https://cyllective.com/team -> ctrl+f -> "sophus"

  • Grand Theft Data - 101 Exfiltration Techniques

Aleks is a security researcher with a passion for vulnerability research, exploitation and reverse engineering.

  • Recycling via code execution
Amit Sharma

Amit Kumar Sharma is a Security Evangelist with more than 10 years of experience in Application Security and Fuzz testing. He has worked in various roles including but not limited to Penetration Testing and Red Teaming. During his career he got a chance to work with various technologies in the domain of Telecom, Medical, ICS and Automotive Security. He works as a Security Specialist with Synopsys Inc , an organisation which provides Products and Consultation on how security fits in the SDLC and evangelising technologies like IAST, Open Source Security, Binary Analysis and Fuzz testing to uncover security issues. Currently his areas of research includes DevSecOps, Security in SDLC, Kubernetes Security and Secrets Management.

  • API Security in the world of Microservices
Andrea Mambretti

Andrea Mambretti is a system security researcher at the IBM Research Zurich laboratory. He holds a PhD in Cybersecurity from Northeastern University, and a Bachelor's and a Master's degree in Computer Engineering from Politecnico di Milano.
His research interests lie in systems and hardware security. His work has been published in top academic conferences such as IEEE S&P, NDSS, ACSAC, EuroS&P and RAID, as well as presented at top industry conferences such as Black Hat, CanSecWest, and PacSec.

  • The Dark Age of Memory Corruption Mitigations in the Spectre Era

Just an engineer who specializes in incident handling and increases the cyber resilience of IT systems. I handled and advised on ransomware incidents around the world, contributing to the state-level cybersecurity standards and guidelines.

The most direct person you will meet in your life. Not a cybercelebrity.

  • No Fluff Stories Part 1: Your Hypervisor is (un)Safe and (in)Secure.
Anne Jan Brouwer

Bla toto

  • Hack all the CI
Antonio Zekić

Antonio Zekić is a senior information security consultant in Diverto d.o.o. He is experienced in penetration testing and reverse engineering. In spare time he enjoys fuzzing, reversing and exploit writing with an emphasis on iOS/macOS vulnerability research. He is a regular speaker at the security events in the region.

  • Low hanging apples

CSIRT Lead at KPN Security, Incident Responder, Threat Intel Analyst, Forensicator, Miscreant Puncher

  • Kickstart your CSIRT
Bojan Zdrnja

Bojan is the Chief Technical Officer in INFIGO IS, a Croatian information security company. He leads INFIGO's offensive team, which is full of amazing researchers and one of the biggest in the region.
Besides this, Bojan is also a SANS certified instructor. He teaches the SEC542 (Web application penetration testing and ethical hacking) course, which he also co-authored.
Finally, he is a senior SANS Internet Storm Center handler, where he tries to regularly analyze new attacks and post (hopefully) interesting information about them.

  • Deep dive into Windows relaying attacks

Professional shitty prototype builder

  • Self-Hosted AI for Good, Evil and Everything In-Between.
Christos Tsiakoulas

Reverse engineering is always easier with a hammer

  • Support your Local Admins
  • Lockpicking Corner
Dr G

After ~20 years in the UK, Dr Greg moved to the UAE when he was invited to be part of the thought leadership initiative to safeguard the future of a smart-led digital ecosystem. Among the many interesting projects, the most well-known has been his role as the vCISO for EXPO 2020 Dubai. His current role remains for the time-being confidential.

Back in London he was part of the EY Cyber team in OTS/TAS, delivering a globally market-leading proposition that he helped shape and structure, in order to provide decision makers in multi-m/billion investments (M&A) the ability to identify & quantify the risk-exposure in existing & emerging Cyber threats.

During his 20 years of experience, he has engaged with companies around the world sharing his expertise and ensuring that business entities within different sectors (such as banking, payments, maritime, defense & space) have in place security-in-depth practices. His background includes thought-leading security research, experience in defending mission-critical systems and leading technical security assessments, exposure to the CyberDefense department of the military and protecting high-value assets.

BSc in Software Engineering, MSc in Computer Systems Security and as part of his PhD he designed/implemented (PoC) the intelligent engine of what you would call today a next-gen SIEM/XDR with "notional understanding" of network events (a "flavour" of AI/ML) for real-time Threat Assessment.

Background, experience, and studies include: Glamorgan ISRG, accepted at the Applied Cyber Security at MIT, and Harvard's Cybersecurity Managing Risk, which can be invaluable when it comes to identifying hidden risks & safeguarding digital ecosystems of high complexity, backed-up by proven research & based on what is indeed considered best practices and state-of-the-art.

Dr. Greg has presented in security conferences, workshops, and summits over the years. Among other responsibilities, he has assisted ENISA as part of the NIS Experts in reviewing and designing incidents for Cyber Europe. Organizer for Security BSides Athens and Amsterdam, and OWASP London Chapter leader. Thinking ahead and outside-the-box when dealing with InfoSec challenges, is one the key characteristics of his talks.

