Black Hat Europe 2010 //Welcome
Barcelona, Spain • Apr 12 - 15
Andre Adelsbach is leading the Security, Audit and Governance Services team of Telindus – Belgacom ICT in Luxembourg. In this role André is defining strategic security services and provides consultancy and audits in application security, cryptographic protocol design, system and network security and information security management.
André has been working in information security for more than 10 years, authored more than 40 international publications and is a program committee member and reviewer for various information security conferences and journals.
André holds a PhD for his studies on information security and cryptographic copyright protection at Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany and serves the board of the OWASP Luxembourg Chapter.
Iftach Ian Amit
Security & Innovation
With over 10 years of experience in the information security industry, Iftach Ian brings a mixture of Software development, OS, Network and web security to the Strategic consulting firm Security & Innovation. Prior, Ian held a Director level roles at web security firms Aladdin and Finjan. Prior to that, Ian was the founder and CTO of a security startup in the IDS/IPS arena and developed new techniques for attack interception. Prior to that, he served in a director position at Datavantage (NASDAQ:MCRS) with responsibility for software development, Information security as well designing and building a financial Datacenter. Prior to Datavantage, he managed the Internet application department at Comsec Consulting as well as the Unix Department, where he has been consulting to major banking and industry companies worldwide. Iftach Ian holds a Bachelors degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.
Patroklos Argyroudis is an IT security researcher at Census, Inc (www.census-labs.com), a company that builds on strong research foundations to offer specialized IT security services to customers worldwide. Patroklos holds a PhD in Computer Security from the University of Dublin, Trinity College, where he has also worked as a postdoctoral researcher on applied cryptography and electronic payment topics from 2006 to 2009. His current focus is on vulnerability research, exploit development, reverse engineering, source code auditing and malware analysis.
Push The Stack Consulting
James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.
Christiaan Beek has been working in the security field for several years. Working for national and international companies, he gained knowledge of hacking techniques, forensic analysis and incident response. Currently he is working as a security consultant/ethical hacker and trainer for a Dutch company, TenICT. He developed and lectured an internet forensics training and a digital evidence training for attorneys. As a SME he acted for the Duth News Agency on prime-time news about the TJX hack. In 2009 he gave a training about file carving at ITUnderground 2009 in Warsaw. His free time is spent with security research & writing for several media outlets like Hakin9. He keeps his own blog at: www.securitybananas.com
Marco Bonetti is a Computer Science engineer with a lot of passion for free and open source operating systems. Interested in privacy and security themes, he's following the emerging platforms for the protection of privacy in hostile enviroments. As he didn't find any suitable distribution for his PowerBook, he created Slackintosh:the unofficial PowerPC port of the famous Slackware Linux distribution. He's currently working as a security consultant for CutAway.
Ero Carrera is currently a reverse engineering automation researcher at SABRE Security, home of BinDiff and BinNavi. Ero has previously spent several years as a Virus Researcher at F-Secure where his main duties ranged from reverse engineering of malware to research in analysis automation methods. Prior to F-Secure, he was involved in miscellaneous research and development projects and always had a passion for mathematics, reverse engineering and computer security.
While at F-Secure he advanced the field of malware classification introducing a joint paper with Gergely Erdelyi on applying genomic methods to binary structural classification. Other projects he's worked on include seminal research on generic unpacking.
Additionally, Ero is a habitual lurker on OpenRCE and has contributed to miscellaneous reverse engineering.
Websense Security Labs
Stephan Chenette is a Principal Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools and next generation emerging threats. He has released public analyses on various vulnerabilities and malware.
Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.
Mariano Nuñez Di Croce
Mariano Nuñez Di Croce is the Director of Research and Development at ONAPSIS. Mariano has a long experience as a Senior Security Consultant, mainly involved in security assessments and vulnerability research. He has discovered critical vulnerabilities in SAP, Microsoft, Oracle and IBM applications.
Mariano leads the SAP Security Team at Onapsis, where he works hardening and assessing the security of critical SAP implementations in world-wide organizations. He is the author and developer of the first open-source SAP Penetration Testing Framework and has discovered more than 40 vulnerabilities in SAP applications. Mariano is also the lead author of the "SAP Security In-Depth" publication.
Mariano has been invited to hold presentations and trainings in many international security conferences such as Blackhat USA/EU, DeepSec, Sec-T, Hack.lu, Seacure.it, Ekoparty, CIBSI as well as to host private trainings for Fortune-100 companies and defense contractors. Mariano has a degree in Computer Science Engineering from the UTN.
