Haxpo Track

May 9th & 10th

The Haxpo track is a series of fast paced, 30-min lightning talks on technology, security, and emerging innovations. Over the years, the Haxpo track has hosted numerous ground breaking talks, including by Facebook’s Director of Security Operations and Philip Zimmermann, the creator of PGP.


Access to the Haxpo Track is FREE for ALL attendees!

Haxpo Track Live Stream





Haxpo Track Sponsor

Agenda - May 9th

  • 09:00 - 10:15 MORNING COFFEE
  • 10:15 - 10:30 Welcome Comments by Crowdfense
  • 10:30 - 11:00 Hacking the 0day Market

    Andrea Zapparoli Manzoni – Director, Crowdfense

    The 0day vulnerability market developed in a way that is unsafe, chaotic and rather inefficient (business-wise). This inefficiency hampers the ability of law enforcement and intelligence to fight organized crime, terrorism and hostile geopolitical actors. Yet, engagement in the 0day vulnerability market is critical for information gathering and investigative activities.

    Crowdfense is “hacking the 0day market” in order to improve it for all involved (customers, integrators, brokers and researchers), by introducing new quality standards related both to products and services and to the underlying business processes. This session will share how Crowdfense is doing this and what innovation in the 0day market could look like.

  • 11:00 - 11:30 WiCy: Monitoring 802.11AC Networks at Scale

    Vivek Ramachandran – Founder/CEO, Pentester Academy

    802.11ac networks bring in significant monitoring complexities with features such as multi-user MIMO, advanced beamforming, up to 8 spatial streams, extremely high speeds (Gbps) and wide channel bandwidths 80-160. Unfortunately, most Wi-Fi researchers and pentesters still use USB cards which will in most cases not be able to pick up the high speed data traffic sent over these networks. The only scalable solution is to repurpose access point platforms and create dedicated monitoring systems.

    In this talk, we will explore the challenges in 802.11ac monitoring, why USB based solutions fail and how we can create our custom 802.11ac monitoring platform by repurposing access point hardware.

    The audience will walk out with all the knowledge, code and scripts required to create their own 802.11ac monitoring platform.

  • 11:30 - 12:00 This is a Public Service Announcement: Hacking LTE Public Warning Systems

    Weiguang Li – Security Researcher, Qihoo 360

    Public warning system (PWS) based on mobile communication system is used to alert the public to emergency events such as earthquakes, tsunamis, hurricanes, etc.

    We studied the PWS in LTE network and uncovered vulnerabilities of PWS in LTE air interfaces, i.e., the warning messages of the PWS are not encrypted or signed when they are transmitted over the air. Thus, it is possible that a malicious PWS warning messages can be transmitted. We simply use a low cost soft define radio (SDR) device and modify code of the LTE open source project srsLTE in order to forge the warning messages.

    Both Apple and Android test mobile phones are affected by our forged warning messages. Fake PWS warning messages can cause serious panics among the population, they also could be used to send advertising or spam messages. The public warning system may become paralyzed and useless under the threat of the abuse of fake warning messages.

  • 12:00 - 12:30 V1 Bounty: Building an International Coordinated Bug Disclosure Bridge for the European Union

    Benjamin Kunz – Founder, Vulnerability Labs

    The lecture deals with the networking and general structure of a newly formed international bug bounty & responsible disclosure community. The presentation will cover improvements that can be made while adhering to standards (GDPR|DSGV|DS).

    Security researcher “Benjamin Kunz Mejri” will also announce a European-Asian partnership between several networks. The aim of this new bug bounty platform is to form an exchange of technology and knowledge in Europe and the rest of the world. Benjamin will cover issues relating to the security of the platform, core functionalities and concepts used when building the system. Whether you’re a bounty hunter or a company looking to start offering your own bounty program, this new EU endorsed platform has something for you.

  • 12:00 - 14:00 LUNCH BREAK
  • 14:00 - 14:30 Social Networks: Can We Fix Them?

    Joel Hernandez – Lead Engineer, Openbook

    Online mass mobbing, fake news, depression, anxiety… How did social networks get there? A quick recap of social networks evolution, how seemingly innocent features resulted in the disruption of our society and why and how are taking a step back and rethinking social networks before it’s too late.