  • La Casa de Papel = (POS * Security Mindset) + Research / Con Artist Skills + SE

InfoSec (Pentesting) | CTF @Sauercl0ud @allesctf | CCC Foo @chaosdorf | hanging out with @milliways at events

  • r2wars
  • Werewolf
  • Werawolf

has been part of the Tails documentation translation team since 2016, contributing to the spread of consciousness about rights in the use of the Internet and digital self-defense workshops, both about avoiding tracking by GAFAMs (Google, Apple, Facebook, Amazon, Microsoft) and about self-defense of bloggers, journalists, doctors, lawyers, and people active in human rights advocacy or in conflict zones.

  • Tails, The Amnesico Incognito Live System

Cybersecurity researcher mainly interested in infrastructure security and exploitation. I also perform malware analysis and post-incident analysis.

  • No Fluff Stories Part 1: Your Hypervisor is (un)Safe and (in)Secure.
Jaromir Horejsi

Jaromir Horejsi is a Senior Threat Researcher for Trend Micro Research. He specializes in tracking and reverse-engineering threats such as APTs, DDoS botnets, banking Trojans, click fraud, and ransomware that target both Windows and Linux. His work has been presented at RSAC, SAS, Virus Bulletin, HITB, FIRST, AVAR, Botconf, and CARO.

  • Abusing Electron-based applications in targeted attacks

Young hackers from Hungary teaching others how easily some locks can be opened with the right toolset.

  • Lockpicking Corner
Kirils Solovjovs

Kirils Solovjovs is an IT policy activist, bug bounty hunter, and the most visible white-hat hacker
in Latvia having discovered and responsibly disclosed or reported multiple security vulnerabilities
in information systems of both national and international significance. He has extensive experience
in social engineering, penetration testing, network flow analysis, reverse engineering, and the
legal dimension.

He has developed the jailbreak tool for Mikrotik RouterOS, as well as created e-Saeima, helping the
Latvian Parliament become the first parliament in the world that is prepared for a fully remote
legislative process.

  • Security Impress Karaoke
  • MITM on PSTN -- novel methods for intercepting phone calls

Vlatko Kosturjak is security consultant at Diverto where he helps clients to reach desired security level(s). He likes to break and build depending on the mood and time of day(night). Beside security, his passion is open and free software, so he authored many open source offensive tools and contributed code to various free security software.

  • AV/EDR bypass with Go

Providing IT-Wizardry in exchange for money for over 20 years. Boldly managing systems where angels fear to tread and configuring products without proper documentation. Easily distracted by everything shiny, blinky and new. Lover and collector of old computers, terminals and IT infrastructure.

  • SSH Configuration, Intermediate Level
Lucas Lasota

Lucas works for the FSFE as Senior Project Manager Legal. Lucas has background in contract, technology and telecommunications law. Over the years he got experience in the academic sector as well, achieving a Master and PhD in law. For him Free Software is a precondition for a safe, neutral and healthy digital environment. He is also a lecturer and researcher at the Humboldt University of Berlin.

  • Device Neutrality: or how to safeguard Free Software in devices
Mackenze Jackson

Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations.
Today as a Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

  • The internet is broken - The modern supply chain made us vulnerable

Does weird things with Macs, BSD and Karaoke.

  • Karaoke night (again)
  • USB, how does it even work? Certified USB4 (Version 2.0)
Marios Kourtesis

Currently I am working as a senior application security engineer at fintech start up called Kevin. In the past, I have worked for many years as a security consultant leading penetration testing, red teaming and threat intelligence for M&S in London. I am OCSP, OSCE and CISSP certified. I do enjoy doing research and my passion/interest is on Offensive security.

  • Security in Cloud Kubernetes Services: Attacking and Defending Cloud
Miguel Angel Hernandez Ruiz

Best to visit my LinkedIn profile but below is a summary: https://www.linkedin.com/in/miguelangelher/

I am a security passionate. I like security since I can remember and my security journey has driven me to all sort of security related jobs like cloud security architect, security engineer, security researcher, security consultant, security analyst or web application penetration tester, to name some of them. I like to consider myself a security off road which just loves security regardless of the angle it is looked from.

OSCP, CEH, SPSE, CISA, CISM, IRCA LA 27001, ISTQBf, ITIL-f and FCE (English level B2) demonstrate my continuous commitment with being in the security edge. I want to be better in security day by day.

Apart from conferences delivered within Training Centers, Universities and High Schools some of the most remarkable ones I have delivered a conference in have been: BATOI CyberSecurity Day '23, ConTEST NY 18, Test Automation Day 18, Eurostar '16, OWASP '15, Cybercamp '15, Expo QA '14, VLC-Testing '14 and '15, After Test, Test Academy, Expert Witnessing mentor, etc. have been some of the conferences and events I have been giving talks in. Each talk or Master Class is a new challenge for me!

