TROOPERS26 Call for Paper

Alex is a Security Consultant at DigiTrace GmbH.
Since 2022 he regularly conducts penetration tests with a focus on internal infrastructure and Active Directory, while finishing his studies in the IT Security field.
With a passion for open source he maintains several open source projects, including NetExec, wsuks and EVENmonitor.

Alon Friedman is a Principal Security Architect at Microsoft and independent researcher specializing in application security standards and threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension. He is a frequent speaker at international conferences, including Ekoparty, DeepSec, and BSides.

Alon (@alon_leviev) is a self-taught security researcher working with the Microsoft Specialized Clouds organization as part of the Security Testing & Offensive Research team at Microsoft (MSC STORM). Alon specializes in low-level vulnerability research targeting hardware, firmware, and Windows boot components. He has presented his findings at internationally recognized security conferences such as DEF CON 33 (2025), DEF CON 32 (2024), Black Hat USA 2025, Black Hat USA 2024, Black Hat EU 2023, CCC 2025, CanSecWest 2024, and more. Prior to his career in cybersecurity, Alon was a professional Brazilian jiu-jitsu athlete, winning several world and European titles.

Andrew Schwartz is a Principal Detection Engineer at Huntress. Energetic and driven, Andrew brings strong technical knowledge and experience in defensive and offensive security, vulnerability management, and the development of transformational strategies that help organizations enhance their security postures to detect and stop adversaries before they succeed.
Andrew has published extensively on Active Directory security, with a particular focus on Kerberos and DACL based attack detection. He is the co-author of the Kerberos Diamond Ticket attack.

When Andrew's not building detections or researching new attack techniques, Andrew enjoys chess, cheering on Tottenham Hotspur, and crafting the perfect old fashioned or boulevardier.

Ann-Marie Belz holds a Bachelor's and Master's degree in Medical Informatics, where she developed a interdisciplinary perspective combining IT, medicine, and security technologies. During her studies, she began working in IT security and has been an IT security consultant at ERNW Research GmbH since 2025. Her work primarily focuses on penetration testing, including the security assessment of medical devices. In addition, she is involved in incident analysis and digital forensics, where she helps investigate computer security incidents.

Christian Schneider is a security architect, pentester, and trainer helping development teams integrate threat modeling into engineering workflows. He advises organizations adopting agentic AI and builds threat models that reveal cross-boundary attack paths. His work bridges offensive security and architecture: finding systemic gaps and helping teams close them.

Dieter has worked for over 15 years in embedded security at Fraunhofer AISEC. Over the last decade he’s specialised in automotive security and vehicle penetration testing.

Dirk-jan Mollema is a security researcher focusing on Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at DEF CON, Black Hat, TROOPERS, BlueHat and many other conferences, is a current Microsoft MVP and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.

Dr Nestori Syynimaa is a Principal Identity Security Researcher at Microsoft Threat Intelligence Center He has over a decade of experience with the security of Microsoft cloud services and is known as the creator of the AADInternals toolkit. Before joining Microsoft in early 2024, Dr Syynimaa worked as a researcher, CIO, consultant, trainer, and university lecturer for over 20 years.

Dr Syynimaa has spoken in many international scientific and professional conferences, including IEEE TrustCom, TROOPERS, BSides, Black Hat USA, Europe, and Asia, Def Con, and RSA Conference.

François Proulx is the VP of Security Research at BoostSecurity.io and the co-creator of the poutine Open Source CI/CD scanner. He co-founded the "Living Off The Pipeline" (LOTP) project to describe the abuse of build tools for lateral movement. After spending years teaching defenders how to secure their workflows, he is now demonstrating how attackers are dismantling them.

I am an engineer in computer science and cybersecurity with a generalist background. Initially a systems and network administrator, I am currently working as a pentester at Orange Cyberdefense, specializing in offensive security. I also teach as a lecturer at CPE Lyon and occasionally share technical content through my blog “Le Guide du SecOps”.

I work as a reporter covering cybersecurity for Paper Trail Media. My main focus is with attribution, so finding out who the hackers are.

