Speakers


Alexander ‘Solar Designer’ Peslyak

Alexander Peslyak, better known as Solar Designer, has been professionally involved in computer and network security since 1997, and he has been professionally developing software long before that. Alexander is an Open Source software author & team leader at Openwall Project, computer security expert, Founder & CTO at Openwall, Inc., member of informal and semi-formal computer security communities. Alexander has presented on computer security and Open Source software topics at international conferences (HAL2001, NordU, FOSDEM, CanSecWest), served as the technical reviewer for a novel computer security book (Michal Zalewski's Silence on the Wire) and wrote the foreword for it. He is recognized in the security community primarily for the security tools (software) released to the public under liberal Open Source licenses, and for many contributions to other popular Open Source software (primarily Linux and related applications).

Is infosec a game?

Patroklos Argyroudis (argp)

Patroklos Argyroudis (argp) is a computer security researcher at Census S.A., a company that builds on strong research foundations to offer specialized IT security services to customers worldwide. His main expertise is vulnerability research, exploit development, reverse engineering and source code auditing. Patroklos has presented his research at several international security conferences (Black Hat USA, Black Hat EU, PH-Neutral, AthCon, etc.) on topics such as kernel exploitation, heap exploitation, kernel protection technologies, and network security protocols. He holds a PhD from the University of Dublin, Trinity College, where he has also worked as a postdoctoral researcher on applied cryptography.

Project Heapbleed

Dmitry Nedospasov

Dmitry Nedospasov studied Computer Engineering (CE) and is currently finishing his PhD in the field of Integrated Circuit (IC) security at the Berlin University of Technology (TU Berlin). Dmitry's research includes several novel physical attacks against ICs and embedded systems. The techniques were primarily developed to cope with modern manufacturing and packaging techniques of current and future generation semiconductor devices. This included adapting several Failure Analysis techniques to ensure device function throughout the analysis process. Dmitry has also been involved in studying modern IC countermeasures and obfuscation techniques. As part of this research several techniques were developed for correctly identifying and circumventing defensive mechanisms on modern ICs. Most recently, Dmitry was involved in identifying vulnerabilities in next-generation protection mechanisms known as Physically Unclonable Functions (PUFs). Due to the nature of these techniques Dmitry has been involved in developing several hardware tools to facilitate IC analysis. Together with Thorsten Schroder, Dmitry created Die Datenkrake (DDK), an open-source hardware platform for hardware reverse-engineering.

Chip reversing

Jean-Philippe Aumasson

Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, in Switzerland. He is known for designing the cryptographic functions BLAKE, BLAKE2, SipHash, and NORX. He has spoken at conferences such as Black Hat and CCC, and initiated the Crypto Coding Standard and the Password Hashing Competition projects. He is member of the technical advisory board of the Open Crypto Audit Project. JP tweets as @veorq.

Crypto coding v2

Andrey Belenko

Andrey Belenko is a Senior Security Engineer at viaForensics where he enjoys breaking things about as much as building things.
He became interested in iOS after Apple released iOS 4, the first iOS version to feature proper data encryption. Encryption posed a challenge for mobile forensics and Andrey contributed towards solving it. His interest in iCloud is also mostly from forensics point of view.
Before iOS, he was working on password recovery solutions and, among other things, has introduced a now commonplace GPU password cracking.
Andrey has presented at various industry events, such as BlackHat, Troopers, Hackito Ergo Sum, X Con, HitCon, Positive Hack Days, RusCrypto, and others. He is a CISSP and is not ashamed of the fact.

iOS forensics with OpenSource tools

Boris Ivanov

Computer Forensics Specialist, LLC Group-IB. A postgraduate student at Kuban State Technological University.

Computer forensic investigation of {mobile} banking Trojan

Anton Kochkov

Anton Kochkov is a reverse engineer and a lead developer in SecurityCode Ltd. Core member of coreboot, droid-developers/MILEDROPEDIA, and MEre projects. Part of the radare2 core team. His main interest is the research of the early booting stages of computers (including embedded and mobile ones) and various firmwares, commonly ‘hidden’ from the eye.
Julien Voisin

Julien (jvoisin) Voisin is a French computer science student. He is a C/Python programmer who enjoys privacy, reverse engineering and software security/exploitation. As a Free Software enthusiast, he contributes to several projects, like Radare2, libotr, Tails, ...

Using radare2 framework for reversing and debugging malware and firmware

Peter Kamensky

Information security specialist at Digital Security. Focuses on low-level, reversing, malware analysis, bypassing various protection systems, OS kernels.