Raoul D'Costa is a Technical Manager at 3M's Security and Safety Systems Division and is responsible for the development and management of the PKI range of products for inspecting biometric passports. His professional interests include PKI, usability and security, RFID enabled ID cards and biometrics.
Raoul has a Masters degree in Information Security from the Royal Holloway, University of London.
Andrzej Dereszowski is a security consultant and researcher, focused mainly on analysing targeted threats. He is a founder of SIGNAL 11, a small IT Security Consulting company, specializing in computer forensics (www.signal11.eu)
He has over 6 years of experience in IT security and holds Masters degree in Computer Sciences from Silesian University of Technology, Gliwice, Poland.
Thai Duong is a hacker from Vietnam, currently working as the Chief Security Officer at one of Vietnam's leading commercial banks where he leads the Information Security Department to protect more than 3.5 million customers completing more than 500,000 transactions a day. Thai has eight years experience in computer security and now specializes on cryptography and application security. He co-authored a research on MD5 extension attack that made the Top Ten Web Hacking Techniques of 2009.
Thai is an active member of VNSECURITY, a pioneer security research group in VN. He's also an enthusiastic member of CLGT CTF team that has participated in and won a considerable number of Capture The Flag games around the world. Recently he became a founding member of the Vietnamese Chapter of HoneyNet Project. Thai has a professional certificate in Advanced Computer Security from Stanford University, CA, USA.
Chris Evans is known for various work in the security community. Most notably, he is the author of vsftpd and a vulnerability researcher. Details of vsftpd are at http://vsftpd.beasts.org/. He releases vulnerabilities at http://scary.beasts.org/. His work includes vulnerabilities in all the major browsers (Firefox, Safari, Internet Explorer, Opera, Chrome); the Linux and OpenBSD kernels; Sun's JDK; and lots of open source packages. He blogs about some of his work at http://scarybeastsecurity.blogspot.com/. At Google, Chris has led or been involved with the security of projects such as Google App Engine, Google Spreadsheets, Picasa Web and Google Finance. He now leads security for Google Chrome. He has presented at various conferences (PacSec, HiTB Dubai, HiTB Malaysia) and is on the HiTB paper selection panel. His original research often features in awards such as the BlackHat pwnies and Jeremiah's "Top Web Hacking Techniques of YYYY".
Eric Filiol is the Head Scientist Officer of the Operational Cryptology and Operational Computer Virology Lab at the French Army Signals Academy in Rennes and at the ESIEA Engineer Academy in Laval, France. He holds a PhD in Applied Mathematics and Computer Science, a Habilitation Thesis in computer science, as well as, an engineer diploma in cryptology. His main research interests are operational cryptanalysis of symmetric cryptosystems, malware modelization and cyberwarfare models from a military perspective. His hobbies are playing bass guitar and running half-marathons/marathons.
Felix "FX" Lindner runs Recurity Labs, a security consulting and research company in Berlin, Germany. FX has over 11 years experience in the computer industry, nine of them in consulting for large enterprise and telecommunication customers. He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planning, implementation, operation and testing using advanced methods in diverse technical environments. FX is well known in the computer security community and has presented his and Phenoelit's security research on Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.
Thanassis Giannetsos Mr. Thanassis Giannetsos received his BSc degree in computer and telecommunication engineering from the Technical University of Thessaly, Greece in 2006; and MSc degree in information networking from the Carnegie Mellon University, Pittsburgh, Pennsylvania, in 2008. Since 2008, he has been working with Algorithms and Security group in Athens Information Technology (AIT), Greece, as a research engineer.
Since 2008, he has been also pursuing his PhD on sensor networks security at the University of Aalborg, Denmark, under the supervision of Prof. Dr. Tassos Dimitriou and Prof. Dr. Neeli R. Prassad. His research interests include wireless security and privacy, design of intrusion detection and routing protocols of sensor networks, embedded systems and distributed computing.
Scientific interests include Distributed Computing, Embedded Systems, Security in Wireless Networks, and Sensor Networks.
Grand Idea Studio
Joe Grand is an electrical engineer, hardware hacker, and president of Grand Idea Studio, Inc. (www.grandideastudio.com), where he specializes in the invention, design, and licensing of consumer products and modules for electronics hobbyists. He is a former member of the legendary hacker collective L0pht Heavy Industries and has spent over a decade finding security flaws in hardware devices and educating engineers on how to increase the security of their designs.