Henri is working as a Research Assistant at Hasso Plattner Institute at the Mobile and Wireless Security chair of Jiska Classen. His research focuses on wireless technologies in Apple’s walled garden.

Jan Schaumann is an accidental information security professional, currently working as Chief Information Security Architect at Akamai, an Adjunct Professor of Computer Science at Stevens Institute of Technology, and Actual Human on the Internet with more than 25 years of experience ignoring all previous instructions and building and securing high-availability services at internet scale. His broad interests include all areas of information security and the overall health of the internet, as well as the safety and privacy of its users.

Chances are you've interacted directly or indirectly with code, sites, and systems on the internet that he has touched. (He'd like to apologize for any inconveniences this may have caused.)

You can follow Jan on Mastodon and catch some of his articles from his blog.

Jun Sheng Shi is a security researcher at CyCraft Technology, focusing on cloud identity security and authentication protocols. His research focuses on Microsoft Entra ID token exchange mechanisms, including FOCI and Nested Application Authentication (NAA). He specializes in discovering authentication bypass techniques and analyzing complex access control behaviors in modern cloud environments.

As a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI's Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for over 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book "Penetration Testing Azure for Ethical Hackers" with David Okeyode.

Kazuya Nomura is a security analyst at NTT Security (Japan) KK. Currently, his main duty is responding to IDS/IPS/EDR log detection and threat research. He also interested in malware analysis and data visualization. He posted articles about both in NTT Security. He has spoken at CODE BLUE, JSAC, HITCON and AVAR in the past.

Klaus is a Microsoft Security MVP and works as a Technology Consultant at CGI Germany. He focuses on hybrid Microsoft technologies, with a particular emphasis on Microsoft Active Directory and Microsoft Entra ID. Driven by a strong passion for Microsoft solutions, he supports IT operators in tackling complex challenges related to modern infrastructure and identity scenarios. Klaus is a speaker at international conferences and actively contributes to the Microsoft Identity community. He also shares his knowledge through his technical blog https://nothingbutcloud.net and various professional publications.

Maël is a security engineer, currently serving as Principal Incident Responder at CERT-EU. He has solid experience in responding to high-profile incidents involving Advanced Persistent Threats (APTs) and cyber espionage. In addition to his incident response duties, he leads the threat hunting effort, leveraging his technical expertise to identify and mitigate previously uncovered threats. Mael is also a key contributor to the detection engineering team, driving the development of innovative solutions to enhance threat detection capabilities. Mael was a speaker at the Underground Economy Conference 2025 in Strasbourg, France and at the State of Statecraft 2025 Conference in Brussels, Belgium.

Mahtab Divsalar is a Senior Investigative Journalist and OSINT Researcher specializing in the intersection of state-sponsored illicit finance, sanctions evasion, and adversarial corporate infrastructure. With over two decades of experience analyzing Iranian geopolitics and closed-regime dynamics, she bridges the gap between high-stakes investigative reporting and technical threat research.

Her recent high-impact collaborative investigations, including Dubai Unlocked and Dominica: Passports of the Caribbean, exposed how sanctioned threat actors weaponize global real estate, offshore registries, and "Golden Passports" to successfully bypass Western compliance.

Beginning her career in Tehran in the 1990s, Mahtab relocated to the U.S. in 2003 to operate free from state surveillance and political constraints. Over the course of her career, she has driven complex investigations and held senior editorial roles across major international platforms, including OCCRP, Voice of America, and Radio Free Europe/Radio Liberty.

Marius (he/him) is a security researcher from Germany, focusing mostly on reverse engineering of IoT devices. He is currently pursuing a Master’s degree in IT Security at the TU Darmstadt.

Dr.Marius Muench is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands.

Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, DEFCON, Reverse.io, REcon, and Hardwear.io.

Markus Vervier is CEO of Persistent Security and Director at X41 D-Sec GmbH, a specialized application security, penetration testing, and red/purple-teaming provider. Over the past 18 years he has worked as a security researcher, code auditor, and penetration tester. His work includes security analysis and reverse engineering of embedded firmware for mobile devices, discovering vulnerabilities in Signal Private Messenger (with JP Aumasson), and finding a remote vulnerability in libOTR. He is currently
active in the development of offensive security tooling and platforms that break AI security defenses.