  • 14:30 - 15:00 Ghost Tunnel 2.0: Blue Ghost

    Yongtao Wang – Senior Security researcher, Pegasus Team, Qihoo 360

    GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It communicates by embedding data in beacon and probe requests. A few months ago, we published the GhostTunnel server and windows agent implemented in C/C++, and now we are going to update it.

    In this talk, we will introduce the “Ghost Tunnel 2.0” which uses Bluetooth to communicate. With the function and security of Bluetooth, we can establish multiple tunnels between the client and server at the same time. That means we can create a separate tunnel to send files or executive commands, and the entire communications link cannot be tracked and sniffed. In addition, Bluetooth traffic will not be inspected by most types of protection. We can also achieve duplex communication with BLE advertising packets only for specific OSes. Scaning and connecting operations are not employed in the communication process and would lead to an even more convert method of connection.

  • 15:00 - 15:30 Hiding a Secret Distributed Chat System Inside 802.11 Management Frames

    Yago Hansen – CEO, Wifense

    The talk demonstrates how to deliver a distributed chat system that creates a way for communicating peers by using a covert channel hiding its network traffic in 802.11 management frames ciphered through AES encryption.

    To achieve greater network coverage, each of the nodes participating in the chat acts also as a repeater of the received messages, thus extending the range of operation. The chat also allows sending data files in order to exfiltrate information from high security locations. Thanks to the type of covert communications used, it is very difficult to detect and fight.

  • 15:30 - 16:00 VoLTE Phreaking

    Ralph Moonen – Technical Director, Secura

    Voice over 4G, or VoLTE, brings back the phreaking 80’s. Once again, after 3 decades, the signaling path of telephony is accessible to end users. No more R1, R2, C4 or C5 however: we now have SIP. As it turns out, the implementations of SIP and VoLTE in various European providers’ 4G infrastructures, open up a host of possibilities. During our research over the past few years we have identified vulnerabilities in implementations such as text message spoofing, subscriber enumeration, location determination (leakage of cell-ID and LAC), IMEI leakage and a potential SIM-card sharing attack.

    During this talk we will begin with a little historic stroll of phone phreaking through notable events and discoveries over the years. Bridging the narrative over the last few decades, new technologies such as VoIP, Volte, and VoWiFi are introduced, explaining the 4G and VoLTE infrastructure components and protocols. Next, on a rooted Android phone, we will show what control the user has over the VoLTE stack using some standard tools and the IPv6 stack. This includes hidden activities in Android and extraction of IPsec keys from the VoLTE stack. We will show that it is possible to import keys to Wireshark and monitor the IPv6 SIP traffic and components. Finally, we will release a tool for Android so that you can monitor VoLTE traffic yourself on your rooted Android phone. Observe headers and information leaks in real-time when making phone calls.

  • 16:00 - 16:30 AFTERNOON BREAK
  • 16:30 - 17:30 Infrared: Old Threat Meets New Devices

    Wang Kang Security Expert, Alibaba Group

    The infrared remote control had been once widely used before Bluetooth kicks in. There are many systems that still use infrared as their control interface. With the popularity of smart devices with IR related components, this ancient technology may bring some new attack surfaces back.

    As an essential technical background, we reviewed the list of devices still using IR in the smart home today, analyzed their hardware designs and instructions. After that, we traversed new devices with components that could interact with infrared signals, such as face recognition systems, night vision infrared cameras, slow-motion cameras, etc. These components are not designed for control purpose, but they could be exploited.

    On the TX side, the infrared fill lights of the internet-connected night vision surveillance camera could be used by invaders, to control the home devices illegally. We will make a demonstration lively. This kind of IR transmitters exists in many other devices, such as the structured light sensor in mobile phones, clock-in machines, face-recognition door locks. If an outdoor IR fill lights with much great TX power are used this way, devices in a quite larger area could be influenced.

    On the RX side, we have designed a gadget to capture, re-transmit and internet-relay the IR control signals. A live demonstration would be made also. Designs will be released in open source license after the talk. Actually, as the CMOS sensors are sensitive to infrared light, the cameras on cellphones are able to ‘see’ the IR signal. With the performance promotion of ‘slow motion videoing’ function in the smartphone and the application of algorithms, the IR control code could be recorded by smartphones in the near future. At last, a potential tracing technology for videoing which could cause privacy violation will be discussed.

