Fyodor Yarochkin (Taiwan) Security analyst and software architect for Armorize Technologies Formely security analyst and co-founder of GuardInfo, a Taiwan based security consulting company. He is a frequent speaker at international security conferences, including BlackHat HK/Singapore, Hack in the Box, DeepSec and primarily specializes on network security incidents analysis, forensics and vulnerability research. Fyodor has a MS degree in computer science from Kyrgyz Russian Slavic University and currently PhD Candidate at National Taiwan University. Dissecting unlawful Internet activities |
||
Alexey Lukatsky (Russia) Information security business – consultant of Cisco Company He is in a workgroup ARB/CB on the development of the 4th and 5th Russian Bank versions. He participates in the examination of legal acts, in the field of information security and personal data. As an independent expert he is a member of Consulting Center of ARB on the using of 152 federal law “About personal data”. He is a member of subcommittee #1 “Information Security in credit-financial sphere” of Technical Committee # 122 “Standardization of financial services” in technical management and metrology Federal Agency. He is a member of Subcommittee # 127 “Methods and Means of IT security” of Technical committee 22 “Information technologies” in technical management and metrology Federal Agency (performs ISO/IEC JTC 1/SC 27 functions in Russia). Also he is a member of “Public hearings on the harmonization of legislation concerning protecting subjects of personal data” Organizing Committee. He published more than 600 articles and 5 books on information security. He is the author of many courses on information security, including “ Measurement of IS efficiency”, “Threat modeling”, “Management of IS incidents”, “How to connect security and business” and others. Boston cybercrime Matrix or what is the business model of the modern hacker? |
||
Alexander Polyakov (Russia) CTO at ERPScan, head of the research center DSecRG, PCI QSA and PA-QSA auditor Alexander Polyakov aka @sh2kerr, CTO at ERPSCAN, head of DSecRG and architect of ERPSCAN Security scanner for SAP. His expertise covers security of enterprise business-critical software like ERP, CRM, SRM, RDBMS, banking and processing software. He is the manager of OWASP-EAS ( OWASP subproject), a well-known security expert of the enterprise applications of such vendors as SAP and Oracle, who published a significant number of the vulnerabilities found in the applications of these vendors. He is the writer of multiple whitepapers devoted to information security research, and the author of the book "Oracle Security from the Eye of the Auditor: Attack and Defense" (in Russian). He is also one of the contributors to Oracle with Metasploit project. Alexander spoke at the international conferences like BlackHat, HITB (EU/ASIA), Source, DeepSec, CONFidence, Troopers. Don’t touch it, unless it falls in pieces: business applications hack in extreme conditions |
||
Alexey Sintsov (Russia) Director of IS audit department for Digital Security Graduated from Saint-Petersburg State Politechnic University, Information Security of Computer Systems department. Since 2001 has been working on practical questions in the field of security analysis, searching for vulnerabilities and exploits’ developing. Has an experience in participating in such western and national security conferences as CONFidence, Hack In the Box, Ñhaos Constructions and others. Where do the money lie? |
||
Dmitry Chastuhin (Russia) The student of St. Petersburg State Polytechnic University, computer science department, he works upon SAP security, particularly upon Web applications and JAVA systems. He has official acknowledgements from SAP for the vulnerabilities found. Dmitriy is also a WEB 2.0 and social network security geek who found several critical bugs in Yandex services (Russian largest search engine), Google, Vkontakte (vk.com), the Russian largest social network. He is a contributor to the OWASP-EAS project. He spoke at the following conferences: Hack in the Box and BruCON. Actively participates in the life of the Russian Defcon Group Practical attacks on Internet kiosks and payment terminals |
||
Aleksandr Matrosov (Russia) Senior Malware Researcher for ESET Aleksandr Matrosov is currently working at ESET as Senior Malware Researcher since joining the company in October 2009 as a virus researcher, and working remotely from Russia. He has worked as a security researcher since 2003 for major Russian companies. He is also a Lecturer at Cryptology and Discrete Mathematics department of National Research Nuclear University in Moscow, and co-author of the research papers "Stuxnet Under the Microscope" and "The Evolution of TDL: Conquering x64" and is frequently invited to speak at European and Russian security conferences. Nowadays he specializes in the complete analysis of difficult malicious threats and research into cybercrime activity. Modern technologies in malware programs’ developing for RBS systems Win32/Duqu: involution of Stuxnet |
||
Alexey Krasnov (Russia) Graduated from Military Space Academy of A.F. Mozhaysky, specialty – “Computer security”. Served in Transbaikalia. After leaving the forces he returned to Saint-Petersburg. Worked in Saint-Petersburg Regional Center of Information Security (Saint-Petersburg RCIS). At present he works in “Gazpromservice” and teaches at Saint-Petersburg State University of information technologies, mechanics and optics (ITMO). We all meandered through our schooling haphazardly |
||