Wendel G. Henrique
Wendel Guglielmetti Henrique is a Security Consultant at Trustwave's SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing for premier clients. He has worked with IT since 1997, with a specific focus on security for the last 8 years. During his career, he has discovered vulnerabilities across a diverse set of technologies including webmail systems, wireless access points, remote access systems, web application firewalls, IP cameras, and IP telephony applications.
A number of tools authored by Wendel have been featured in national magazines such as PCWorld Brazil and international publications like Hakin9 Magazine. In particular, Wendel developed the first tool to detect the infamous BugBear virus in 2002, before it was detected by popular anti-virus solutions. Last year, Wendel spoke in Troopers 09 (Germany), OWASP AppSecEU09 (Poland), YSTS 3.0 (Brazil), and has previously spoken in well known security conferences such as Defcon 16 (USA). During the past 4 years he has been working as a penetration tester, where he has performed countless network, application and web application penetration tests for various organizations across government, banking, and commercial sectors, as well as the payment card industry.
Vincenzo Iozzo is a student at the Politecnico di Milano where he does some research regarding malware and IDS. He is involved in a number of open source projects, including FreeBSD due to Google Summer of Code. He works as a reverse engineer for Zynamics GmbH.
Brian Karney: Information security and incident response has always been top of mind for Brian Karney, and he has been at the forefront of technological advances in the field for the last decade. As COO of AccessData Corporation, Karney's technical expertise and broad-based business knowledge in forensics, incident response, enterprise security management, and eDiscovery make him an integral part of the AccessData team. Prior to joining AccessData, Karney worked for Guidance Software in Pasadena, California, and prior to that he worked for CenterBeam, one of the first cloud services companies. During his early days in the incident response field, Brian Karney was one of an elite few that responded to some of the first-ever email born computer viruses and worms as a virus security consultant at Network Associates Global Professional Services. His extensive experience in computer security also helped him develop antivirus defense solutions and security assessments for some of the largest companies in the world. As an infrastructure management consultant at PricewaterhouseCoopers he played a key role developing strategies to migrate traditional manufacturing organizations from midrange systems to homogenous windows environments. Karney was also a contributing author and technical editor for the "Hacking Exposed" computer forensic book. Karney has spoken at more than 80 technical conferences around the world on topics dealing with all aspects of computer investigations, eDiscovery, and incident response.
Haifei Li is a Senior Vulnerability Researcher at Fortinet (Canada) Inc. He mainly focuses on researching new technologies for vulnerability exploitation and discovery (has discovered 30+ major vulnerabilities so far).
David Lindsay is a Security Consultant with Cigital. His primary areas of interest include web application vulnerabilities, cryptography and web standards. His primary area of disinterest is writing bios.
Guillaume Lovet is currently the Sr Manager of Fortinet's EMEA Threat Response Center, based in Sophia Antipolis, France. Involved in research activities and member of anti-virus, threats, and incidents information exchange networks ([da], [ii], [mwp], AVGURUS...), he is a recognized expert on Cybercrime and the technical editor of Fortinet's research blog.
At the international AVAR 2005, EICAR 2006, VB 2006, VB 2007, HackCon 2008, VB 2009 and HackCon 2010 conferences, he presented white papers on various topics, including Cybercrime business models, ethical challenges in fighting Cybercrime, and Botnet-powered SQL injections.
Activities conducted prior to joining Fortinet in March 2004 highlight Lovet's strong security background:after graduating from Georgia Tech (USA) with a master's degree in Electrical and Computer Engineering, Lovet joined the Swiss company Visiowave (digital video applications) as a C++ developer in the security team; he then led a study on data security and cryptography applied to Digital TV, for the major French firm TPS.
A snowboarder since the age of 15, Guillaume has ridden most French and Swiss Alps renowned spots, as well as Whistler/Blackcomb, BC, Canada.
Institute For Disruptive Studies
Moxie Marlinspike does research with the Institute For Disruptive Studies. He also holds a 50 Ton Master Mariner's license.
Daniel Mende is a German security researcher specialized on network protocols and technologies. He's well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including Troopers08, CCC Easterhegg, IT Underground/Prague and ShmooCon. Usually he releases a new tool when giving a talk.
Steve Ocepek is a Senior Security Consultant at Trustwave's SpiderLabs, the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing for premier clients. Steve has been messing around with network security since 2001, when he unintentionally connected his new wireless card to an Oracle database cluster. From there, he started one of the first NAC companies, authored three patents, and got bought out twice. Steve holds a CISSP, and can be talked into almost anything that involves pinball and gin.
