Black Hat DC 2010 //briefings
Grand Hyatt Crystal City • Feb 2 - 3
Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politecnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Blind Techniques. Recently spoke in BH Europe 2008 about LDAP Injection & Blind LDAP Injection attacks, in Defcon 16 about Time-Based Blind SQL Injection using heavy Queries, in Toorcon X about RFD (Remote File Downloading) and in DeepSec 2k8 in Austria. Currently has been selected to be presenting in HackCon#4 in Norway and in SchmooCon 2k9 in Washington DC, BlackHat Europe 2k9 and Defcon 17.
Mike Bailey is a Senior Security Researcher and penetration tester with Foreground Security. His exploits are many, but rarely discussed. Generally, that's the way he likes it. He has been described as "a good guy, with an evil mind."
He publishes his personal research and musings at Skeptikal.org
Bill Blunden (MCSE, MCITP:Enterprise Administrator) began his journey into enterprise computing over ten years ago at an insurance company in Cleveland, Ohio. Gradually forging a westward path to Northern California, he’s worked with ERP middleware, developed code for network security appliances, and taken various detours through academia.
Bill has written a number of books including "Cube Farm," "Software Exorcism," "Offshoring IT," and "The Rootkit Arsenal." In addition, he has co-authored articles related to 9/11 that have appeared in academic publications like Peace and Conflict:Journal of Peace Psychology and Aggressive Behavior.
Bill has an undergraduate degree in physics from Cornell University and a Master of Science degree in operations research. His current areas of research deal with system-level software, anti-forensics, and information security. He's the principal investigator at Below Gotham Labs.
Elie Bursztein is a post-doctoral researcher at the Stanford Computer Security Lab. He holds a PhD in computer science and an Engineering degree in computer systems, networks and security. His research focus is network and web security, game theory and artificial intelligence.
Internet Systems Consortium
Andrew Fried currently a security researcher with Internet Systems Consortium (ISC), a nonprofit 501(c)(3) public benefit corporation dedicated to supporting the Internet community with software and professional services essential to its infrastructure. Mr. Fried is also the CEO of Deteque, a consulting and solutions provider for mitigating online threats.
In 2008, Mr. Fried retired from the United States Department of the Treasury, where he had been a Senior Special Agent for twenty years. Throughout his career with Treasury, he was involved in computer and network security.
Joe Grand is an electrical engineer, hardware hacker, and president of Grand Idea Studio, Inc. (www.grandideastudio.com), where he specializes in the invention, design, and licensing of consumer products and modules for electronics hobbyists. He is a former member of the legendary hacker collective L0pht Heavy Industries and has spent over a decade finding security flaws in hardware devices and educating engineers on how to increase the security of their designs.
Vincenzo Iozzo is a student at the Politecnico di Milano where he does some research regarding malware and IDS. He is involved in a number of open source projects, including FreeBSD due to Google Summer of Code. He works as a reverse engineer for Zynamics GmbH.
Joseph Menn is an author and tech correspondent at Financial Times
Leonardo Nve is a senior security auditor, involved in computer security since 1996, working as consultant auditor and from 2000, 2002 managed several research on various security technologies such as DOCSIS and Wireless, with various papers published in various Spanish specialized publications. Also managed the UnderCON, the first Spanish underground security congress, where he presented the first full-ASCII Shellcode in 2000, other talks were about wifi and phone companies security.
Nicholas J. Percoco
Nicholas J. Percoco is Senior Vice President of SpiderLabs at Trustwave. He has more than 14 years of information security experience. In his role at Trustwave, he leads SpiderLabs, the team that has performed more than 500 computer incident response and forensic investigations globally, as well as thousands of penetration and application security tests for clients. Nicholas acts as the lead security adviser to many of Trustwave’s premier clients by assisting them in making strategic decisions around various security compliance regimes. As a speaker, he has provided unique insight around security breaches and trends to public (YSTS, DEFCON, SecTor, etc.) and private audiences throughout North America, South America, Europe, and Asia. Prior to Trustwave, Nicholas ran security consulting practices at both VeriSign and Internet Security Systems. Nicholas hold a Bachelor of Science in Computer Science from Illinois State University.
EADS Defence & Security
Jean-Michel PICOD is currently working for EADS Defence & Security and has an engineering degree in computer systems, networks and security. Over the past years he has been more focused on windows systems and their security.
Shane Powell is the Principle Systems Security Engineer, Raytheon – Network Centric Systems.
As an Information Systems Security Engineer Mr. Powell specializes in detailed vulnerability assessment and post intrusion analysis, focusing on engineering vulnerability remediation solutions within enterprise systems. His experience includes intelligence (S-2) and operations (S-3, J-9) support to Battalion, Brigade, and Joint military organizations, including the Joint Task Force for Global Network Operations (JTF-GNO).
Mr. Powell’s most recent projects for Raytheon include:
- Design of integrated COTS solutions and methodologies for software based network security modeling and simulation, in support of Raytheon’s Cyber Tactics Center (RCTC). Special focus on the methodologies developed address the use of attack vector analysis to pinpoint vulnerable systems within a network based on exposure, and to facilitate effects prediction for Continuity of Operations Planning (COOP).
- Design and implementation of a converged, location aware physical and logical access control system for an international customer that consolidates multiple user credentials into a single set, consisting of a smart card and fingerprint biometric.
Previous projects designed for the Joint Task Force for Global Network Operations (JTF-GNO) include:
- Development of host based forensics methodologies and task-flow management processes.
- Design of a distributed analysis network to provide shared virtualization of suspect media for black box testing by forensics and malicious code reverse engineering teams.
Mr. Powell holds a B.S. in Computer Science and Information Systems, A.A.S. in Arabic, and is currently working to complete a Masters in Information Systems with concentration in Information Security. His Professional certifications include CISSP-ISSEP, MCSE, and R6S.
Matthieu Suiche is security researcher who focus on reverse code engineering and volatile memory forensics. Matthieu actually works for the Netherlands Forensic Institute in The Hague, he also had been speaker in various security conferences such as PacSec, BlackHat USA, EUROPOL High Tech Crime Meeting, Shakacon etc. His previous researches include Windows physical memory forensics (Windows hibernation file, Windd utility to acquire physical memory either as a raw dump or as a Microsoft crash dump file).
He is reachable through his website at www.msuiche.net
Flylogic Engineering, LLC
Christopher Tarnovsky runs Flylogic Engineering, LLC and specializes in analysis of semiconductors from a security "how strong is it really" standpoint. Flylogic offers detailed reports on substrate attacks which define if a problem exists. If a problem is identified, we explain in a detailed report all aspects of how the attack was done, level of complexity and so on. This is something we believe is unique and allows the customer to then go back to the chip vendor armed with the knowledge to make them make it better (or possibly use a different part).
Department of Computer Science, UC Santa Barbara
Chine Wang is a security engineer from Product Security team in Symantec. The daily work of this team includes identifying and responding reported vulnerability, penetration testing and security coding/testing training inside of Symantec. Chine has years experience on penetration test, vulnerability investigation, reverse engineering and some other security area. Chine published a security book "0 Day Security:Vulnerability analysis and exploit technology" in China. The book won "2008 Top 10 IT original book" award and "The second best seller of security computer classification 2008" award by ChinaPub which is one of the biggest on-line book stores in China