One driver: Never miss a chance to learn!

  • Security in Cloud Kubernetes Services: Attacking and Defending Cloud
Milan Gabor

Milan Gabor - founder and CEO
Milan is a certified ethical hacker, cybersecurity professional, lecturer at many cybersecurity conferences at home and abroad, trainer, researcher, security consultant, and TEDx speaker.

As founder and CEO of Viris, Milan has built the security firm and turned it into a major player in the penetration testing market. In addition to his executive role, Milan manages internal research and development, ensuring the company remains on top of the list of the best security companies.

As a trainer, Milan has held many different training courses about cybersecurity.

As a security researcher, Milan has led some development and exploitation projects. He has been asked for his professional opinion by all major media, like Monitor, POP TV, RTV SLO, Večer, and others.

  • All your hashes are belong to us
Milan Kragujević

A 23 year old software developer, with a wide range of interests and hobbies. Known in Serbia for being hailed as a "wunderkind" at age 11, creating Browser Popcorn - a Popcorn Time clone that works in the browser - at age 14, and recently as a telecommunications and networking enthusiast. A notable current project is a telco news portal for the Serbian and CEE market, a leading authoritative voice on telecommunications in the region.

  • How I accidentally became an ISP

I was passionate about taking things apart since I was a kid, now my hobbies and work revolve around how things work.

  • RFID access control, what it is and how to exploit it

My name is Nikola Todorovic and I am working as lead blockchain engineer at OriginTrail. Interested in cryptography, security and playing CTFs. Currently, I am coach of Serbian national team for European Cybersecurity Challenge (ECSC) and member of Hacklab Belgrade. Other projects: PSSOH conference, DESCON, LiBRE! magazine, CyberHero (Serbian Cybersecurity Challenge)...

  • Exploiting Smart Contract Vulnerabilities
  • Rakija Leaks
  • Opening ceremony
  • Concert Kavers
  • Closing ceremony
  • Ligtning Talks
  • After Party
  • BalCCon2k23 Badge
Riccardo Mori

Riccardo Mori is a security researcher working at Quarkslab in the automated
analysis team, his main research topics include binary diffing and binary exporters.

He is an active developer of both internal and open-source tools developed in the

  • Binary Reverse-Engineering and Batch Binary-Diffing
Robert Simmons

Robert Simmons is Principal Malware Researcher at ReversingLabs. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, botconf, and DerbyCon among others.

Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.

  • Beginner's Malware Analysis Workshop
  • Malware Analysis Topics: Instrumented Binary Emulation
Robin David

Robin David is a french software security researcher focused on reverse-engineering
and software testing (fuzzing, symbolic execution). Originally, attacking obfuscated
software during its PhD at the Atomic Energy Comission (CEA) he is now full-time
security researcher at Quarkslab where he is leading the automated analysis team.
He recurrently present his research in conferences like Black Hat and is trainer
for RingZero.

  • Binary Reverse-Engineering and Batch Binary-Diffing
Stefan Nožinić

My first project was financial analysis software. I also did software development in automotive industry and now my main focus is distributed systems. Currently working on distributed file server at Nutanix. We have to design and develop software which works on PB-scale data storage. When not building software, I am mentoring young computer science students in Petnica Science Center as head of computer science department. When I was young, I used to write articles for e-magazine about free software which was hosted by LUGoNS. Big lover of functional programming paradigm and math.

  • Formal specifications of systems - why and how?
Stevan Gostojić

Stevan Gostojić is a full professor at the Faculty of Technical Sciences in Novi Sad. His professional interests include legal and regulatory technology, digital forensics, and digital governance. He heads the Masters in Information Security and the Digital Forensics Laboratory and is a court-appointed IT expert witness in his capacity.

  • Masters in Information Security at Faculty of Technical Sciences
Travis Goodspeed

Travis Goodspeed is a neighborly reverse engineer from Southern Appalachia, where he spends his days reverse engineering Soviet clones of Japanese electronics in his laboratory. He has tried (and failed) to introduce Turbofolk to the Grand Ole Opry

  • Photographing Bits of Firmware
  • Photographing Bits Workshop
Vanja Svajcer

Vanja Švajcer works as a Technical Leader for Cisco Talos. He is a threat researcher with more than 20 years of experience in malware research and threat intelligence.

Vanja enjoys tinkering with automated analysis systems, reversing binaries and analysing mobile malware. He presented his work at conferences such as Virus Bulletin, RSA, CARO, AVAR, BalCCon, BSides and others.

  • Analyzing Android Malware — From triage to reverse-engineering
Vladan Nikolic

Long time IT and security consultant focusing on hardware security.

  • ATM (in)Security

Go Dev
Contact: https://wolfy.me

  • Lockpicking Corner
  • Hack The Planet! ...But It's Mostly Water?!