Christian Papathanasiou is a Information Security consultant for Trustwave Spiderlabs. SpiderLabs is the advanced security team at Trustwave responsible for incident response, penetration testing and application security tests for Trustwave’s clients.
Christians’ research interests include Linux kernel rootkit/anti-rootkit technology, algorithmic trading and web application security. Christian holds a MSc with Distinction in Information Security from the Information Security Group at Royal Holloway, University of London and a CISSP. He has consulted internationally in the space/defence/commercial and financial sectors in all matters relating to Information Security. Christian is also a qualified Chemical Engineer having graduated with a MEng(Hons) in Chemical Engineering from the University of Manchester Institute of Science and Technology.
Tomislav Pericin has been analyzing and developing software packing and protection methods for the last 7 years. He is author of the book “the Art of Reversing” and founder of the commercial software protection project RLPack. Recently he spoke at Black Hat and TechnoSecurity Conferences.
Enno Rey is a long time network geek with extensive knowledge in the protocol and device security space. Some people like to play with model railways, some with toys from Cupertino... I just like to play with high end network equipment.
Juliano Rizzo has been involved in computer security since 1996. For more than a decade he has been working on vulnerability research, reverse engineering and development of high quality exploits. As a researcher he has published various security advisories, papers and proof of concept tools. He is one of the founders and designers of Netifera, an open source platform for network security tools. Before Netifera he worked as a security consultant and exploit developer for Core Security Technologies.
Attack & Defense Labs
Manish Saindane is a security evangelist with over 6 years experience in Application Security. He has been actively involved in designing application security processes and secure SLDC for major companies across all verticals. Saindane is currently working for a well know international Telecom Software/Service provider. In his free time he likes to research new techniques in performing application security assessments.
Peter Silberman works at MANDIANT on the product development team. For a number of years, Peter has specialized in offensive and defensive kernel technologies, reverse engineering, and vulnerability discovery. He enjoys automating solutions to problems both in the domain of reverse engineering and rootkit analysis. Although he is college educated, Peter does not believe formal education should interfere with learning.
Context Information Security
Paul Stone is a Security Consultant, currently working at Context Information Security in the UK, where he performs penetration testing, tool development and security research. He has five years experience in software development and now specializes on web application and browser security. Paul has developed a number of new browser exploits within Internet Explorer, Firefox and Chrome, which the major browsers vendors are currently in the process of resolving.
Christopher Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).
Roelof Temmingh has been working in the security industry for 15 years. In 2000 he co-founded SensePost as technical director and later headed up the research and development section. During this time he developed many successful security assessment tools (such as Wikto and Suru), contributed to several books (such as Aggressive Network Self-Defense, How to own a continent, Nessus Network Auditing) and spoke at numerous international security conferences (Black Hat, DefCon, FIRST, CansecWest, RSA, etc). At the start of 2007 he left the company to start Paterva.
Julien Tinnes has been interested in computer security since the late ’90s. He enjoys both designing and breaking the security aspects of complex systems.
Before joining Google as an information security engineer, Julien was working for one of the biggest telecoms company as a security engineer and technical project manager. At that time, he was also a part-time teacher for various French “Grandes Ecoles”.
Eduardo Vela Nava
Eduardo Vela Nava: During the day, Eduardo worked for a couple of the biggest internet companies as a security engineer. During the night, he discovered (and reported... mostly) all types of vulnerabilities, for Symantec, Oracle, Microsoft, Google, Mozilla, and some others (for fun, and learning purposes).
Eduardi us currently currently living in China, but is from Mexico. He enjoys finding vulnerabilities abusing features, and stressing limits, design errors are the best. His passion is Web Application Security, but Networking hacking has attracted a lot of his attention recently.
Also, Eduardo is a strong believer that there is NOT a teapot in orbit, over one of Jupiter's rings.
Mario Vuksan is an independent security researcher. He was the Director of Research at a leading provider of application and device control solutions, where he has founded and built the world's largest collection of actionable intelligence about software. Recently he spoke at CEIC, Black Hat, RSA, Defcon, Caro Workshop, Virus Bulletin and AVAR Conferences. He is author of numerous blogs on security and has most recently authored "Protection in Untrusted Environments" chapter for the "Virtualization for Security" book.
Xu (Kyle) Yang (CCIE#19065) is a senior reversing engineer/malware researcher at Fortinet Technologies for 6 years. He's currently focused on Malware Custom Packer Researching, Botnet Researching, Malware Behavior Researching, Reverse Engineering, and Network Security.