Eugene Rodionov (Russia) Eugene Rodionov graduated with honors from the Information Security faculty of the Moscow Engineer-Physics Institute (State University) in 2009. He has been working in the past five years for several companies, performing software development, IT security audit and malware analysis. He currently works at ESET, one of the leading companies in antimalware industry, where he performs analysis of complex threats. His interests include kernel-mode programming, anti-rootkit technologies, reverse engineering and cryptology. He is co-author of the research papers “Stuxnet Under the Microscope” and “The Evolution of TDL: Conquering x64?”. Eugene Rodionov also holds the position of Lecturer at the National Nuclear Research University MEPhI in Russia. Modern technologies in malware programs’ developing for RBS systems Win32/Duqu: involution of Stuxnet |
||
Vladimir Vorontsov (Russia) Founder and head security expert, ONsec company. Investigates the security of web applications since 2004. Director and a leading expert on security to the company ONsec. Author of numerous researches in the field of web applications and web browsers. Awarded for the Google Chrome browser vulnerabilities, modsecurity SQLi challenge, 1C-Bitrix WAF realtime bypass. He is currently actively engaged in the development of self-learning systems for the detection of attacks on web applications and heuristic analysis. Splitting, smuggling and cache poisoning: come back! |
||
Nikita Abdullin (Russia) Nikita is an undergraduate student of the Department of Information Security, Faculty of Engineering Cybernetics, Saint-Petersburg State Technical University. He has research experience in virtualization security, network technologies and reverse engineering of mobile and embedded platforms. He is currently preparing his thesis on automated masquerade detection for mission-critical enterprise applications. Nikita is also an active participant of Russian DefCON Group. Reverse-engineering of embedded MIPS devices. Case Study: DrayTek SOHO-class routers |
||
Dmitry Schelkunov (Russia) Graduated from Kaluga Branch of Moscow State Technical University named after N.E. Bauman in 2003. Later was engaged in research and creation of program protections. In 2009 defended his Ph. D. thesis on obfuscation. At present continues to work in IS sphere, deals with automation of machine code analysis and transformation processes. He is fond of cryptography and is the author of LRC method, which can be used in asymmetric cryptography. As a hobby, he teaches in Kaluga Branch of Moscow State Technical University named after N.E. Bauman at the “Information Security of Automated Systems” Department. About practical deobfuscation |
||
Vasily Bukasov (Russia) Graduated from national research nuclear university “MIFI” in 2009, specialty – “Complex supply of automated systems’ information security”. Works in the information security sphere, engaged in questions of executable code research, development of applications, which conduct the transformations over the code. About practical deobfuscation |
||
Nikita Tarakanov (Russia) One of the founders and technical director of CISS Research Team. As a security researcher has worked in Positive Technologies, Vupen Security in the past. Author of some materials about kernel vulnerabilities and explotation in kernel land. Currently do vulnerability research and solve problems of automatisation of vulnerability discovery. Kernel Pool Overflow: from Windowsd XP to Windows 8 |
||
Artyom Shishkin (Russia) Artyom is a developer of information monitoring systems within Windows NT operation systems family. He has been working on a corporate DLP solution, developing various types of monitoring systems at different API levels for the last 4 years. Has an experience in implementing keyloggers, printing monitors, sniffer filters, file system monitors, device lockers using both usermode and kernelmode code. MCTS: Windows Internals. Printing interception via modifying Windows GDI |
||
Andrey Labunets (Russia) Andrey Labunets is currently a student at the Tyumen State University, pursuing his degree in computer security. His research focuses on reverse engineering of programs and protocols with applications in detection of vulnerabilities and exploit development. With DSecRG Andrey was involved in vulnerability research of business applications and revealed several weaknesses and flaws in Oracle software. Now Andrey is working in the area of traffic analysis mechanisms and is responsible for development of the traffic inspection tool as a part of a corporate DLP solution. His experience and interests encompass a wide range of topics in information security and computer science including formal verification methods, operating systems internals, web applications security, he also enjoys playing around with debuggers and analyzing crash dumps. Methods of network traffic tracing for reverse engineering and vulnerability research |
||
Marcus Niemietz (Germany) Marcus Niemietz is studying IT-Security at the Ruhr-University Bochum and Computer Sciences at the distance teaching University in Hagen. He is the author of the book "Authentication Web Pages with Selenium" - currently he is writing another one about the fields of UI redressing. He worked for Pixelboxx and inter alia the OWASP Foundation. Currently he is active as a freelancer in the fields of WebAppSec (trainings and penetration tests). UI Redressing and Clickjacking: About click fraud and data theft |
||
Denis Baranov (Russia) Positive Technologies Company leading expert, specializing on web vulnerabilities' research. He is an author of modern ways of DNS-Rebinding vulnerability realization research. Root via XSS |
||
Andrey Beshkov (Russia) Director of Program Information Security, Microsoft Russia Has been working in IT sphere since middle 90s. Before coming to Microsoft was engaged in infrastructure, data center construction and OSS/BSS systems implementation in such largest Russian Companies as Megafon, Svyazinvest, Rosatom and Russian Post. Currently is responsible for information security program work in Microsoft Russia. Besides, consults and helps to implement security, virtualization systems, technologies of cloud computing in VimpelCom, Sberbank and in many other companies. Behind the Window Update Scenes. From vulnerability to patñh. |
