6th to 8th July 2012


Alex Nunes - Senior Penetration Tester

Alex is a Penetration Tester and Security Researcher for the past 10 years, has participated in dozens of projects developing security software with SSL encryption and Pattern Recognition. Founding Member of the Brazilian CodeBreakers Team and author of several PoCs and Exploits. Alex is a well-known guest speaker at several IT Security Conferences worldwide and maintains a flawless record as a pentester.


Alexander Polyakov - CTO at ERPScan

aka @sh2kerr, CTO at ERPScan, head of DSecRG and father of "ERPScan Security scanner for SAP". His expertise covers security of enterprise business-critical software like ERP, CRM, MES, SCADA, PLC ,RDBMS and also banking and processing software. He is the manager of OWASP-EAS (OWASP subproject), a well-known security expert of the enterprise applications of such vendors as SAP and Oracle, who published a significant number of the vulnerabilities found in the applications of these vendors. He is the writer of multiple whitepapers devoted to information security research, and the author of the book "Oracle Security from the Eye of the Auditor:Attack and Defense" (in Russian). Alexander spoke at the international conferences like BlackHat, HITB (EU/ASIA), ZeroNighs, HackerHalted, Source, DeepSec, CONFidence, Troopers. etc.


Claes Spett - Programmer/Security Researcher And Penetration Tester freelancer from Sweden

Claes is a very young, professional Security programmer and Researcher, focused in Penetration Tests - As a freelancer from Sweden, publishing all research and development in your blog - SecRecon - http://sec-recon.blogspot.se/
In your lecture Claes will approach the RA-Agent (Remote access agent) project.



Ewerson Guimarães - Crash

Degree in Computer Science from Fumec University, Security Analyst at a Financial Institution in Brazil and member of DcLabs Research Security Team. Certified by Offesinve Security(OSCP) as Pentester, Ewerson has published articles in the Brazilian Information Security/Computers magazines H4ck3r and GEEK, moreover, posted exploits and advisory on SecurityFocus and also lectures on the most varied hacking techniques, from the classic technique to the more complex.


Fernando Gont - specializes in the field of communications protocols security, working for private and governmental organizations.

Fernando Gont specializes in the field of communications protocols security, working for private and governmental organizations. Gont has worked on a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security. As part of his work for these organizations, he has written a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and has performed the first thorough security assessment of the IPv6 protocol suite.
See More about Fernando Gont, click here!


Francisco Ribeiro Master of Computer Engineering, Systems Architecture and Computer Networks

Since early age, I developed a very close connection with computers that still makes a significant part of my life. During my life, after all the time invested, all the problems found and all mistakes committed, my understanding of the way computers work has grown just as my thirst for more knowledge. I'm interested in almost all computer related subjects but the research for both offensive and defensive security techniques, is a passion to me. I can see artistic merit in the best reverse engineering sessions, poetry in programming codes, a lot of a martial art in the best hacking sessions. For those of you curious about technical details, let's just say, without getting too much noise, that I like penguins, snakes, gnus, blowfishes and, of course, apples. Oh, and there is nothing wrong with doors and windows.


Jorge Moura

Raised in the ZX Spectrum generation and proudly born in Oporto city, Jorge Moura early started his professional life in the technology area. Most of his professional path was dedicated to manage Microsoft based systems, local and wide area network and, as expected, security. In 2004 he was first distinguished with the title of Microsoft Most Valuable Professional in the Windows area, and eight years later the title remains intact. With the purpose to better understand the essence and nature of security anomalies in software, he changed his career to Software Quality Assurance in one of the most prestigious software houses in Portugal. Always with critical thinking, given truths are frequently put in question and experiments performed in order to find alternative and more efficient ways to achieving goals.


Magno (Logan) - OWASP Paraiba Chapter Leader

Magno (Logan) Rodrigues is the OWASP Paraiba Chapter Leader and has spoken in many events like GTS 17, V ENSOL, IV ECD and AppSec Latam 2011. He is also the organizer of the OWASP Paraíba Day 2012 and the OWASP AppSec Brasil 2012. He is an Information Security Specialist and studied Security and Computer Forensics for one year in New York, USA. Graduated in Internet Systems from the Federal Institute of Technology of Paraiba. He works as a Security Analyst and Consultant and also gives courses and trainings about the subject. His specialties are Web Application Security, Secure Development and Computer Forensics.


Michele Orru´ - Lead Core developer of The BeEF Project

Michele Orru a.k.a. antisnatchor is an IT and ITalian security guy. Lead core developer of the BeEF project, he mainly focuses his research on web applications security and related exploitation techniques. He is a frequent speaker at hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, OWASP and more we just can't disclose. Besides having a passion for hacking and being a Senior Spider (for Trustwave SpiderLabs), he enjoys leaving his Mac alone, whilst fishing on salted water and praying for Kubrick's resurrection.. Link to BeEF Project


Michael Kemp - Security Consultant

Michael is an experienced security consultant, with a specialisation in the penetration testing of web applications and the testing of compiled code bases and DB environments to destruction. As well as the day job, Michael has been published in a range of journals and magazines, including heise, Network Security, Inform IT and Security Focus. To date, Michael has worked for NGS Software, CSC (Computer Sciences Corporation), British Telecom, and a host of freelance clients throughout the globe. Presently, Mike is working in a day job for Xiphos Research Labs (which he really has no choice in as he set it up). When not breaking things, Michael enjoys loud music, bad movies, weird books and writing about himself in the third person. Mike has previously presented at security conferences in Jakarta, Mumbai, Hawaii, New York, Los Angeles, Warsaw, Prague, Holland, Athens, Zagreb, Krakow, Quebec, and London (on subjects as diverse as virtualisation, malware, and why the government sucks), and is always keen to embarass himself in new and exotic locales. He is often drunk, frequently sweary, and usually disappointed with the way the security 'industry' is going.


Moisés Guimarães - Information Security specialist

Moisés Guimarães is a Information Security specialist who works with software development for POS at Phoebus Tecnologia since 2006. He is an cryptography enthusiast who loves puzzles and challenges.


Raoul Chiesa
Member of the ENISA

Raoul "Nobody" Chiesa was born in Torino, Italy, in 1973. After being among the first italian hackers back in the 90's (1986-1995), Raoul
decided to move to professional InfoSec, founding in 1997 @ Mediaservice.net Srl, a vendor-neutral and well known security advisory company.

Both Raoul and its security team work on research areas such as X.25 and PSDN networks, VoIp Security, Malware Analysis, Social Engineering, SCADA & Industrial Automation, Home Automation, Satellite communication, Mobile Security, SS7 threats and much more.

Since 2003 he started its cooperation with the UN agency "UNICRI" (United Nations Interregional Crime and Justice Research Institute), working on "HPP", the Hackers Profiling Project run by ISECOM and UNICRI; in 2005 he has been official recognized as a cybercrime advisor. Nowadays his role at UNICRI is "Independent Senior Advisor on Cybercrime".

Since February 2010, Raoul Chiesa is a Member of the ENISA Permanent
Stakeholders' Group (PSG). The PSG is composed of 30 high-level experts who have been appointed by the Executive Director of ENISA to serve as a sounding board for all relevant stakeholders on issues concerning network and information security


Taras Ivashchenko Information Security Officer at Yandex

For a long time he focused on penetration tests (especially by PCI DSS standard), but his main focus has always been on web application security and web technologies in common. He is well known for his research in field of web browser extensions security risks and as contributor of w3af project. Taras was a speaker at several security conferences and events including: Just4Meeting, INFOSECURITY RUSSIA, RusCrypto, Chaos Constructions. Now he works in the Russia's leading internet company Yandex as information security officer.


Thomas Mackenzie Security Analysis and Testing, Incident Response and Investigation, Research & Development

Thomas has been asked to present technical talks at a number of international events including, DeepSec, Bsides Chicago and BlackHat Abu Dhabi.

Thomas also speaks at a number of domestic venues including; OWASP events across the UK, PHP London, Marketing Event around WordPress, DC4420 and guest lecturing on application security and vulnerability management at a number of UK universities.

Thomas is the founder of upSploit Advisory Management, an automated disclosure system that helps security researchers and vendors communicate vulnerability information quickly, easily and in an ethical manner. Previously to Trustwave Thomas worked for security boutique in the North of England, where he worked as a security engineer in the web application security testing team. Before completing his move to SpiderLabs, he contracted for a number of companies providing consulting services in the area of web application security.

Thomas has founded a number of vulnerabilities in well known software i.e. Wordpress and a highly downloaded iPhone App.


Tiago Rosado InfoSec Professional

Everything started with a Sinclair 48k and a Hollerith card machine, since then nothing was the same… Tiago is a former Apple juggler now a wannabe chef with a taste for Infosec and OSINT.



Ygor Parreira InfoSec Professional

Atua na area de segurança da informação desde 2004. Criador e ex-organizador da Hackers 2 Hackers Conferente. Criou e coordenou o grupo de resposta a incidentes de uma grande instituição financeira, onde tambem atuou com investigação de fraudes e engenharia reversa de malwares. Desde 2006 vem trabalhando com teste de intrusão, auditoria de código fonte e desenvolvimento de soluções de segurança. Ministrou diversos treinamentos de técnicas de ataques em rede, corrupção de memória e web.





To sponsor this event contact the ShadowSec clicking here!

Home | Speakers | Agenda | Hotel & Travel | Register | Contact | Media | Last Editions | Organizer
Copyright © ShadowSec.com