  • 17:30 - 18:00 A Decade of Infosec Tools

    Thomas Debize – Information Security Enthusiast

    The information security domain, now infamously called cybersecurity, is constantly evolving and has quite changed in the last decade in order to provide more and more sophisticated, (bug-free) and complete tools. Their number and quality has both increased but as the security people are still not (great) developers, the same mistakes still live on especially regarding the ease of installation, maintenance, and last but not least the ability to scale.

    The main goal of this talk is to take a step back from this last decade of awesome tool tailoring, by presenting the results of a quantitative study on 2000+ of them, as well as giving key advice to make your tool great (again).

  • 18:30 - 20:30 HITB TCP/IP PARTY

    Sponsored by HITB

Agenda - May 10th

  • 10:00 - 10:30 MORNING COFFEE
  • 10:30 - 11:00 Hey Attacker! I Can See You!

    Ross Bevington Senior Security Software Engineer, Microsoft

    How do you cope when you’re being attacked thousands of times per second? How do you take this information and turn it into meaningful threat intelligence? How do you track attackers back to their home town? Who are they, what do they want and where are their profile pics?

    To answer our these questions and to better protect Azure it’s not enough to just set up a honeypot and watch the results roll in, we needed something different – something that would work at the cloud scale.

    In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. At Microsoft we’ve developed a new type of deception technology that allows us to use psychological and detailed technical approaches to control the behaviour of an attacker and to analyse their tools, techniques and malware at the cloud scale.

    In this presentation I’ll show we how we built our deception network, some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Crucially attackers have social networks and defenders can use this to!

    Using these techniques, we can better track the person or group behind the threat, build better protections and ultimately protect more Linux users – whether they are using Azure or not.

  • 11:00 - 11:30 Rise of the WarPi

    Kevin McPeake God of WarRoaming, Peak Security

    Kevin McPeake is an international champion among WarRoamers, currently ranking the second most successful Individual among 235,000+ registered members and contributors around the world to WiGLE.net, the Wireless Geographic Logging Engine, having discovered more than 4.5 million previously unknown WiFi Access Points. And Kevin recently surpassed the former #2 ranked individual, putting a gap of over 500,000 WiFi SSID’s between the two of them in just 19 days.

    By comparison, D4rkm4tter, the creator of the WiFi Cactus and the DEFCON presentation “Wigle like you mean it.” ranks at #460+ with just over 200,000 discovered WiFi Access Points over the entire last two years.

    In this Haxpo presentation Rise of the WarPi’s, Kevin will give a brief overview of his story, his inspiration, his technical challenges, his custom made WarRoaming gear, lessons learned in his journey with WarRoaming enabling him to quickly climb the Wigle.net ranks, how he is now set to challenge the top ranked individual (user: ccie4526), and the massive collective of anonymous users who upload to the Anonymous account.

  • 11:30 - 12:00 Attacking Encrypted VOIP Protocols

    Ivica Stipovic Security Consultant, Ward Solutions

    More and more of classic voice,video,messaging and phone communication is moving nowadays into the IP-based traffic,hence the acronym VOIP-Voice Over IP . To enable voice and video transmission over IP networks, one of the most prevalent VOIP protocols used is SIP – Session Initiation Protocol. SIP is a control protocol that facilitates the negotiation of various voice protocol transmission attributes, including the authentication of the calling parties. Interception of an unencrypted SIP protocol allows the attacker to brute force the passwords as the session dialog executes in a clear text. Metasploit framework comes with two tools, sipdump and sipcrack, which parse the pcap traffic of a captured SIP session and perform password recovery. Recently,however, this task has become more difficult as more and more providers deploy encrypted SIP communication, mostly by deploying some kind of SSL/TLS encrypted communication channel.

