applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Speaker Bios

Advanced and intermediate security training and technology enhancement for information security professionals.

Bios

Zach Lanier

Zach Lanier is a Security Researcher with Veracode, specializing in network, mobile, and web application security. Prior to joining Veracode, Zach served as Principal Consultant with Intrepidus Group, Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. He has spoken at a variety of security conferences, including INFILTRATE, ShmooCon, and SecTor, and is a co-leader of the OWASP Mobile Security Project. Zach likes Android, vegan food, and cats (but not as food).

Andrew Reiter

Andrew Reiter has been professionally involved with the security industry since the late 1990s. He has worked as a security researcher for Foundstone, BindView, and WebSense; currently, his research is being conducted at Veracode. Andrew is a former FreeBSD developer where he worked on the SMPng and TrustedBSD projects and holds a BS and MS in Mathematics from UMASS-Amherst.

David Sanchom

Corey Benninger

Corey is a Principal Consultant with the Intrepidus Group, specializing in mobile application security. He has performed code reviews and conducted mobile application penetration tests for numerous Fortune 500 clients on a multitude of platforms, such as Android, BREW, RIM, and iOS. He has worked with nationwide telecommunication companies to help ensure the security of wireless architectures, systems, and applications. Corey is a polished public speaker and has been invited to speak at leading conferences like Black Hat, OWASP, NYCBSDCon, and Infragard. In addition, his expert opinion has been published in industry publications like eWeek. He has also published several whitepapers on cutting edge security issues, like vulnerabilities in AJAX, and the security implications of web browser data caching. Corey has an undergraduate degree from Boston University.

Max Sobell

Max is a Consultant with the Intrepidus Group. Along with traditional security assessments, Max frequently reviews embedded devices prior to product releases to ensure both hardware and software meet industry best practices. He has done extensive hardware security research, notably in the fields of radio frequency identification (RFID) and near field communication (NFC). Prior to joining Intrepidus, Max worked in the financial sector implementing algorithms for high speed automated trading and in international trade analyzing markets. Max has spoken at security events ranging from SecTor and IEEE to OWASP and other local conferences. Max graduated from NYU with a BS in Computer Science and from Stevens Institute of Technology with a BE in Computer Engineering. He received a Founders Day award at NYU and was on the Dean's List at Stevens. His senior project at Stevens, RFnoID, won the Senior Design Award and 3rd place at the IEEE Northeast regional competition.

Bogdan Alecu

Bogdan Alecu works as a System Administrator for a large IT service company in Romania and he is a frequent speaker at security conferences. He received his BSc in Business Information Systems from the “Alexandru Ioan Cuza” University of Iasi. Bogdan has researched for many years in mobile security, starting with Voice over IP and continuing with GSM, discovering security flaws in the way VoIP was implemented by different companies and in the way binary SMS was implemented. His latest research in the GSM security could allow a potential attacker to perform a remote SMS attack which can force mobile phones to send premium-rate text messages.

Julien Bachmann

After my studies at EPITA, where I also taught a course on software exploitation, I started to work as a security engineer with assignments focused on penetration testing and forensics. My r&d projects are oriented toward OS internals, reverse engineering and software exploitation. Beside from working at SCRT I also wrote some paper for the french magazine MISC (more below) and I am part of the organization of Insomni'hack, a hacking contest taking place in Geneva (Switzerland). I am also writing articles on our company's blog (http://blog.scrt.ch/author/julienbachmann/) when time permits.

Patrice Auffret

Patrice Auffret [1] (GomoR [2]) is a senior security engineer specialized in network protocols hacking and reverse engineering [3]. He is author of multiple Perl modules [4] to craft network packets (Net::Frame framework, and many protocols like LLTD, OSPF, or ICMPv6). He wrote multiple articles in french security magazine MISC [5] and also spoke at security conferences including IT Underground 2007 (OSPF Attack Shell tool) and SSTIC 2008 [6] (SinFP operating system fingerprinting tool).

Michele Orru

Michele Orru a.k.a. antisnatchor is an IT and ITalian security guy. Lead core developer of the BeEF project, he mainly focuses his research on web applications security and related exploitation techniques. He is a frequent speaker at hacking conferences, including CONFidence, DeepSec, Hacktivity, SecurityByte, AthCon, HackPra, OWASP, 44Con and more we just can't disclose. Besides having a passion for hacking and being a Senior Spider (for Trustwave SpiderLabs), he enjoys leaving his Mac alone, whilst fishing on salted water and praying for Kubrick's resurrection.

Anibal Sacco

Anibal Sacco is a Sr Exploit Writer and Reverse Engineer at CORE Security Technologies. He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 6 years. Focusing first in windows kernel-mode vulnerabilities and rootkit development, and lately in OSX vulnerabilities and embedded devices.
He is currently in charge of the OS X exploits area and as researcher, he has presented in some of the most important security conferences like Black Hat, CanSecWest, SyScan and Ekoparty. He also published several advisories addressing multiple vulnerabilities.

Federico Muttis

Federico Muttis is a Sr Exploit Writer working for CORE's Exploit Writers Team. He works developing exploits for a wide variety of platforms, including Windows, Linux, Solaris and AIX, among others. This includes binary exploitation of both remote and client-side vulnerabilities, as well as web application vulnerabilities.
Federico also researched Cisco IOS exploitation, presented some research on the academical field (ECI -UBA) and published several security advisories. He is currently researching Mobile Devices exploitation.

Thomas Roth

Hi, I'm Thomas Roth, a guy from Cologne, Germany who is interested in security research, programming and everything that's kind of hackable.
His phone security code used to be 0862 until his mom hacked it.

Alexander Chemeris

Alexander Chemeris is a software developer and CEO of Fairwaves, an open source telecommunications company based in Moscow. Tim Redfern is a developer, visual artist and designer based in Dublin whose practice encompasses digital media, programming and electronics.

Nikhil Mittal

Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has many years of experience in Penetration Testing of many Government Organizations of India and other global corporate giants. He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using HID in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use Teensy in penetration tests and Nishang a post exploitation framework for PowerShell. In his free time, Nikhil likes to scan full IP ranges of countries for specific vulnerabilities, does some vulnerability research and works on his projects. He has spoken/trained at various prestigious conferences like BlackHat USA, RSA, BlackHat Europe, PHDays. GrrCON and many more.