Automotive security by day, online privacy by night. Digital forensics & teaching it in between. Too many projects for too little time …

I am a Security Researcher at SpecterOps, specializing in Microsoft technologies with expertise in Active Directory, identity attack paths, and secure system configuration. I bring a well-rounded perspective on security risks and challenges stemming from a background in system administration, an information security degree, and information security consultancy experience. I am passionate about learning and contributing to the information security community, sharing content through online engagement and talks.

Mathieu is a Principal Incident Responder at CERT-EU. He has solid experience in responding to high-profile incidents involving Advanced Persistent Threats (APTs) and cyber espionage. In addition to his incident response duties, he leads the detection engineering effort, leveraging his technical expertise to identify and mitigate previously uncovered threats. Mathieu was a speaker at the 36th Annual FIRST Conference in Fukuoka, Japan and at the Hack.lu 2024.

Maya Parizer is a Security Researcher at Varonis with a passion for cloud security, identity, and data protection, specializing in IaaS and AI. Maya dives deep into every project, thoroughly investigating cloud environments to uncover potential vulnerabilities and stealthy attack techniques. Her experience spans both offensive and defensive disciplines - including CSPM, DSPM, vulnerability research, detection engineering, and product security research in cloud environments.

Michael is a Microsoft MVP and expert on Windows security and PowerShell. He is best known for inventing the Shadow Credentials attack primitive and creating the Directory Services Internals (DSInternals) PowerShell module.
Michael enjoys sharing his knowledge during Active Directory security assessments, workshops, and tech talks. He presented his security research at many international conferences, including Black Hat, BSides, HipConf, or SecTor, and TROOPERS.

Nikolai Puch is a research associate and penetration tester at Fraunhofer AISEC, as well as a PhD candidate at the Technical University of Munich, focusing on secure and usable solutions for tooling machines. As a penetration tester, he specializes in the various wireless interfaces of vehicles.

Somehow — and without ever having owned more than an iPod — Nils fell down the Apple rabbit hole and now spends their days reverse-engineering Apple's devices and uncovering the bits of magic hiding inside the machines that surround us every day. They are interested in all things privacy & security and like to build new things every now and then, instead of only breaking what's already there. Currently, they are pursuing a PhD in computer science at the Secure Mobile Networking Lab (SEEMOO) of TU Darmstadt.

Phil is a Senior Security Consultant and head of the IT Security team at DigiTrace GmbH. He started his IT security studies in 2010 at Ruhr University Bochum and has been working full-time in this field since 2016.
His focus is on internal infrastructure penetration tests and security consulting, with the occasional IT forensics project in between.
While Phil is an avid user of open source technology, he soon realized that most company networks are built around Active Directory, making him realize that even a basement child cannot live without Windows.

Seasoned network engineer, Pierre has been working at securing wan IP networks, from small CPE routers to carrier-grade behemoths at Orange for almost 20 years.

With a purple teamer approach he's always trying to find new ways to break into his networks, then fixing the issues while improving detection.

Raz is a technological leader specializing in research and development of production grade solutions at the intersection of AI and cybersecurity. He has developed innovative solutions for addressing advanced security challenges and leveraging AI to detect and mitigate sophisticated threats.
Raz currently works at Zenity, where he focuses on defining and advancing the field of AI Agents security. With extensive hands on experience in data, AI, modern cybersecurity techniques and real world threat detection, he brings a unique blend of technical depth, innovation, and practical impact to securing AI driven environments.

Rintaro Koike is a security researcher at NTT Security (Japan) KK. He is engaged in threat research and malware analysis. In addition, he is the founder of "nao_sec" and is in charge of threat research. He focuses on APT attacks targeting East Asia and web-based attacks. He has given over 30 presentations at over 10 international conferences, such as VB, Botconf, FIRST, AVAR and others.

