BalCCon2k25

I’m 3iHP0S, and I’ve been actively involved in the hacker community since last year’s BalCCon. While I’m still early in my journey—with almost two years of experience by the time of this conference—I've been diving head-first into the physical side of hacking through locksport and capture-the-flag events.

My recent focus has expanded into the world of digital forensics and incident response, where the mindset of careful investigation and unconventional thinking continues to drive my curiosity. I enjoy approaching security through practical puzzles, whether it's decoding a strange lock or tracing a suspicious digital footprint. I believe hacking is about seeing systems in ways others don’t—and I hope to spark that perspective in others through my talk.

Aleksandar is a security researcher with a primary focus on finding memory corruption vulnerabilities. Both for fun and work, Aleksandar has performed reverse engineering, fuzzing, and code auditing on dozens of projects written in C and C++.

In his spare time he likes to tinker with devices around him and has previously published writeups of his reverse engineering efforts of useless cameras, obsolete car systems and x-ray imaging.

Ali is a cybersecurity researcher with over a decade of experience in the field. He is currently the Application and Offensive Security Manager at Canon EMEA. Ali is a regular speaker or trainer at industry conferences and events such as BlueHat, Confidence Conf 2020, Hack In The Box 2023 AMS, DefCon 3x, IEEE AI-ML-Workshop-2021, SSD TyphoonCon 2x, c0c0n, BSides Toronto, Budapest, Calgary, Newcastle, Barcelona, OWASP Ottawa chapter, LeHack2022, NoNameCon, YASCon, COUNTERMEASURE Conference, DragonCon, COSAC 2022, Hacktivity, DefCon Holland, etc.
Moreover, he was a trainer at OWASP Summer of Security 2020 and 2021 July training and a reviewer for Springer Cluster Computing Journal/Elsevier and the 2021 Global AppSec U.S. event. Ali is a Microsoft MVP and has published a book, as well as several papers and blog posts.

Exherbo Linux developer

Amelia has worked for a long time on various regulatory aspects of technology and the internet. She's a committed European.

Andrey Konovalov is a researcher focusing on the Linux kernel and USB security areas. Andrey implemented the Raw Gadget interface discussed in the workshop and also maintains a list of USB hacking– related links. See xairy.io for all of Andrey's articles, talks, projects, and trainings.

After completing his Master's degree in Computer Science at ETH Zurich, Antoine has held various security-oriented IT roles as a system administrator, software developer, penetration tester, and security analyst. He joined Swisscom in 2019 in the Computer Security Incident Response Team (CSIRT) and took on the technical lead of the Bug Bounty Program in 2022.

BalCCon orga

Senior Application Security Engineer @Hepsiburada

I am a medical doctor working in public health, a medical informaticist and a writer. I am interested in how the digital world influences our functioning and well-being as humans.

I'm Dusan, and I'm excited to be presenting at a conference for the first time! My professional journey led me to the role of a system engineer and people manager in the gaming industry. My passion for cybersecurity fuels my insatiable curiosity and lifelong commitment to learning.

A guy sometimes - if he is not too lazy - making badges for BalCCon. Tech enthusiast that also considers economic and geopolitics as a key element in our digital future.

Goran Mahovlić (electronics tech) worked for years in repair shop for informatics and bank equipment. Moved on to a developer for low power wireless technologies (LoRA/nbIOT) and measuring systems. Currently self employed in Intergalaktik d.o.o. working on opensource HW solutions, mostly FPGA boards. With constant urge to take apart any device within reach and find out it’s secrets, Goran is equally successful at hardware and software hacking, from cheap products, up cycling old tech, to serious work in technology and microprocessor development. He is a tech coordinator at Radiona. In past, Goran led a number of accomplished workshop and presentations, regular member of Radiona projects and exhibitions, lead and founder of Radiona SmartZG network. Among his work is founding the Lemilica.com portal, for which he writes.

Hasan Ekin is a Penetration Tester at Tripadvisor, specializing in offensive security and vulnerability research. He performs penetration tests on web applications, APIs, Active Directory environments, and AWS infrastructures.

Hetti is an IT Security Expert based in Vienna and part of the finest Viennese Hackspace Metalab.

During day he is breaking IT infrastructure for a living and at night he works on fun hacking projects and deals with state-of-the-art legacy infrastructure.

He enjoys traveling to community based IT (Security) Conferences and Camps.
You can also find him at the Chaos Computer Club Vienna (C3W) where he is mainly involved with Chaos Macht Schule (CmS).
Sometimes he was hunting flags with the successful academic CTF Team We_0wn_Y0u.

• Gerhard "ikarus" Klostermeier
• Interested in all things concerning IT security - especially when it comes to embedded devices or radio protocols.
• Penetration tester (10+ years).
• Speaker at GPN 2013/2018/2024, Ruxcon, DeepSec, Black Alps, Confidence, and more.
• Author of the Mifare Classic Tool Android app.

Christian Herrmann, better known in the hacker community as “Iceman”, is a co-founder of
AuroraSec and RRG, and has helped develop many of today’s most widely used RFID
research tools, including the Proxmark3 RDV4 and the Chameleon Mini. He is a well-known
RFID hacking and Proxmark3 evangelist, serving the community as both a forum
administrator and a major code contributor alongside other developers since 2013.
Christian has spoken at hacker conferences around the world, including Troopers, Black Hat
Asia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, and SaintCon.
He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.
With over 14 years of experience in bespoke software development, Christian specializes in
.NET platforms and is a Certified MCPD Enterprise Architect.
He possesses near-unmatched expertise in the Proxmark3 architecture and various RFID
technologies, and has served as an instructor for Red Team Alliance (RTA), including training
sessions at Black Hat.

Janos Kovacs is newcomer to the Healthcare IT, with a decade of experience gained in the field of product cybersecurity. He has contributed to the establishment of the product cybersecurity management systems for several global manufacturers. Since 2025 he works on keeping cancer treatment secure as part of Varian Product Cybersecurity Team.

Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, teacher, honorary doctor, occasional YouTuber, creator of the first electronic badges for DEFCON, member of L0pht Heavy Industries, and former technological juvenile delinquent.

Joseph is an award-winning cybersecurity professional with over 30 years of experience in enterprise security. As the Chief Security Evangelist and Advisory CISO at Segura, he focuses on identity security and building resilient cybersecurity strategies.

Joseph holds CISSP and OSCP certifications, advises governments and critical infrastructure sectors, and speaks globally on cybersecurity topics. He is the author of Cybersecurity for Dummies, read by more than 50,000 professionals worldwide, and regularly contributes to leading publications such as The Wall Street Journal and Dark Reading. Joseph regularly shares his knowledge and experience giving workshops on vulnerability assessments, patch management best practices, the evolving cybersecurity perimeter, and the EU General Data Protection Regulation.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, known for uncovering and responsibly disclosing critical security vulnerabilities in national and international systems. An expert in penetration testing, network flow analysis, and reverse engineering, he is also a lifelong command-line enthusiast. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor. He uses bash daily for hacking, automation, and large-scale data processing and is sometimes contracted by major online education providers to proofread their bash certification exams. He currently is the lead researcher at Possible Security.

I'm a computer scientist and software engineer, born and raised in Novi Sad, Serbia. I did some teaching at FTN, University of Novi Sad. Currently, I'm working on cool OS projects at Huawei Dresden Research Center in Germany.

Lightning Talks with Toni, Blahaj and Will

Does strange things with Macs, BSD, SSH, and even Linux by now. Herder of PETs. Likes to support the community and sharing knowledge. I can certainly learn something from you, tell me about your special interests.

Robert Simmons is a Malware Researcher. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert, also known as Utkonos, has a background in Biology, Linguistics, and Russian Area Studies. He has spoken on malware analysis and reverse engineering at many of the top security conferences including BalCCon, DEFCON, HOPE, botconf, and DerbyCon among others. He is also the maintainer of plyara, a YARA rule parser written in pure python as well as x64dbgbinja the official connector integration between x64dbg and Binary Ninja.

Mathias Payer is an associate professor at EPFL, leading the HexHive group. His research centers on strengthening software and system security in the presence of vulnerabilities. His broader interests include fuzzing and sanitization to uncover and address flaws, developing effective mitigations to protect against the exploitation of unknown or unpatched bugs, and employing fault isolation to enforce privilege separation. Mathias joined EPFL in 2018 where he founded the Polygl0ts CTF team. Previously, he was an assistant professor at Purdue University, a PostDoc at UC Berkeley, and a PhD student at ETH Zurich.

I'm currently in my second year of Master's studies at the Faculty of Electrical Engineering, University of Sarajevo, focusing on Automatic Control and Electronics – the same field where I completed my Bachelor's degree. My Master's thesis delves into using FPGAs and open-source tools for the characterization and automated acquisition of electronic component parameters, with a focus on quartz oscillators. Since January, I've been working as a freelance FPGA engineer with my colleagues at Chili.CHIPS*ba, where my contributions primarily involve the uberClock project (https://github.com/chili-chips-ba/uberClock).
You can connect with me on LinkedIn: www.linkedin.com/in/minela-sultanović-849301194

Miodrag is a software engineer at YosysHQ and has been involved in the development of nextpnr from the very beginning, also working on development of other FPGA open source tools and making sure up to date builds are always available for community.

I am currently a second-year Master's student at the Faculty of Electrical Engineering, University of Sarajevo, where I also earned my Bachelor of Electrical Engineering degree in Automatic Control and Electronics. My Master's studies continue in this same field. Since January, I have been working as a freelance FPGA engineer with my colleagues at Chili.CHIPS*ba, contributing to projects such as openCologne (https://github.com/chili-chips-ba/openCologne) and uberClock (https://github.com/chili-chips-ba/uberClock). Additionally, in July of this year, I began an internship in Embedded Systems. You can also find me on LinkdIn: www.linkedin.com/in/nikola-sokolović-78561823b.

Radio amateur, FOSS advocate, loves to tinker with things that have to do with electronics and/or software, and enjoys taking part in CTFs from time to time.

Philippe Laulheret is a Senior Vulnerability Researcher at Cisco Talos. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them to behave in interesting ways. Philippe presented multiple projects covering hardware hacking, reverse engineering and exploitation at DEF CON, Hardwear.io, Eko Party and more. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

With over 17 years of experience in the field of Cybersecurity, Sandra is a Cyber Security Officer and leads the Cyber Exercises Service at the United Nations International Computing Center (UNICC). Previously, she was a researcher in the Technology Branch at the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) and was part of the Joint Cyberspace Command (MCCE) since its creation, serving there for 11 years.
Her main areas of expertise are penetration testing, red teaming, and exploiting, as well as -previously- digital forensics, threat hunting, and incident response.
She is a regular participant and part of the organization as a Red Team leader in various international cyber exercises, with over 14 years of experience leading, organizing, and serving as core team member in some of the world’s most complex and specialized cyber exercises, such as Locked Shields, Crossed Swords, Cyber Coalition (ENISA), Coalition Warrior Interoperability Exercise (NATO), International Cyber Defense (DoD), Ciberbastión (MCCE), multiple exercises for the Spanish Ministry of Defence, and various CTFs organized by SANS and other international organizations.
Sandra is also a frequent speaker at national and international cybersecurity conferences and has taught in several Master’s programs at the Universidad Autónoma de Madrid.
She holds a degree in Telecommunications Engineering and a Master’s Degree in ICT Security from the Universidad Europea de Madrid, along with certifications such as OSCE, OSCP, GXPN, among many others.
She has been awarded the Aeronautical Merit Cross with White Distinction and is a member of the #SomosMujeresTech group, which aims to promote the visibility of women in leadership roles within the technology and innovation sectors.

Former Police Officer from Argentina, now a Cloud Incident Responder and Security Engineer with over 10 years of IT experience. A Digital Nomad an international speaker, I've presented on Cloud Security and Incident Response at Ekoparty, FIRST, Virus Bulletin (three times), Hack.Lu, and various BSides events worldwide. I hold a Bachelor's degree in Information Security and an MBA (Master in Business Administration).

Satu is an avid enthusiast of AI security, on the board of TurkuSec, organising Disarray in October (welcome all), mentor and speaker, with topics like trustworthy AI, security of AI, and hacking AI. She's also the founder of Helheim Labs and HackAI.quest and wants to enable everyone in the cybersecurity community to learn where AI is vulnerable, brittle, and breakable with the aim that maybe then we'll have more secure and hopefully safer usage of AI.

Travis Goodspeed is a reverse engineer from East Tennessee, where he drives a 1946 Studebaker and knows all the neighborhood dogs by name. Recently he published Microcontroller Exploits, a book detailing dozens of tricks for extracting firmware from locked chips.

I am part of Bosch's Open Source Program Office where I work mostly on Open Source Management.

I have a Master's Degree in Law and experience working on intellectual property and data protection matters. During my legal studies, I became interested in legal technology and the topic of automating legal and compliance work. To pursue this interest, I enrolled in a coding school where I graduated as a Python Web Developer, acquiring skills in Python, JS, databases, and the Django Web Framework.

I am an AWS Certified Solution Architect Associate, an AWS Certified Cloud Practitioner, and an AWS Certified AI Practitioner. I am also a committer on the Eclipse Apoapsis project.

If you wish to learn more about me and my work, please see my:
- blog
- LinkedIn
- GitHub

Vlado is a technologist with an interest in the history of computing and networks, with a focus on non-Western countries before the end of the Cold War. He posts about his research on his blog, Bluesky and Mastodon.

https://blog.vladovince.com
https://bsky.app/profile/mmjs86.bsky.social
https://mastodon.vladovince.com/@mejs

Vlatko Kosturjak serves as the VP of research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. His diverse roles over the years have not only equipped him with a comprehensive understanding of security governance but also delved into the deep technical side of security. He have successful M&A experience in different fields of cyber security including application security.

Vlatko finds joy in both breaking and building security controls. Beyond his commitment to security, he harbors a deep passion for open and free software. This passion has manifested in the creation of numerous popular open-source offensive tools and contributions to various renowned free security software projects.

Throughout his extensive career and in his continuous pursuit of knowledge in the dynamic field of cybersecurity, Vlatko has acquired a long array of certifications, including CISSP, OSCP, CISM, and many more.

Freelance embedded-systems developer. I occasionally publish technical articles and explore information-security topics as a hobby. More details:

• Portfolio — https://work.zenembed.com/
• Blog — https://zenembed.com/

Zoz

PhD student at UniVie and CTF player at We_0wn_y0u. Passionate for reverse engineering, graphics programming and all kinds of low-level software development.

Adept at making devices, destroying devices or making devices that destroy other devices

Igor Brkić is software and hardware engineer from Croatia covering areas from the custom hardware and firmware development to the system and web development. He is also one of the founders of the Radiona Zagreb makerspace.

I'm a German IT-consultant who also had studied a little bit of law.

More importantly I've a lot of different hobbies. Role playing, biking and dancing among them.

But I'm also interested in privacy, security, identity as wall as open source. While I've had some hands on and have been active in different projects around these topics, my current perspective to these topics is more on a "higher" meta level, where I'm interested in the interaction between society / politics / economics and these topics.

Wanna be DPO who likes Security.

I work across offensive security, robotics programming, and embedded systems, and I'm obsessed with Lockpicking / RF / NFC / RFID Security.