||
Jonathon Brossard (Australia)
Jonathan is a security research engineer holding an Engineering degree and a Master in Computer Science. Born in France, he's been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs. He is well known in the industry for his disruptive research on preboot authentication (breaking all the top tier BIOS passwords, and full disk encryption software - including Truecrypt and Microsoft Bitlocker - with a single exploit in 2008 !) as well as Virtualization software. He is currently working as CEO and security consultant at the Toucan System security company. His clients count some of the biggest Defense and Financial Institutions worldwide. Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES2011) in France. Jonathan has been a speaker at a number of great intenational conferences including Defcon, HITB (Amsterdam & Kuala Lumpur), Ruxcon (Australia), Hackito Ergo Sum (France), H2HC (Brazil & Mexico) among others. Post Memory Corruption Memory Analysis. |
||
Dmitriy "D1g1" Evdokimov (Russia)
The student of St. Petersburg State Polytechnic University, computer science department, he focuses on SAP security, particularly on Kernel, BASIS and ABAP security. He has official acknowledgements from SAP and Oracle for the vulnerabilities found. His interests cover reverse engineering, software verification/program analysis (SMT, DBI, IR), vulnerability research and development of exploits, software for static and dynamic code analysis written in Python. Also he is a redactor of "Security Soft" rubric in Russian hacker journal “Xakep”. DBI:Intro |
||
Sergey Gordeychik (Russia)
CTO, Positive Technologies
Sergey is responsible for R&D in Compliance Management and IT-GRC field. He has over 15 years of experience in software development, security management, penetration testing, application security and compliance management. Sergey Gordeychik is an author of a book titled Wireless Networks Security and a number of training courses, including Wireless Networks Security and Analysis and Security Assessment of Web Applications. He writes articles for various professional media. Besides, he is the science editor and an author of the SecurityLab.ru project and a frequent speaker at industry events including Infosecurity Russia, RusCrypto, Positive Hack Days, and others. Sergey is also a member of the board of directors of the Web Application Security Consortium (WASC), an expert of RISSPA and a moderator of the Positive Hack Days forum. MCSE since NT 4.0, MVP in Enterprise Security: R&D, CISSP. How to hack a telecom and stay alive |
||
Ivan Medvedev (USA)
Ivan Medvedev deals with computer security during his career. After graduating from Moscow State University he dealt with development of cryptographic information security means in http://security.ru, and then went to work at the corporate office of Microsoft Company at Redmond, where he still works. Several years Ivan worked in the Common Language Runtime group, where he dealt with security of .NET platform, and after it moved to TWC (Trustworthy Computing) Security group, where he directs the group on creation of instrumental means for security, primarily inner ones, including fuzzing, automated code analysis, analysis of attack surface, thread modeling, execution time analysis and others. Security Development Lifecycle Tools |
||
Vladimir Kropotov (Russia)
In 2003 graduated from Ryazan State Radio engineering Academy with honors, faculty “Information security organization and technology”. From 2004 to 2008 – postgraduate study in MSTU of N.E. Bauman, where he was engaged in research work in the field of information security. At present is an employee of information security department in “TBinform”. Drive-By-Download attack evolution before and after vulnerabilities’ publication by the information security analyst eyes. |
||
Maxim Suhanov (Russia)
Computer forensics specialist, Group-IB Maxim works in Group-IB and specializes in incident response and computer forensics. His interests include development of techniques of investigating computer crimes, connected with methods of cryptographic information protection (VPN services, disk encryption), researching of weaknesses in forensic software, development of free (as in freedom) forensic programs. Maxim is a member of several Russian and international computer forensics projects. Fraud in remote banking systems: problems in computer forensic investigations. |
||
Anton Bolshakov (Singapore)
Security Consultant at Security-Assessment.com He has been in the Information Security arena for the last 12 years, working for various security consultancy firms in AsiaPac region. He specialises application penetration testing, source code review and computer forensic analysis.He was also involved in research and development of security technologies, and discovery of vulnerabilities in various software products and operating systems. He is an active developer of Pentoo Linux, and a contributor in other opensource projects. Joint anti-crime. Open source security. |
||
Philippe Langlois (France)
Philippe Langlois, Founder of P1 Security inc. (Priority 1 Security) Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Hack.lu). Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner & auditor which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his company's website at: http://www.p1security.com 3G and LTE insecurity: from the radio to the core network and protocols. |
||
Anton “Toha” Karpov | ||
Nikita Kislitsin (Russia) Chief editor of “Xakep” magazine |
||
Arkanoid | ||