    This presentation will discuss two aspects of attacking the encrypted SIP transmission: interception and decryption of the SIP session, and streamlined password recovery via newly developed tool. The interception and decryption is done using the existing mitm_relay.py intercepting proxy chained with a BURP proxy. The password recovery is streamlined by a newly developed utility which parses the output of the mitm_relay.py and runs the brute force digest authentication against extracted SIP session attributes. This newly developed tool is required because the existing sipdump cannot parse the output from the mitm_relay.py , hence , sipcrack cannot crack the passwords. By combining these two aspects of interception and decryption on one side, and automated parsing of the output of decryption and password recovery on the other side, I provide a streamlined process of compromising the SIP session. It is worth noting that SIP digest authentication uses the same algorithm as HTTP digest algorithm, therefore, the same attacking model can be used in cracking both SIP and HTTP(s) sessions that use digest authentication. This presentation focuses on a SIP session analysis only.

  • 12:00 - 12:30 PatrOwl – The Red Flavour of SOC Automation and Orchestration

    Nicolas Mattiocco CEO, GreenLock Advisory

    A company, regardless of its size and market power, may go out of business or lose a lot of value because of a security incident on its information system.

    The number of vulnerabilities and the interest of cyber-attackers is only increasing. With the advent of the monetization of botnet cyber attacks or the installation of crypto-miners for example, the threats are going more varied and intensified, but less targeted. The vast majority of companies are digital and increasingly exposed on the Internet. The level of cyber exposure is also higher. The “Cyber” risk has become vital. Today, everything has changed and tomorrow everything will change even faster. Where manual analysis was sufficient, paradigms of risk assessment are moving towards more automation. But we need intelligent automation.

    The technological offer is not lacking, but after more than 10 years of experience, our observation is indisputable:

    1. The best tools are only satisfactory in part of their capacities
    2. It remains difficult to have a realistic and continuous visibility on the risks borne by the assets exposed by an organization.
    3. Business processes tend to adapt to the tool capabilities rather than using these tools to support their cyber surveillance strategy.

    This automation strategy also tends to address the drastic lack of competent cyber security resources and retention of talents. The automation of recurrent, time-consuming and low-value-added tasks will allow teams to focus on more complex and therefore more motivating topics. PatrOwl is a solution for automating calls to commercial or open source tools that perform checks. To date, around 40 tools or online services are supported. Beyond centralizing the results obtained, the PatrOwl analysis engine compares these results with its knowledge base and other third-party services to determine scenarios of attacks (predictive analysis) or to trigger actions.

  • 12:30 - 14:00 LUNCH BREAK
  • 14:00 - 14:30 Implementation and Evaluation of Secure and Scalable Anomaly-Based Network Intrusion Detection

    Philipp Mieden Researcher, LMU

    Corporate communication networks are frequently attacked with sophisticated and previously unseen malware or insider threats, which makes advanced defense mechanisms such as anomaly based intrusion detection systems necessary, to detect, alert and respond to security incidents. Both signature-based and anomaly detection strategies rely on features extracted from the network traffic, which requires secure and extensible collection strategies that make use of modern multi core architectures. Available solutions are written in low level system programming languages that require manual memory management, and suffer from frequent vulnerabilities that allow a remote attacker to disable or compromise the net- work monitor. Others have not been designed with the purpose of research in mind and lack in terms of flexibility and data availability.

    To tackle these problems and ease future experiments with anomaly based detection techniques, a research framework for collecting traffic features implemented in a memory-safe language will be presented. It provides access to network traffic as type-safe structured data, either for specific protocols or custom abstractions, by generating audit records in a platform neutral format. To reduce storage space, the output is compressed by default. The approach is entirely implemented in the Go programming language, has a concurrent design, is easily extensible and can be used for live capture from a network interface or with PCAP and PCAPNG dumpfiles.

    Furthermore the framework offers functionality for the creation of labeled datasets, targeting application in supervised machine learning. To demonstrate the developed tooling, a series of experiments is conducted, on classifying malicious behavior in the CIC-IDS-2017 dataset, using Tensorflow and a Deep Neural Network.

  • 14:30 - 15:00 RF Exploitation: Demystifying IoT/OT hacks with SDR

    Himanshu Mehta – Security Intelligence Team, Symantec & Harshit Agrawal – Security Enthusiast

    What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. The number of IoT devices is growing at an alarming rate. Many of these devices go unnoticed. The problem is that the software used by many of these devices lack basic security measures that we take for granted in regular computer software. Furthermore, security advisories are almost non-existent for IoT.

