In his current position at Siemens Energy, Benedikt Kuehne works on security research and penetration testing of devices used in critical environments, with a focus on embedded and hardware hacking.

Benedikt Waldvogel has been working as a software developer at cronn GmbH for over a decade. During this time, he has gained extensive experience with technologies in the Java and Spring ecosystems. One of his greatest passions is developing automated integration tests.

In the GA-Lotse project, he was part of the software architecture team and played a pivotal role in implementing its security architecture.

Bianca is currently working at the public health department of Frankfurt / Main in Germany. Her role right now is main product owner of the software project GA-Lotse.
She has been part of various software projects with a security and privacy focus in the german administration and healthcare, mainly in the field of public health.
In her spare time she is also involved in ethical hacking, for example hacking the luca App in the year 2021 or the recent breach of the german electronic health record - ePA für alle.

Boris is a renowned expert in the fields of threat hunting and software reverse engineering. He works as a Principal Security Researcher in GReAT at Kaspersky. He has discovered and investigated a number of high-profile APT attacks (e.g. Operation Triangulation - the famous attack on iOS devices) and reported two dozen zero-day exploits. While working at Kaspersky, Boris has presented his work at a large number of conferences: CanSecWest, SAS, BlueHat, TyphoonCon, CodeBlue, Chaos Communication Congress, OffensiveCon, and many others.

Brett Hawkins has been in Information Security for several years working for multiple Fortune 500 companies across different industries. He has focused on both offensive and defensive disciplines, and is currently on the Adversary Services team at IBM X-Force Red. He holds several industry recognized certifications, and has spoken at several conferences including Black Hat (US and EU), BlueHat, ShmooCon, DerbyCon, Wild West Hackin' Fest, BSides, and Hackers Teaching Hackers. Brett is also a member of the open-source community, as he has contributed to or authored various public tools, such as SharPersist, DueDLLigence, SCMKit, ADOKit, MLOKit and InvisibilityCloak.

Bruno Produit is a security researcher based in Berlin. He specializes in hardware hacking, code review and fuzzing. In his day to day work he supports companies with their security at Security Research Labs.

Caleb is a seasoned cybersecurity professional, boasting over 9 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and physical security assessments. Previously a consultant at Optiv where he obtained the OSCP, and currently serving as an Offensive Security Engineer at PayPal, Caleb orchestrates and executes red team engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Caleb demonstrates his ability to identify vulnerabilities and mitigate risks through active participation in bug bounty programs on platforms like HackerOne and PayPal, contributing as both a researcher and in supportive roles. Additionally, he has refined his skills through endpoint detection and response testing, further enhancing his expertise in cybersecurity.

Daniel Komaromy (kutyacica) has worked in the mobile security field his entire career, going on 15+ years of vulnerability research experience playing both defense and offense. He has won Pwn2Own, presented his research at industry leading conferences like Black Hat, REcon, and CanSecWest, and disclosed scores of critical vulnerabilities in major mobile vendors’ products. Daniel is the founder of TASZK Security Labs, a vulnerability research oriented security consultancy outfit, and he still follows the motto: there's no crying in baseband!

Dennis Heinze is working as a Security Analyst & Researcher at ERNW Enno Rey Netzwerke GmbH. He earned his Master’s degree in IT-Security at TU Darmstadt with a focus on network and system security. In the past, he published research on the Bluetooth technology in the Apple ecosystem with a special focus on the analysis and security of Bluetooth protocol implementations. In his work at ERNW, the focus of his work is on pentesting mobile and embedded devices as well as their communication and back end systems.

Dirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.

Dr. Baptiste David is an IT security specialist at ERNW, specialized in Windows operating system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operating system platform, kernel development and vulnerabilities research. He has given special courses and trainings in different universities in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…

Duane Michael (@subat0mik) is an adversary simulation manager, operator, and researcher at SpecterOps. He has experience operating in many Fortune 100 enterprise environments across various industries. Duane enjoys Windows security research, has presented tooling and research at Black Hat Arsenal, DEF CON, Troopers, and SO-CON, is a contributor to various open source projects, such as SharpSCCM and SharpDPAPI, and is a primary author of Misconfiguration Manager. Duane has instructed courses at Black Hat USA/EU, DEF CON, and SO-CON covering topics such as red team operations, SCCM attacks, and Windows internals.

