 16 years of experience in SW & HW security assessment of complex ecosystems, embedded devices and highly secure products, across different stages of the production chain. Examples are System-on-Chip(s), TEEs, IoT devices, critical infrastructures, payment systems, mobile applications and others, ranging from fully SW-based to purely HW-based solutions. Cristofaro has presented at renowned security conferences including Black Hat, Microsoft BlueHat, hardwear.io, EuskalHack, CONFidence, Syscan, HackInTheBox, WarCon. His topics have included Linux privileges escalation via FI, TEEs secure initialization, White-Box cryptography attacks, IoT exploitation, and mobile security. He is also co-author of Academic papers on White-Box cryptography and FI attacks.
Security Researcher, Medigate
Long time researcher and developer of embedded devices. Interested in low-level reverse engineering, firmware development and emulation, especially of video game consoles. Or holds an M.Sc. in neurobiology, where he researched neuronal memory mechanisms in mice. He is also a pastry chef and pianist in his free time.
Director, GReAT, Kaspersky Lab
Costin is the Director, Global Research and Analysis Team (GReAT) at Kaspersky Lab, Romania. Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He leads the Global Research and Analysis Team at Kaspersky and worked on Stuxnet, Regin, Careto and the Equation group, as well as other high profile APTs. Costin has over 20 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board and a member of the Computer AntiVirus Researchers’ Organization (CARO). Some of his hobbies include chess, high precision arithmetic, cryptography, chemistry, photography and Science Fiction literature.
Security Researcher, WDATP, Microsoft
Amit, a security researcher on Microsoft Windows Defender Advanced Threat Protection team has 10 years of experience in low-level security research and development. Prior to joining Microsoft, Amit served in the IDF Intelligence Corps and worked at C4-Security (acquired by Elbit).
Independent Security Researcher
Steven is an independent security researcher with a focus on high impact vulnerabilities affecting products used by thousands of companies and individuals. Starting out as a Java developer, Steven discovered his passion for security after switching to penetration testing. Previously Steven uncovered a Heap metadata weakness known as the “Depth De-sync Vector” affecting Windows 7 and 8 Low Fragmentation Heap allocator. “Depth De-sync Vector” allowed for generic exploitation of conditional memory corruptions. Steven was also the lead developer of the Advanced Web Attacks and Exploitation (AWAE) course held by Offensive Security and taught the course multiple times at Black Hat USA and ASIA. He has spoken at a number of security conferences including HITB, Ruxcon and BSides Mexico.
Security Researcher, Microsoft
Bhavna is a Security Researcher at Microsoft. She's been fighting malware for several years and now just trains all the machines to do her work for her. Previously, she was at Intel doing APT response and Threat Intelligence. She holds a master’s degree in Computer Security from Georgia Tech and sometimes trains people in reverse engineering.
Albert is currently on a sabbatical. In his previous life he has analyzed SoCs, embedded systems and pure software solutions such as payment applications, where he enjoyed recovering keys. He has previously presented at conferences such as: Black Hat (Europe) and HITB Amsterdam.
Principal Security Analyst, Riscure
Niek is a Principal Security Analyst at Riscure, where he analyzes and tests, the security of SoCs and embedded systems, among other things. His primary interest is analyzing and attacking embedded systems using hardware attacks. However, never a week goes by without disassembling some random binary. At present, Niek is focusing mostly on automotive security. But is that really so different from any other embedded system? He has shared the results of his research at various conferences across the globe such as Black Hat (USA/Europe), escar (USA/Asia/Europe), BlueHat and HITB Amsterdam.
Luca has spent the past 4 years doing iOS-focused independent security research, and has been passionate about iOS for a decade. As a result, he has contributed to several public and private jailbreaks for iOS and PlayStation 4, and continues to research to this day.
x0rz is a French hacker, former blueteam, now working as a pentest/redteam consultant in Paris for international customers. x0rz is a known security evangelist throughout the community, regularly tweets about relevant infosec news, and maintains his blog at 0day.rocks. x0rz is also a strong privacy advocate and a proud Tor node operator. Occasionally, x0rz fights against disinformation on Twitter using his OSINT skills and tries to raise awareness about the ongoing (dis)information war.
© Microsoft 2018
* Entrance to Microsoft's events with any kind of weapon is prohibited.
* Footage of the event will be taken by Microsoft and media channels, and may be used for Microsoft’s communication and publication purposes.
© Microsoft 2018