|0730-0800||Announcements and Remarks||cedoXx & Omar Ωr|
|0800-0900||The Bug Hunter’s Methodology||Jason Haddix|
|0915-1015||Securing AND Pentesting the Great Spaghetti Monster (k8s)||Kat FItzgerald|
|1030-1130||Guerrilla Red Team: Decentralize the Adversary||Christopher Cottrell|
|1145-1245||Evil Genius: Why you shouldn't trust that keyboard||Mauro Caceres & |
|1300-1400||Combining notebooks, datasets, and cloud for the ultimate automation factory||Ryan Elkins|
|1415-1515||Deep Dive into Adversary Emulation - Ransomware Edition||Jorge Orchilles|
|1530-1630||Introducing DropEngine: A Malleable Payload Creation Framework||Gabriel Ryan|
|1645-1745||Zero Trust - A Vision for Securing Cloud and Redefining Security||Vandana Verma|
|1800-1900||What college kids always get wrong, the art of attacking newbies to blueteam||Forrest Fuqua|
|1915-2015||Android Malware Adventures||Kürşat Oğuzhan AKINCI & |
Mert Can COŞKUNER
|2030-2130||Making Breach and Attack Simulation Accessible and Actionable with Infection Monkey - from IT to the C-suite||Shay Nehmad|
|2145-2245||Android Application Exploitation||Kyle Benac (aka @B3nac)|
|2300-midnight||Offensive Embedded Exploitation : Getting hands dirty with IOT/Embedded Device Security Testing||Kaustubh Padwad|
Jason Haddix is the Head of Security for a leading videogame production company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and also held the #1 rank on the Bugcrowd leaderboard for two years. He is a hacker and bug hunter through and through and specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children.
Kat FItzgerald - @rnbwkat - Drummer, hacker, defender against rogue appliances #IoT, diver, photographer, lover of fine tequilas & dancing flamingos. CEO
Christopher Cottrell is a security engineer and leader, focusing most of my career on offensive operations. I have built red teams, contributed to published works, open-sourced tools, and publicly discussed adversarial techniques. When I am not doing operations, I am refining long term strategy, uplifting the security community through red team mentoring programs, or learning about new adversarial techniques.
Ryan Elkins leads the cloud security architecture program for Eli Lilly and Company. Elkins has over 12 years of security experience leading programs across the financial, insurance, and pharmaceutical industries. Throughout his career, he has developed cloud and application security programs, managed a global security services center, performed security consulting, and has led a global information security program. Elkins holds the CISSP and CCSP certifications, a bachelors degree in Computer Technology, and a masters degree in Information Security.
Jorge Orchilles is the Chief Technology Officer of SCYTHE and co-creator of the C2 Matrix project. He led the offensive security team at Citi for over 10 years; a SANS Certified Instructor; author of Security 564: Red Team Exercises and Adversary Emulation; founding member of MITRE Engenuity Center of Threat-Informed Defense; CVSSv3.1 working group voting member; co-author of a Framework for the Regulatory Use of Penetration Testing in the Financial Services Industry; ISSA Fellow; and NSI Technologist Fellow. Jorge holds post-graduate degrees from Stanford and Florida International University in Advanced Computer Security & Master of Science.
Gabriel Ryan is an offensive security engineer at SpecterOps with nearly 8 years of programming experience in C and Python. Previously, he worked at Gotham Digital Science, where he was heavily involved in their research program GDS Labs. He is the creator and active developer of EAPHammer, a weaponized version of hostapd for performing rogue access point attacks against WPA/2-EAP networks. He is also credited with the first working bypass of 802.1x-2010, along with improvements to existing techniques for bypassing 802.1x-2004. Gabriel's most recent research involved novel proof-of-concept attacks against WPA3's "Enhanced Open." His current endeavors involve deep dives into Kerberos abuse on both Windows and Linux platforms.
President @Infosecgirls , Board-BoD @owasp , Leader @OWASPBangalore , WoSec, Work @IBM Co-organizer @bsidesdelhi
Kürşat Oğuzhan Akıncı is a Security Engineer at Trendyol. He is also a team leader of Blackbox Cyber Security which is Turkey's first cyber security volunteer group, coordinator and mentor of Turkcell CyberCamp and Turkish Airlines CyberTakeOff. In his free time Kürşat is performing security researches in the form of bug bounty in which he has found several vulnerabilities in critical institutions such as NSA as well as helping Mert Can to break into C&Cs.
Mert Can Coşkuner is a Security Engineer at Trendyol. He is maintaining a Penetration Testing and Malware Analysis blog at medium.com/@mcoskuner. In his free time Mert Can is performing mobile malware research and threat intelligence.
Shay Nehmad is a lead developer at Guardicore, where he is working on the Infection Monkey, an open-source breach and attack simulation tool. Over the last few years in the IDF, Shay amassed extensive experience in both Information Security and Software Development.
Forrest Fuqua (JRWR) - JRWR creator of Hatchan, 3 years of NECCDC (Collegiate Cyber Defense Competition) Redteam, and defense industrial base cybersecurity pentester / auditor has been seeing all the mistakes everyone is making and works hard to try and get people to understand why its important to get your shit together.
Kyle Benac (aka @B3nac) currently works as a full time Security Researcher at Acronis SCS. Prior to this, he obtained his Bachelors of Science in Software Development and Security while active duty Air Force. He really enjoys hacking Android applications and participating in bug bounty programs. Creator of the InjuredAndroid Capture the Flag (CTF) training application and developer of HackerOne’s BountyPay Android application. Listed as a Top Contributor for the OWASP mobile security testing guide with over 58 contributions to the manual.
Kaustubh is a Product security Assurance Manager at Reliance Jio Platform limited, his main work include Securing JIO’s Cutting Edge Enterprise, Consumer, and SMB(small,Medium,Big) business products. His main area of interest is Device security,Reverse engineering, discovering RCE,Priv-esc bugs in proprietary or close source devices. He was Null champion, He had deliver more than dozens of talk in null meet and he was champion for 3 years in null community. Also he was a speaker at Owasp SeaSide 2020,Bsides Boston 2020. Some of his works are published in SecurityWeek, ExploitDB, 0day.today and have more than Dozens of CVE, Recently he was the winner of SCADA CTF @ nullcon 2019.