Sapir is a security researcher specializing in identity security. Passionate about understanding how identity works, she spends her time exploring the depths of Active Directory and Entra, uncovering security risks, attack techniques, and ways to defend against them.

Shahar is a threat intelligence researcher at Wiz, where she focuses on identifying and analyzing emerging cyber threats to enhance security defenses.

Shang-De Jiang, also known as HackerPeanutJohn, is a deputy director of the research team of CyCraft. Currently, he focuses on research on Identity Security and Microsoft Security. He has presented technical presentations in non-academic technical conferences, such as DEFCON, TROOPERS, HITB, HITCON, CodeBlue, Blue Team Summit and BlackHat USA. He is the co-founder of UCCU Hacker the private hacker group in Taiwan.

Simon is a Staff Security Researcher at BeyondTrust's Phantom Labs. Before getting into security he spent over a decade doing data science and machine learning, with a physics degree from Oxford and production ML work in healthcare. These days he's the resident graph nerd on the Phantom Labs team, applying graph analysis to identity security problems in Microsoft cloud environments. His recent research focuses on Entra ID attack paths and Azure infrastructure security.

Stav Setty is a Principal Security Researcher on the ITDR team at Palo Alto Networks. Her work focuses on identity-centric intrusion analysis across cloud and enterprise environments and translating real-world tradecraft into actionable detection guidance

Tal Be'ery is the Co-Founder and CTO of ZenGo, securing crypto assets with the ZenGo Wallet mobile app. Tal is a cyber-security researcher, returning speaker in the industry's most prestigious events, including Black Hat and RSAC and a member of Facebook's exclusive WhiteHat list. For the last two decades, Tal had built and led a few Cyber-Security R&D teams, mostly in the field of network monitoring solving various security problems. Previously, Tal has led research for Aorato (acquired by Microsoft) as VP for Research. Tal holds M.Sc. and B.Sc degrees in CSEE from TAU and a CISSP certification

Thomas Elling is the Director of Azure/Entra ID Cloud Pentesting and a security researcher at NetSPI. He specializes in web application and cloud security testing. He has advised multiple Fortune 500 companies in the technology sector. In his spare time, Thomas enjoys improving his coding skills, watching bad action movies, and hanging out with his dog, Chunks.

Thomas Naunheim is a Cyber Security Architect at glueckkanja AG and a Microsoft MVP from Koblenz, Germany, specializing in cloud-native identity and security solutions in Microsoft Azure and Microsoft Entra. With a deep focus on privileged identity management, identity security, and Zero Trust architecture, he designs and implements security solutions for real-world enterprise environments.

Thomas actively gives back to the community as a blogger at cloud-architekt.net, where he publishes in-depth research and practical insights on Microsoft Security. He is a speaker at international conferences and meetups, co-author of the open-source Entra ID Attack & Defense Playbook, and the creator of EntraOps - a community tool for privilege classification based on the Enterprise Access Model.

Beyond content creation, Thomas co-hosts the podcast Cloud Inspires and is actively involved in community organization as a member of the Azure Meetup Bonn and Cloud Identity Summit organizing teams. His long-standing contributions across blogging, speaking, and open-source development earned him the Microsoft MVP award in the Identity & Access and Cloud Security category.

Tomasz Lisowski is a PhD student at the University of Birmingham who is actively exploring the security of cellular technologies, in particular, SIM cards. This resulted in an ever-growing range of open-source tools, demos, and experiments involving SIM cards and the cellular devices they are connected to.

Yotam Perkal leads security research at Pluto Security, a next-generation AI security and governance platform designed to protect the rapidly emerging ecosystem of AI builders, low-code/no-code tools, and agentic applications. His work focuses on securing AI-native development environments and building scalable methods for detecting, validating, and mitigating risks in AI-driven software workflows.

Previously, Yotam led the Threat Research team at Zscaler, headed the Vulnerability Research team at Rezilion, and held multiple roles within PayPal’s security organization across vulnerability management, threat intelligence, and insider threat.

Yotam is an active participant in several cross-industry working groups dealing with AI security, vulnerability management, and supply chain security.