Hardware assisted virtualization in AV software

Nicolas Gregoire

Nicolas Gregoire has more than 13 years of experience in penetration testing and auditing of networks and (mostly web) applications. A few years ago, he founded Agarri, a small company where he finds security bugs for customers and for fun. His research was presented at numerous conferences around the world and he was publicly thanked by tons of vendors for responsibly disclosing vulnerabilities in their products. He occasionally participates in bug bounties, and earned the highest rewards from Prezi (twice) and Yahoo.

Hunting for top bounties

Fabien Duchene

Dr.-Ing. Fabien Duchene is a fuzzing researcher. His current research focuses on combining artificial intelligence and evolutionary fuzzing techniques to improve the state-of-the-art of vulnerabilities detection in black-box and grey-box test contexts. He discovered vulnerabilities in widely used software: Evernote, SFR Box, Elgg, Mega.co.nz, VPN and Seebox providers...
He worked at LIG Lab, Microsoft and Sogeti-ESEC. He holds a PhD from the IMAG LIG Lab, University of Grenoble and an MSc from the "Grande Ecole" Grenoble INP Ensimag, France, where he created the GreHack hardcore security conference and the SecurIMAG CTF team, and has been lecturing basics in fuzzing, memory corruption exploit writing, pen-testing, web security, and network security. He has been studying at University of Queensland, Australia and Universidad Politecnica de Madrid, Spain.

Fuzzer of the state - evolutionary black-box fuzzing

Peter Hlavaty

Peter (@zer0mem) is a security researcher at KEEN Team (@K33nTeam) and his primary focus is kernel exploitation. Peter has 4+ years’ experience at IT security in different areas as malware research, developing anti-APT solutions or windows kernel dev & research.

Racing with Droids

Rene Freingruber

Rene Freingruber has been working as a professional security consultant for SEC Consult for several years. He operates research in the fields of malware analysis, reverse engineering and exploit development. During his bachelor thesis he developed hundreds of exploits to study different mitigation techniques implemented by modern operating systems and how they can be bypassed by attackers.

EMET 5.0 – armor or curtain?

Marco Grassi

I started to develop professionally for Android and iOS in 2011, developing mobile apps and embedded systems based on Android. At the end of 2012 I started working in viaForensics as a R&D Team member, where I research and develop solutions for vF products, and do reverse engineering/pentesting/vulns research in Mobile OS, applications and devices. As a personal interest I keep developing embedded systems and electronic systems.

Steroids for your App Security assessments

Dmitry Boomov

A #bugbounty hunter, an eternal student, a blogger and an independent infosec researcher.

De-anonymization and total espionage

Dmitry Schelkunov

Ph.D., information security researcher. Author of several software obfuscation and deobfuscation techniques. Works at ReCrypt and at the Kaluga branch of Bauman Moscow State Technical University.
Vasily Bukasov

Information security researcher. Author of several software deobfuscation and unpacking techniques. Works at ReCrypt.

Deobfuscation and beyond

Roman Korkikyan

I am currently working for Kudelski Security where I am happily occupied with semiconductor vulnerability analysis, i.e. smart-cards and set-top-boxes security treats. At the same time I am a PhD student in Sorbonne. Previously I worked for Altis Semiconductor, STMicroelectronics, and Transas. I published several articles in Russian and international journals. Mathematical background was obtained in Saint Petersburg State Polytechnic University while security track was got in French university called Eurecom.

Deriving cryptographic keys via power consumption

Georgi Geshev

Georgi is a security researcher for MWR InfoSecurity in the UK. Prior moving to the UK, he worked in Australia where he was mostly drinking golden ales and fighting with kangaroos. He was at some point of his life involved with a couple of local chapters of OWASP. His main areas of interest include bug hunting, reverse engineering and cryptography.

Your Q is my Q

Eldar ‘kyprizel’ Zaitov

Eldar is an Application Security Engineer at Yandex. As an information security researcher he has experience in distributed and highload systems, applied cryptography, and web application security. Eldar is a member of the More Smoked Leet Chicken CTF team.

Fast (and almost automatic) SSRF detection

Dmitry Vyukov

Dmitry Vyukov is a software developer at Google. He works on dynamic testing tools for C/C++ and Go programs (Address/Thread/MemorySanitizer) and on similar projects for Linux. An active contributor of the Go language, where he largely works on improving performance, memory consumption, and monitoring facilities. An expert in multithreading, synchronization, and parallelism. The author of www.1024cores.net.