    Exploration and use of software-defined radio to exploit the world we live in, full of interconnected devices, which makes convenient to keep remote things at fingertips. During this talk I will set the stage for how IoT is dramatically increasing the attack surface available to threat actors, what different steps are involved in RF attacks, how IoT devices have already been utilized for attacks (such as the Mirai botnet), how difficult it can be to fix IoT security issues as well as illustrating some changes that need to happen in the industry to enable us to securely use IoT going forward by eliminating top Internet of Radio Vulnerabilities.

  • 15:00 - 15:30 Reverse Engineering Custom ASICs by Exploiting Potential Supply-Chain Leaks

    Thomas Weber Security Consultant, SEC Consult Group

    Many industry specific solutions in the field of SCADA consist of unknown custom chips without public documentation. These Application Specific Integrated Circuits (ASICs) are often simple System on Chip (SoC) solutions with standardized modules and few custom functionalities like additional CAN-Bus interfaces etc.

    During this talk we will present hardware reverse engineering of custom chips and how to find vulnerabilities by using the Siemens S7-1200 (v1 and v4) series as exemplary targets.

    After opening the PLC, it was clear that all parts, except the main SoC, were off-the-shelf components. This was the case for both versions of the Siemens PLCs. Leaked boards for both chips, MB87M2230 and SIEMENS-A5E30235063 were found and bought on a Chinese online shop.

    With these boards, more than 60 percent of the pins from both chips were reverse-engineered. With the help of an oscilloscope, the protocols and the different voltage levels were identified. Simple resistance measurements were also done to find all connections between the components and to determine the pin-resistance.

    Additionally, the interfaces for the flash memories, the RAM and the JTAG-ports were also identified on both chips.

    It was found that the SoC on the older S7-1200v1 series is a Fujitsu ARM-BE chip with the chip-ID 0x1406C009. After decapping the chip, a label became visible, setting the date when it was designed back to 2007.

    The SoC on the newer S7-1200v4 is a ARM-Cortex-R4 r1p3 in big endian mode. For the newer PLC series (S7-1200v4) a working debug setup with a JTAG-adapter was created. This enabled us to dump/write memory, set breakpoints, modify the program counter and use all other features to do live debugging on the Siemens PLC. Since all S7-1200 devices share the same SoC, it is possible to enable debugging on all PLCs of this series.

  • 15:30 - 16:00 I Own Your Building (Management System)

    Gjoko Krstic, Senior ICS Security Researcher (Applied Risk)

    Despite the rapidly growing deployment of IP-based technologies around us, the security of these deployments remains susceptible to basic cyber security attacks. What began as a small enumeration of the exposure of Security Access Control Platforms on several Internet-connected device search engines, grew into a research project covering several Building Management Systems (BMS) or Building Automation Systems (BAS) and its various sub-categories.

    The execution of such attacks enables an unauthenticated attacker to access and manipulate doors, elevators, air-condition systems, windows blinds, cameras, boiler, PLCs, lights, alarm system in an entire building. In the case of this research, more than 10 million people could be affected by the findings presented.

    This presentation discusses vulnerabilities found by Applied Risk research team across several BMS components and products from various vendors in the industry. Multiple vulnerabilities have been identified that could result in the total compromise of entire buildings and critical facilities (e.g. banks, hospitals, industrial facilities, government, residential…etc.).

    In addition to the discovered vulnerabilities, the process we followed during our research will be discussed.

  • 16:00 - 16:30 AFTERNOON BREAK
  • 16:30 - 17:00 Reversing Mobile Malware

    Abdullah Joseph Mobile Security Team Lead, Adjust

    We will go through the process of reversing two samples of live malware: the first is a Windows ransomware, the second is an Android malware. I will also demonstrate the tooling and resources necessary to identify, handle and understand a malware sample. The idea here is to establish the methodology of how to approach a malware sample rather than focus on the technicalities of the platform.

  • 17:00 - 17:30 Might As Well JUMP: Exploit Development for Java Serialization

    Jameel Nabbo – Cybersecurity Architect, Ordina

    This session will present an 0day custom exploit in a simple application deployed in Apache MyFaces, and deployed on the latest version of Tomcat. The expected result after presenting and explaining how the exploitation techniques works is “A Python exploit that dives into crypto stuff and breaks the HMAC and MAC”.