Emanuele has 10 years of experience working in the area of IT security and he is an IT Security Analyst at Compass Security since 2019. As part of Compass Security's offensive security team, Emanuele conducts security analysis of web applications, external and internal networks, cloud infrastructures, as well as Android applications. Emanuele has responsibly disclosed vulnerabilities in different open source libraries and products, among others in products from Microsoft, Alibaba and others and is also responsible for giving various security-related trainings at Compass Security such as web application security and internal network with focus on the Active Directory security.

Enrico has worked as an automotive penetration tester since 2016. Together with Nils Weiss, he built the automotive security research lab at the OTH Regensburg and worked with several automotive manufacturers and insurance companies to find vulnerabilities and build exploit demonstrations. He is one of the founders of dissecto where he focuses on hardware development and fault injection.

Throughout his 25-year career in the IT field, Eric has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.

Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. His security research has also been recognized by Microsoft, most notably for his findings he dubbed “UnOAuthorized”. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

Fabian Bader is a Cyber Security Architect and Microsoft MVP from Germany. He focuses on security and cloud solutions and works mainly with Microsoft technologies.
From Azure cloud to on-premises Active Directory, he likes to automate stuff with PowerShell.

Besides being a speaker at community events, he blogs at "cloudbrothers.info", hosts the "Elbe Security User Group", "Hamburg PowerShell User Group" and is part of the organizing team of "PowerShell Saturday Hamburg".

❤️ PowerShell and Security 🛡️

Fabian Hagg is a Sr. Security Researcher at the Onapsis Research Labs. With a master’s degree from the University of Applied Sciences Technikum Vienna, his research interests include analyzing and securing business-critical application systems. By responsibly reporting software vulnerabilities, he regularly receives public acknowledgement from the SAP Product Security Response Team.

Fabian Mosch is Head of Offensive Services at r-tec IT Security GmbH. At work he likes to break into company networks and escalate privileges to make those environments a safer place afterwards. Evading AV/EDR systems was always of special interest for him. In the recent years and his spare time he created and shared tools/techniques/knowledge with the community under the handle S3cur3Th1sSh1t. He is founder of the company MSec Operations UG, which sells OST tools to Pentesters and Red Teams.

Frederik (he/him) is a security researcher from Germany, focusing mostly on reverse engineering and software analysis. He is currently pursuing a Master's degree in IT Security at the TU Darmstadt.

Frieder Steinmetz earned his Master’s degree on the security of embedded and cyber-physical devices from the Technical University of Hamburg. He has a background in cryptography, published work on the security of encrypted messaging protocols and malicious USB devices and Bluetooth security. He works as Senior Security Analyst at ERNW Enno Rey Netzwerke GmbH. His work focuses on pentesting mobile and embedded devices, as well as their back-end communication and infrastructure. He regularly gives Trainings on subjects such as IoT, RFID/NFC Hacking, web application pentesting and communications security.

Garrett Foster (@unsigned_sh0rt) is a senior security researcher, red team operator, instructor, and course architect at SpecterOps. He has conducted and led successful engagements against organizations from the finance, healthcare, and energy sectors. Garrett enjoys active directory security and endpoint management research and offensive tool development. Garrett has previously presented at Blackhat USA and DEFCON and is a co-author of the Misconfiguration Manager project and is the primary developer of SCCMHunter.

Gerd has been working on automotive software for decades. In 2014, he joined Mercedes-Benz Research and Development, where he is now responsible for safe microcontrollers. He was the primary technical contact for the vulnerability described in the presentation.

Hao Wang brings over 15 years of experience in cyber security and has earned widespread recognition for his innovative approaches in Offensive Security. As the leader of PayPal's Offensive Security team, he spearheads initiatives in threat emulation, web application/API security, network infrastructure security, and bug bounty programs. Hao has a strong track record of tackling complex security challenges while driving continuous improvement in organizational defense. In addition to his leadership role, Hao is a respected speaker and has presented at top cybersecurity conferences, including Black Hat USA, Troopers, BSidesLV, and SANS Summit, where he shares insights on cutting-edge threat landscapes and defensive strategies.

Christian Herrmann, better known throughout the hacker community as “Iceman”, is a co-founder of AuroaSec, RRG and helped produce many of the most common RFID research tools available today including the Proxmark3 RDV4, and Chameleon Mini. He is an RFID hacking and Proxmark3 evangelist, serving the RFID community as both forum administrator and major code-contributor alongside other community developers since 2013. He has spoken at hacker conferences around the world including Black Hat Asia, DEF CON, NullCon, Pass-the-Salt, BlackAlps and SaintCon

He has provided bespoke software development services for over 14 years specializing in .NET platforms, and is a Certified MCPD Enterprise Architect.

Christian Hermann has nearly unmatched knowledge of Proxmark3 architecture and a variety of RFID technologies, and was an instructor for the Red Team Alliance (RTA) during which also included Black Hat trainings.

Dr.-Ing. Jiska Classen is a wireless and mobile security researcher and research group leader at Hasso Plattner Institute. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.

My name is Jonas, and I am working as a Product Architect at SpecterOps. I enjoy writing ugly code to solve real and imaginary technical problems in the offensive and defensive security space. In my daily tasks, I investigate attack vectors to determine how they can be implemented in BloodHound.

I have a background as a security consultant working with customers to harden their AD and Windows infrastructure, and I have practical experience fixing and breaking customer environments with security measures such as AD tiering, Protected Users, IPSec, and disabling NTLM.

Jorge de Almeida Pinto, based in the Netherlands, is a Senior Incident Response Lead working for SEMPERIS helping customers proactively and reactively to be and remain secure. Together with his BP&R colleagues, multiple (non-)customers have been successfully helped after a breach and/or ransomware attack using the SEMPERIS solutions and methodology.
Jorge has been a Microsoft MVP since 2006, and has a specific focus on designing, implementing, securing and recovering Microsoft Identity & Access Management (IAM) technologies. Throughout the years, his experience includes work with Active Directory (AD), Active Directory Federation Services (ADFS), Microsoft Entra ID (EID) (a.k.a. Azure Active Directory), Entra Connect/Cloud Sync, Microsoft Identity Manager (MIM), and developing (security-related) scripts.

• Kazma is a university student from Taiwan and a cybersecurity intern of CyCraft — rumored to be the last surviving member of the Uchiha clan.
• His current work focuses on how Microsoft Entra ID integrates and behaves on macOS, diving deep into binary internals and real-world authentication logic.
• He’s also a CTF player with the B33F 50UP team, with a passion for reverse engineering and binary exploitation.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist, renowned for uncovering and responsibly disclosing critical security vulnerabilities in both national and international systems. Kirils started programming at age 7 and by grade 9 was spending his lunch breaks writing machine code directly in a hex editor. With deep expertise in network flow analysis, reverse engineering, social engineering, and penetration testing, he has significantly contributed to cybersecurity advancements. Notably, Kirils developed the jailbreak tool for MikroTik RouterOS and played a pivotal role in creating e-Saeima, enabling the Latvian Parliament to conduct a fully remote legislative process, the first of its kind globally. He currently serves as the lead researcher at Possible Security and as a research assistant at the Institute of Electronics and Computer Science.

Laszlo Szapula (LaTsa) started as an intern at TASZK Security Labs and is now a full time member of the vulnerability research team, where he converts Ghidra projects and Club Mates into reverse engineered code. He is focused on the low-level security of Android based smartphones, including the Android kernel, hypervisors, trustzones and basebands. As presenter, his experience includes delivering mobile exploitation trainings at conferences like OffensiveCon and Hardwear.io.

Luca Glockow is a security researcher based in Berlin. In his day to day work he supports companies with their (device) security at Security Research Labs. Luca first looked into security during his Masters where he specialised in embedded security with a focus on telco devices.

Martin Haller, co-founder of PATRON-IT, a managed security services provider (MSSP) based in the Czech Republic, is an ethical hacker and cybersecurity expert. He is deeply committed to understanding the attacker’s mindset to develop effective defense strategies, focusing on identifying and addressing critical vulnerabilities in information security. A frequent speaker at conferences, Martin shares insights from real-world audits and security incidents to help organizations strengthen their defenses. He actively engages with others, exchanging ideas and collaborating to develop better solutions for building a safer and more secure digital world. Martin holds multiple certifications, including OSCP, CHFI, ECSA, and MCSE. digital world. Martin holds multiple certifications, including OSCP, CHFI, ECSA, and MCSE.

As a security researcher and penetration tester Michael Messner has more than 10 years of experience in different penetration testing areas. In his current position at Siemens Energy, he focused on hacking embedded devices used in critical environments.

Dr Nestori Syynimaa is a Principal Identity Security Researcher at Microsoft Threat Intelligence Center. He has over a decade of experience with the security of Microsoft cloud services and is known as the creator of the AADInternals toolkit. Before joining Microsoft in early 2024, Dr Syynimaa worked as a researcher, CIO, consultant, trainer, and university lecturer for over 20 years.

Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, Black Hat USA, Europe, and Asia, Def Con, RSA Conference, and TROOPERS.

Somehow — and without ever having owned more than an iPod — Nils fell down the Apple rabbit hole and now spends their days reverse-engineering Apple’s devices and uncovering the bits of magic hiding inside the machines that surround us every day. They are interested in all things privacy & security and like to build new things every now and then, instead of only breaking what’s already there. Currently, they are pursuing a PhD in computer science at the Secure Mobile Networking Lab (SEEMOO) of TU Darmstadt.

Dr. Weiß delved into penetration testing during his Bachelor's and Master's, exploring vulnerabilities in embedded systems and entire vehicles. Active in developing open-source penetration test frameworks like Scapy, he co-founded dissecto GmbH in 2022, focusing on simplifying security diagnostics and solutions for embedded systems.

Since my Bachelor's degree in Cybersecurity 2,5 years ago I am working as a Cyberanalyst in the SOC at DATEV in Germany.
DATEV in a nutshell: tax consultants, lawyers, auditors, small and medium-sizedenterprises, municipalities, and business start-ups who use DATEV software, which meets all high standards regarding reliability, topicality, data protection, and data security. You may have noticed the green square of the DATEV logo at the airport, in magazines, or on your pay slip, and you wondered what's behind the green symbol and the company DATEV eG.
Besides SOC-work and Incident Response my interests are in Threat Hunting, Cloud Technologies and what threats exist in these environments.

Pascal Jeschke (he/him) studied computer science and social science and joined the Federal Office for Information Security (BSI) in 2021.
After supporting the secure development of the Corona Warn App and the digital CovPass App, his present main topic is Cybersecurity within doctors‘ offices.
In this field, he conducted multiple projects:
* SiRiPrax (Evaluation der IT-Sicherheitsrichtlinie) was the first project, focussing on the it-security within doctors’ offices with regard to persisting guidelines.
* Together with ERNW, SiPra (his current project) raises the question: How secure are practice management systems by default? Getting closer to an actual answer, four systems are pentested by ERNW and the results will be used to discuss further measures.

These projects align with additional projects of the BSI allowing a better evaluation of current Cybersecurity in doctors‘ offices.

Paul is a vulnerability researcher at Sonar. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing and organizing CTFs with team FluxFingers.

As an Senior Red teamer, Priyank's primary areas of focus is conducting security exercises that emulate real-world threats impacting billions of users. He is well-known for his expertise in identifying high-impact vulnerabilities and has shared his research openly through various industry conferences.

His forte is web/mobile application security assessments, network penetration testing and secure source code reviews. In the past, he has advised Fortune 500 brands and startups and does mobile and IoT related research in his spare time.

As a new parent, he is now (re)learning hacking from his toddler(s) who defeat all the "restrictions" to limit their mobility.

Rachna Shriwas is a Security Researcher based in Berlin. She is passionate about hacking and has experience in device testing and fuzzing.

Ritanshu Lohani is a researcher specializing in the outer space law and policy, with a particular focus on space security. She recently worked as a Graduate Professional with the United Nations Institute for Disarmament Research, where among other things, she supported the organization of the 2024 Outer Space Security Conference in Geneva—one of the leading conferences in the field of space security, and also observed the multilateral discussions on space security.

Previously, she served as a Legislative Assistant to a Member of Parliament (LAMP Fellow) in India. Ritanshu is an Erasmus Mundus Scholar (2022-2024) in the International Law of Global Security, Peace and Development Programme. As part of this programme, she holds a Joint LL.M. from the University of Glasgow (Scotland) and Leuphana University (Germany), as well as an M.A. in International Security Studies from Institut Barcelona d'Estudis Internacionals (IBEI), Spain. She completed her B.A.LL.B. at Lloyd Law College in India.

Shang-De Jiang is a deputy director of the research team of CyCraft. Currently, he focuses on research on Incident Response and Endpoint Security and Microsoft Security. He has presented technical presentations in non-academic technical conferences, such as TROOPERS, HITB, HITCON, CodeBlue, Blue Team Summit and BlackHat USA. He is the co-founder of UCCU Hacker the private hacker group in Taiwan.

Graduated University of Oxford in Physics
Worked 10+ years in big data environment
Worked as Lead Data Scientist in Healthcare, bringing various ML projects into production
Now working as resident graph nerd in security research team

Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team. An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response. Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.

Sven Nobis works as a Senior Security Analyst at ERNW, performing application and infrastructure assessments. He is mainly focusing on cloud infrastructure and web application security. Besides IT security, he is a passionate developer and trying to link his experiences to the everyday work.

Swantje is a PhD student researching the security of cellular networks in Jiska Classen's research group Cybersecurity - Mobile & Wireless at Hasso Plattner Institute. Her work spans from analyzing network specifications to reverse engineering the implementation of recent smartphones. Her research aims to reveal and disclose privacy and security issues to improve our communication infrastructure.

Tillmann Oßwald is a security researcher and Windows System Analyst at ERNW GmbH since 2015. He holds a master’s degree in informatics with a specialization in security from the University of Applied Sciences Darmstadt. Tillmann has worked on numerous penetration testing and security assessment projects, from large Cloud Infrastructure to tiny IoT devices. Lately, his focus has shifted to reverse engineering different Windows components. He enjoys discussing Windows internals, tracing approaches and security, and sharing his knowledge. Currently, he is focusing on analyzing components of the Windows operating system.

Vic is an independent researcher and security engineer in cybersecurity with over 8 years of experience in the field. He is interested in web, mobile and privacy domains.Vic has delivered presentations and workshops at numerous cybersecurity conference , such as BlackHat MEA , Hack.lu, HITB, CODE BLUE, Ekoparty, ROOTCON, REDxBLUE pill, HITCON, CYBERSEC, DEFCON, GCC.

Yaniv Nizry (@YNizry) is a Vulnerability Researcher at Sonar where he leverages his expertise to identify and mitigate vulnerabilities in complex systems. Starting his way as a software engineer, he shifted his focus while serving in the IDF's 8200 unit, where he gained experience in both offensive and defensive cybersecurity tactics.

Yuya Chudo is a red team technical lead at Secureworks Japan K.K. He specializes in red team testing and vulnerability assessment, and has been working in the field of cyber security for around 7 years. He has found multiple zero-day vulnerabilities in famous network products and and he has presented his research at Black Hat Asia 2024 Briefings and Black Hat Europe 2024 Briefings. You can find him on X (formerly known as Twitter) @TEMP43487580

Yvan Genuer is a Sr. Security Researcher at Onapsis. He has over 20 years of SAP experience. He has been delivering consultancy services around SAP Security as well as researching for vulnerabilities in SAP products, resulting in SAP AG official acknowledgments for 100+ vulnerabilities he originally reported. Furthermore, he has also conducted both trainings and talks about this topic in conferences.

Yves has studied Computer Science at the ETH Zurich and holds a Master in Information Security. He has been working as an IT Security Analyst at Compass Security since 2019. In his job, he performs security analysis of web applications, external networks, cloud infrastructures, as well as iOS applications. Additionally, he is a teacher for web application and Active Directory security trainings and has frequently been presenting talks at security conferences. In his spare time, Yves plays CTFs focusing on binary exploitation. He has won the Defcon CTF as part of team MMM multiple times and is a Defcon black badge holder.