Kernel AddressSanitizer: searching for vulnerabilities in Linux kernel

Denis Makrushin

Denis Makrushin is the technology expert of Kaspersky Lab. He is a permanent speaker at international security conferences and specialized in threat researches.
Denis gained diverse experience while working in the information security area. He was engaged in penetration testing and security audit of corporate web-apps, stress testing information and banking systems for DDoS-attacks resistance, and he took part in the organization and produce of the international forum on practical security issue. He had time to look at the industry from the defending side perspective and provided information protection of energy facilities (integration and administration information security systems).
Denis graduated from National Research Nuclear University “MEPhI”, Information Security Faculty. He continues research in the DDoS protection in postgraduate of MEPhI.
Stas Merzlyakov

Stas Merzlyakov is an information security specialist in Positive Technologies. Stas graduated from National Research Nuclear University “MEPhI”, Information Security Faculty. Now he is engaged in the development of MaxPatrol, an information security analysis software product.

Parkomagic: substandard look on parking terminals

Boris Ryutin

Boris (@dukebarman) has graduated from the Baltic State Technical University "Voenmeh", faculty of rocket and space technology, and is currently a postgraduate student there. An engineering analyst at Esage Lab. A recurring writer for the ][akep magazine, a contributor and developer in several open-source information security projects. Was awarded in the Yandex bug bounty.

Go in a virmaker production

Vlad ‘vos’ Roskov

Vlad ‘vos’ Roskov has been professionally engaged in computer security since 1991 (since birth). Leaving his mother’s womb, Vladislav was not crying because of fear, but because of WEP being used to encrypt the hospital Wi-Fi. This was when he chose to walk the path of fighting vulnerabilities and dictionary passwords once and for all, though he was yet to learn walking on his own feet. Vladislav graduated from NRU ITMO with a degree in “Organization and technologies of the information security”, but even that did not stop him from becoming an actual information security professional. His final project won a graduation thesis contest and is already available for sale at the blackest of Internet underground markets. Vlad is a most active CTF player as part of the teams More Smoked Leet Chicken and, let Minin weep, Leet More. There was a time when Vladislav found several critical vulnerabilities on the hosting server of the NeoQuest CTF organizers. Granted, neither the hoster nor the organizers knew about this, proving that Vladislav honors responsible disclosure. Besides his other achievements, Vlad has developed a utility which can humble Hex-Rays and will be the topic of his ZeroNights talk.

+22: reversing 64-bit binaries using Hex-Rays x86 Decompiler

Victor Alyushin

An assistant at National Research Nuclear University “MEPhI” and a virus expert at Kaspersky Lab.
Has two specialist diplomas: in applied mathematics and information security.
Defended a dissertation on technical sciences in 2014.
Currently engaged in developing software for reducing noise and interference in voice messages.
Participates in collegiate programming contests since 2003. Interested in information security since 2006.
Participates in CTF and hackquests since 2011 (both as an individual and as part of the team).
Teaches network science (including Wi-Fi) since 2012.

Unsafe factory settings and firmwares

Denis Kolegov

Denis Kolegov, PhD, is a Senior Security Test Engineer at F5 Networks and associate professor of Information Security and Cryptography Department of Tomsk State University.
Oleg Broslavsky

Oleg Broslavsky is a student of Information Security and Cryptography Department of Tomsk State University, a participant of SiBears CTF team. A big fan of computer security and web. A great buff of angle brackets and quotes, and everything that should not work as it does.
Nikita Oleksov

Nikita Oleksov is a student of Information Security and Cryptography Department of Tomsk State University, a participant of SiBears CTF team.

Hidden timing channels based on HTTP caching headers
Kirill Nesterov

An information security specialist at Positive Technologies. Harbors an unrequited love for vulnerabilities and even learned using IDA PRO to search for them.
Alexey Osipov
Timur Yunusov

Timur Yunusov is a specialist on a Web Application Security Team. He also participates in development of the international forum on practical security Positive Hack Days. Timur performs in-depth analysis of web application security and allied services, and conducts research in the field of information security. BlackHat EU speaker.

4x4G: from SIM to GGSN

Ivan Novikov

Lead information security expert in Wallarm, CEO. Engaged in web application security since 2004, author of multiple researches. Awarded for finding vulnerabilities in Google, Facebook, Twitter, Nokia, and Yandex several times. Spoke at international conferences, such as BlackHat US, HITB AMS, ZeroNights, PHDays. Currently, actively develops the web application attack detection algorithms which are used in Wallarm WAF to protect complex highload projects.

