Speakers
Already confirmed Speakers/Instructors:
Alex Nunes & Cauan Guimarães – Malware Analysis – workshop
Alex is a Penetration Tester and Security Researcher for the past 10 years, has participated in dozens of projects developing security software with SSL encryption and Pattern Recognition. Founding Member of the Brazilian CodeBreakers Team and author of several PoCs and Exploits. Alex is a well-known guest speaker at several IT Security Conferences worldwide and maintains a flawless record as a pentester.
Andrés Riancho – 100% hands-on W3af crash course
Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Alessio L.R. Pennasilico – DDoS workshop
Mr. Alessio L.R. Pennasilico, a.k.a. mayhem, 32 years, lives and works in Verona (Italy) as a Security Evangelist for Alba S.T. s.r.l.
His personal and working interests are into Information Technology, focusing on security issues, OpenSource and Digital Rights. That’s why he soon became a member of many independent organizations, such as AIPSI, AIP, CLUSIT, ILS, OpenBeer, Metro Olografix, Sikurezza.org, ISAC-IT, Recursiva.org, ISECOM’s Hacker’s Profiling Project (HPP) and many LUGs. He is usually invited as a speaker at most of the national events such as HOPE, Hack in The Box, Confidence, IT Underground, Infosecurity, E-privacy, Linux Day, OpenCon, OpenEXP, ESC, MOCA and the italian HackMeeting. Alessio also holds workshops in secondary schools and italian universities, with the aim of spreading the culture for an aware use of nowaday’s technology.
His main areas of competence are related to firewalling, High Availability, penetration testing, SCADA security, criptography, VoIP, privacy, Linux, OpenBSD and OpenSource philosophy.
Joe McCray – Advanced SQL Injection – workshop
Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.
Daniel Mende – All Your Packets Are Belong to Us – Attacking Backbone Technologies – lecture
Daniel Mende is a German security researcher specialized on network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks, he has discussed new ways in building botnets and presented on protocol security at many occasions including Troopers08, ShmooCon and Blackhat. Usually he releases a new tool when giving a talk.
Karsten Nohl – Can we trust GSM? – workshop
Karsten bridges the three worlds of academic research, hacking, and hardware industry. His research focuses on privacy protection in widely deployed technologies such as RFIDs, DECT, and GSM. His hacking projects assess (and usually break) proprietary cryptography. Through his consulting projects, Karsten helps corporations not to choose or develop technically inferior solutions.
This workshop discusses GSM’s security model and illustrates that a wide range of attacks is possible; including spoofing, (remote) tracking, and interception.
Abstract:
The world’s most popular security technology, GSM, is outdated. GSM’s protection mechanisms were designed two decades ago when security was guarded by governmental agencies. Today, users are still asked to blindly trust the cell phone networks and their business partners.
Matthias Luft – Can Data Leakage Prevention Prevent Data Leakage? – workshop
Matthias is a seasoned pentester with vast experience in corporate environments. Over the years he focused on evaluating and reviewing all kinds of applications. So he’s one of the first researches who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention . He is a regular speaker at international security
conferences and will happily share his knowledge with the audience.
Moxie Marlinspike – TBD
Moxie Marlinspike is a fellow at the Institute For Disruptive Studies with over thirteen years of experience in attacking networks. He is the author of sslsniff and sslstrip, the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert and the latter of which continues to implement Moxie’s deadly –stripping– technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.
Christian Bockermann – ModSecurity Training – 4 hours