    This session will also cover reverse engineering popular security application for vulns with a fun one line ASM command – for educational proposes only of course.  We will dive into the art of ROP and egg hunting for a custom Firefox Remote code execution vuln written in asm.js

  • 17:30 END

Haxpo Speakers

Yang Bo

Telecommunications Specialist, China Telecommunication Technology Labs

Yang Bo is a telecommunication specialist in the China Telecommunication Technology Labs in CAICT. He has also been worked on ultrasonic transducers and measurements for several years. His main research interests include sensors/transducers, wireless communication, and related measurement technologies. He was a speaker of Black Hat USA 2017.

Read More

Himanshu Mehta

Team Lead, Symantec

Himanshu Mehta is passionate about Computer Security and due to this reason he actively and responsibly discloses security vulnerabilities to vendors. He is also involved in several bug bounty and Capture the Flag programs. He is the board member of EC-Council Licensed Penetration Tester group, Convet.it and Currnt. He is also Program Committee Member of International…

Read More

Harshit Agrawal

Security Enthusiast

Harshit Agrawal is Security Enthusiast working as a UG Intern at BMC Softwares on Blockchain Technology. He is a part of All Day DevOps Community, and Speaker at RSAC, ICS Security, HIP, HITB, HAKON, and various Universities. He is President for CSI chapter, and Secretary for Entrepreneurship Cell at MIT. Currently, he is leading a team…

Read More

Jameel Nabbo

Cybersecurity Architect, Ordina

Jameel Nabbo has 9+ years of hands-on offensive security experience he have been teaching security for more than 5 years and got more than 7K+ students in turkey and other areas, Jameel has worked in multiple research institutions in deferent countries and over the years he discovered many vulnerabilities including vulnerabilities in programming languages such…

Read More

Abdullah Joseph

Mobile Security Team Lead, Adjust

Abdullah Joseph is the mobile security team lead of Adjust, providing mobile analytics services to clients around the globe and overseeing the security of mobile open-source libraries integrated in over 22,000 mobile apps and hitting over 400+ billion data points per month. His team works at researching current and future mobile ad fraud schemes and…

Read More

Gjoko Krstic

Senior ICS Security Researcher, Applied Risk

Gjoko is a Senior ICS/IIoT Security Researcher at Applied Risk in Amsterdam, The Netherlands. Gjoko has been active in the “security industry” for almost 15 years, holding experience in many fields in cybersecurity including: penetration testing, malware analysis, vulnerability and exploit research, incident handling, fuzzing, binary exploitation, embedded operating systems, ICS/SCADA hacking, ethical hacking instructor,…

Read More

Benjamin Kunz

Founder, Vulnerability Lab

Benjamin Kunz is active as a penetration tester and security analyst for private and public security firms, hosting entities, banks, isp(telecom) and ips. His specialties are security checks(penetrationtests) on services, software, applications, malware analysis, underground economy, military intelligence/cyberwar, reverse engineering, lectures and workshops about IT Security. During his work as a penetration tester and vulnerability…

Read More

Vivek Ramachandran

Founder/CEO, Pentester Academy

Vivek Ramachandran is the Founder, CEO at Pentester Academy, AttackDefense.com and Hacker Arsenal. He discovered the Caffe Latte attack, broke WEP Cloaking – a WEP protection schema, conceptualized enterprise Wi-Fi Backdoors and created Chellam, the world’s first Wi-Fi Firewall. He is also the author of multiple five star rated books which have together sold over…

Read More

Philipp Mieden

Researcher, LMU

Philipp Mieden is a security researcher and software engineer from Germany, currently focusing on network security monitoring and the use of machine learning. He presented his research on classifying malicious behavior in network traffic at several international contests from Kaspersky Lab and won multiple prizes. After finishing his bachelor at the LMU Munich, he moved…

Read More

Wang Kang

Security Expert, Alibaba

Wang Kang is a Security Expert of Alibaba Group, focusing on security issues of IoT, cyber-physical system, V2X, and trusted computing. He is a contributor of Linux Kernel, (TDD-LTE USB Dongle support) as well as a founder of the Tsinghua University Network Administrators. He was a speaker at Black Hat {Europe 2015, USA 2017, USA…

Read More

Ross Bevington

Senior Security Software Engineer, Microsoft

Ross is a security researcher and software developer who specialises in computer security and bespoke system development. He works in Microsoft’s Threat Intelligence Center. This part of Microsoft that is responsible for delivering timely threat intelligence, assisting with the engineering response to security issues/incidents as well as occasionally assisting with government policy outreach for the…

Read More

Andrea Zapparoli Manzoni

Director, Crowdfense

Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers. The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old “crafts of…

Read More

Thomas Weber

Security Consultant, SEC Consult Group

Thomas Weber is a security researcher and consultant with a focus on embedded device security/reverse engineering. Prior to his employment at SEC Consult, he worked as developer for various embedded devices in different companies. Thomas disassembles and dissects the hardware and the extracted firmware from embedded devices for customers and during research projects in the…

Read More

Kevin McPeake

God of WarRoaming, Peak Security

Ever since being recruited early out of University for a job coding software and firmware for the credit card processing industry in 1990, Kevin McPeake’s entire career has been focused on telecommunications security. A year later in 1991, he modified a Verifone Trans330 in both software and hardware to develop a PoC site-monitoring controller for…

Read More

Nicolas Mattiocco

CEO, GreenLock Advisory

Expert with 10 years of experience in information security, I have performed various security consulting engagements, from penetration tests to global risk assessments and implementation of security solutions. I’m currently Freelance since 3 years and onboarded in the Red Team of a CERT in a large financial institution. Also founder of PatrOwl, a scalable, free…

Read More

Ivica Stipovic

Security Consultant, Ward Solutions

Ivica works as an Information Security Consultant. He tries to understand the intricacies of security processes and find the ways to undermine them. In a previous life a network and system administrator, he moves recently towards security research. Currently, a proud employee of Ward Solutions. Formal education encompasses B.Sc in Computing and Telecom ,MSc in…

Read More

Charles Givre

Co-founder, GTK Cyber

Mr. Charles Givre recently joined Deutsche Bank as a lead data scientist in the Chief Information Security Office. Prior to joining Deutsche Bank, Mr. Givre worked as a Senior Lead Data Scientist for Booz Allen Hamilton for the last seven years where he works in the intersection of cyber security and data science. At Booz…

Read More

Thomas Debize

Information Security Enthusiast

Thomas Debize is a French infosec dude. He developed a specific interest in data analysis and visualization throughout the time and spoke at several conferences such as Hack.lu, ZeroNights, PHDays, BSides Las Vegas, HITB, Hackfest and Area41 to name few. That said, he likes to git push new infosec tools on its free time (https://github.com/maaaaz)

Read More

Yago Hansen

CEO, Wifense

Ethical hacker, expert in network engineering and system administration, with extensive experience in network infrastructures of all sizes. During his professional career, he has carried out international projects for large corporations in the banking, insurance, telecommunications and Government security sectors among others. In recent decades he has specialized extensively in wireless technologies, successfully leading numerous…

Read More

Ralph Moonen

Director, Secura

Ralph Moonen is Technical Director at Secura. Ralph is an old-school ethical hacker with 3 decades of experience as penetration tester, IT-auditor and security consultant. Now, as Technical Director, he is responsible for topics such as R&D and technical projects at Secura. He started out phreaking in the 80’s and telephony is still a passion…

Read More

Joel Hernandez

Lead Engineer, Openbook

Digital rights activist and software engineer leading Openbook, an organization with the mission to build human-centric, responsible, sustainable and fair technology for a more prosperous tomorrow.

Read More

Yongtao Wang

Senior Security researcher, Pegasus Team, Qihoo 360

Yongtao Wang (sanr) works in 360 Technology, a senior security researcher in PegasusTeam team.He specializes in penetration testing and wireless security research. He has extensive experience in security research and penetration testing. He is a lecturer at the China Internet Security Conference (ISC) security training camp, Blackhat、POC、CodeBlue, etc. Conference speaker.

Read More

Weiguang Li

Security Researcher, Unicornteam, Qihoo 360

Weiguang Li is a mobile network security researcher from UnicornTeam of 360 Technology Co. Ltd in China. He mainly focuses on GSM and LTE security, He is also interested in NB-IOT baseband reverse engineering and software-defined radio development.

Read More


Website: https://haxpo.nl

Twitter: @HITBHaxpo