Unexpected expected exception: think different about web-related vulnerabilities

Jake McGinty

Jake is a member of Open Whisper Systems, primarily working on TextSecure for Android. He focused on security and Human-Computer Interaction at the University of Illinois, and recently quit his job at a big tech company to help orchestrate a psychological coup in applied cryptography toward usable privacy tools. Things are going well so far, so let’s talk about it. Jake tweets as @clpwn.

How to *really* piss off the surveillance state with your privacy tool

Alexander Bolshev

An infosec auditor at Digital Security, a Ph.D. “Another man in a dubious-color hat”. Hates web hacking. Primarily engaged in the research of distributed systems security; also does .Net reverse engineering, hardware hacking and a little of everything else.
Gleb Cherbov

Graduated from the Department of Information Security, Faculty of Engineering Cybernetics, Saint-Petersburg State Technical University. Whitehat, researcher, pentester, and analyst in ERPScan. “Another dude” © Anton 'toxo4ka' Karpov.
Svetlana Cherkasova

Svetlana Cherkasova is a computer security researcher at Digital Security, focused on reverse engineering, vulnerability research, exploit development, and fuzzing.

DTM components: shadow keys to the ICS kingdom

Sergey Soldatov

An alumnus of Bauman Moscow State Technical University. Been engaged in official and practical security for 10 years, can program in C and Perl. Spoke at several technical and non-technical conferences, including Hack in the Box, Positive Hack Days, ZeroNights. CISA, CISSP.
Mikhail Egorov

Graduated from Bauman Moscow State Technical University in 2009 with a Master degree in information security. An independent infosec researcher and developer in Java and Python. Main security interests: searching for vulnerabilities, fuzzing, reverse engineering, cryptography, web application security, and network security. Worked as an information security consultant and software developer for various companies, works for Parallels now. OSCP, CISSP.

Non-cryptographic research of orthodox cryptographic media, or How we tested the security of key data storage on tokens…

Nikita Tarakanov

An independent information security researcher. Worked as an IS researcher in Positive Technologies, Vupen Security, CISS. Likes writing exploits, especially for Windows NT Kernel.
Won PHDays Hack2Own contest in 2011 and 2012. Tried to hack Google Chrome during Pwnium 2 but failed. Published a few papers about kernel mode drivers and their exploitation. Currently, he is actively engaged in reverse engineering research and vulnerability search automation.

The past, the present and the future of software exploitation techniques

Alexey Sintsov

Alexey Sintsov is a modest and unrenowned infosec character; you probably remember his articles in the ][akep magazine or his exploits (like if you’ve read Gray Hat Hacking: The Ethical Hacker’s Handbook). You can also have met him at various conferences like BlackHat, CONFidence, and Hack in the Box, where Alexey has had the honor to speak. But if you have not, take it easy: you can always catch up with him at the ZeroNights conference, which he co-organizes.
Speaking about his organizing talents, we have to mention that it was Alexey and his friends (well, why don’t we mention friends in the biography, too: Dmitry 'D1g1' Evdokimov and Alexey 'GreenDog' Tyurin) who organized the first Defcon community group in Russia (DCG 7812). His career started back at school when Alexey realized all the negligence of Perl developers; this infatuation affected the choice of university. Yes, Alexey graduated from the Saint Petersburg Polytechnic and he thinks that those who passed the “idiot check” of Mr. Semyanov on their first try (like our hero, who is quite proud about it) can start an infosec career with no sweat.
To continue praising Alexey’s talents and inflating his reputation, I (an unknown contemporary and Alexey’s personal biographer) follow the story of his fate or, more precisely, of his professional experience: he was the man to work for the mighty Digital Security company, where he got his 15 minutes of fame by finding numerous 0-day vulnerabilities in the software of giant vendors like SAP, VMware, IBM, Adobe, Google as well as in Russian remote banking systems, thus inflicting great horror and shame over the Russian infosec field. In 2011, Alexey was also rewarded by Yandex for crushing the mail service in the name of supporting the domestic producer (and lust for money). Although the second place in a contest can be considered a loss, Alexey was happy to spend his reward on 0.000001% of his mortgage. As for the majority of his followers on Twitter, he got them after he published a manual about writing JIT-Spray shellcode for fun and profit under ActionScript (Flash) and JavaScript (Safari). Currently, Alexey dedicates his labor to the kindest company in the world: HERE (Nokia), where he tends to the true values of goodness and justice. Some fruits of his labor can be found here.

WAF in scale

Alexey Karyabkin

Graduated (in 2010) from the Saratov State University, Faculty of Computer Science and Information Technology, with a specialist degree in Computer Security. Software developer, independent researcher, interested in practical and network security, malware analysis, automation of processes and infosecurity threat response algorithms. Working in infosec since 2009, currently engaged in information security monitoring.
Pavel Kulikov

Graduated from the Russian State University for the Humanities, Institute for Information Sciences and Security Technologies, Division for Information Security. Been engaged in information security for 10 years. Worked in public sector, fuel & energy enterprises, financial sector. Today, Pavel is the Deputy CISO in a large Russian bank. Attends MBA CSO.

Building a complex incoming mail analysis system based on OpenSource solutions

Karim Valiev

Leads the Information Security Team at Mail.Ru Group, member of the Bushwhackers CTF team. Experienced in distributed and highload systems security research, applied cryptography, and web application security.

SMM monitoring guarding the security of Internet services

Igor Bulatenko

Lead information security expert in Qiwi Group, formerly a developer of information security systems. Participated in several CTFs, both as a player and as a developer, with the Technopandas team. Fond of database security. Garden variety web pentester.

DPI as a means of access segregation in a corporate network

Jason Larsen

Jason Larsen is a researcher that studies hacking critical infrastructure such as power grids and chemical plants. For the last several years he has been studying remote physical damage. Jason’s broad history of penetration testing includes most of the major SCADA vendors as well as the largest tech companies. He is currently employed by IOActive as a researcher.

Miniaturization (Fitting a full process control attack into a small microcontroller)

Rahul Sasi

Rahul Sasi is a Security Engineer at Citrix Systems, and has published multiple security tools, advisories and articles. Rahul is a frequent speaker at security conferences, including BlackHat Europe ‘12, CanSecwest ‘13, HITB KL ‘13, HITB AMS ‘12, ‘13, ‘14, Cocon ‘11 ‘12 ‘13 ‘14, Nullcon ‘11 ‘12 ‘13 ‘14, EKoparty ‘12 ‘14, G0s ‘14, HITCON ‘13, and THN ‘14. His work can be found at Garage4Hackers.com.

Security vulnerabilities in DVB-C networks: Hacking cable TV network part 2

Roman Bazhin

An information security specialist at Digital Security. Reverses, fuzzes, analyzed undocumented network protocols, pwns software and CTF challenges. Has a ‘malware’ directory on his desktop.

A pentester’s view of Oracle Database Communication Protocol, or Rude Oracle experiments

Artem Shishkin

An information security researcher who specializes on the Windows OS. Works in the research lab of Positive Technologies. Besides programming, often encounters the internal structure issues of various subsystems and defense mechanisms, which he sometimes shares with the public in articles and blogs. In the articles, he has already reviewed the design of SMEP (OS Guard) and ASLR for Windows 8, their attack vectors, and kernel mode vulnerabilities in the software of such vendors as VMware and Oracle.
Mark Ermolov

Specializes in the internal structure of the Windows kernel, developing WDM drivers and filesystem drivers.
Been researching the undocumented part of the Windows kernel since 2004, became interested after seeing the Windows 2000 kernel source code for the first time.
Published articles at bugtraq.ru. Professional interests also include x86 system programming, reverse engineering, CPU microarchitecture level software optimization.

Bypassing kernel patch guard on Windows 8.1 and Windows 10

Anton Cherepanov

Anton Cherepanov works as an anti-virus analyst in ESET. One of his daily duties is analyzing various complex malicious threats. Fields of interest: information security, malware analysis, and reverse engineering.

Roaming tiger

Nikolay Goncharov

An alumnus of Bauman Moscow State Technical University, chair for Information Security, specialized In Computer Security. Trained at SUNY. Lately, has been engaged in fraud and malware prevention in communication networks, forensics, and administering antifraud and SIEM solutions. Wrote a graduation thesis about protecting telecommunication networks from botnet threats, identifying infections, and designing the automation logic for these processes. Actively contributes to the same field now, conducts researches which should go into his Ph.D. thesis.
Denis Gorchakov

Graduated from MPEI, specialized in the organizational and technical field of information security. Used to develop MaxPatrol for Positive Technologies, spoke about SMS banking vulnerabilities at PHDays 2012. After that, worked on content and payment fraud prevention, mobile malware resistance, forensics, and automation thereof at MTS.
Currently works at a large Russian bank as an information security architecture expert.

Preventing mobile malware in CSP's network. Android honeypot for antifraud
Organizers:
Official support:
Participating:
Gold sponsor:
Silver sponsor:
Silver sponsor:
Silver sponsor:
Title media partner:
Gold media partner:
Silver media partner:
Strategic media partner:
Strategic media partner:
Media partner: