44CON 2017 Speakers

Marc Newlin

Marc newlin500Marc Newlin is a wireless security researcher at Bastille, where he discovered the MouseJack and KeySniffer vulnerabilities. A glutton for challenging side projects, he competed solo in two DARPA challenges, placing third in the DARPA Shredder Challenge, and second in the first tournament of the DARPA Spectrum Challenge.

Matt Knight


Matt Knight is a software engineer and security researcher at Bastille, with a diverse background in hardware, software, and wireless security. In 2016, he exposed the internals of the closed-source LoRa PHY based on blind signal analysis. Matt holds a BE in Electrical Engineering from Dartmouth College.

Nicky Bloor


Always intrigued by how things work, Nicky wrote his first “Hello World” on a Commodore 64 in the early 90s. The video gaming hobby inherited from his father quickly turned into game hacking and amateur game development throughout his teenage years before later breaking into a career in infosec.

Now a managing security consultant at NCC Group, Nicky jumps at the opportunity to take on interesting and mentally challenging projects involving reverse engineering, fuzzing, and code review whenever time allows around conducting security assessments for clients, hiking up mountains, and hanging from the occasional cliff.

Follow Nicky on Twitter at @nickstadb

Don Bailey

Don A.Bailey

Don A. Bailey has consistently engaged in ground breaking research over the past decade. He helped prove SS7 to be a global threat to telephony security before anyone knew what SS7 was, and helped mitigate these threats in the USA. Don started the IoT hacking trend by performing the first remote hack of a car at Black Hat Las Vegas in 2011. Mr. Bailey uncovered a critical flaw in a  compression algorithm so widely implemented that affected the entire Yahoo infrastructure, iOS, the Linux kernel, and even the Mars Rover. He is the first and possibly only researcher to have found critical bugs affecting the Erlang virtual machine core. He was the first security researcher to perform a security analysis of the RISC-V ISA.

Mr. Bailey sits on the advisory board of several startups and conferences, assisting with technical guidance and strategy. He was the CTO of Revolar, a startup that helps vulnerable individuals improve their safety in uncertain physical environments. While launching his own IoT startup, Don consults regularly with startups of all sizes to secure their technology stack, network architecture, and embedded technologies.

Don has given 9 talks at Black Hat Briefings, 5 talks at Hack In The Box, and 4 talks at the infamous 44Con conference, among others. His exploits have been featured on NPR, in Reuters, FOX, BBC, Al Jazeera, and many more stations worldwide.

Klaus Schmeh


Klaus Schmeh is the world’s leading blogger in the field of crypto history (www.schmeh.org). Klaus’ blog has become the most important online forum for unsolved encryptions and historical ciphers. Even the NSA has forwarded to him inquiries concerning encrypted documents.

Klaus’ blog readers have proved extremely successful in breaking old cryptograms.

Klaus Schmeh has published 14 books, 200 articles, 700 blog posts and 20 research papers  about encryption technology, which makes him the most-published cryptology author in the world. While he writes his blog in English, most other of his publications are in German.

As his main profession of security consultant at the German company, cryptovision, Klaus utilizes his special skill in explaining complex technical topics, often using self-drawn cartoons and Lego brick models for visualization.

Kev Sheldrake


Kevin Sheldrake is a penetration tester who started working in the technical security field in 1997.

Over the years, Kev has been a developer and systems administrator of ‘secure’ systems, an infosec policy consultant, a penetration tester, a reverse engineer and an entrepreneur who founded and ran his own security consulting company. His current interests (4+ years) are IoT, crypto and RFID; he reverse engineers and hacks devices that his employer intends to sell. He has a Masters degree, is a Chartered Engineer and, in the past, has been a CHECK Team Leader, a CISSP and held CLAS. He privately mentors others on the Stanford and Maryland crypto courses available on coursera.org.

Kev has presented at EMF Camp, DEFCON 4420 and DEFCON 441452 on hacking embedded devices (Inside our Toys); presented on building debuggers for embedded devices at Securi-Tay (Phun with Ptrace()); and also presented a lengthy take down on the use of NLP in Social Engineering at DEFCON 4420 (Social Engineering LIES!). He has also presented regularly at his employer’s internal security conference, winning best talk in 2014 for ‘Embedded Nonsense’, a talk about hacking an IoT device and reversing its crypto, which he subsequently presented at Cyber Security Challenge.

Jess Frazelle

Jessica FrazelleJess Frazelle is a Software Engineer at Google. She has been a maintainer of Docker, contributor to RunC, Kubernetes and Golang as well as other projects. She loves all things involving Linux namespaces and cgroups and is probably most well known for running desktop applications in containers. She maintained the AppArmor, Seccomp, and SELinux bits in Docker and is quite familiar with locking down containers.

Lars Haukli

lars Haukli

Lars Haukli was falsely accused of infecting his neighbour’s PC with a computer virus at the age of 12.

For the past decade, he has been developing anti-malware technology to make amends for sins he never committed as a child.

His current mission at Symantec is simple: Make the best sandbox the world has ever seen.

David Mirza Ahmad

David Mirza Ahmad gwxOR5RK_400x400

David Mirza Ahmad is one of the founders of Subgraph and a Subgraph OS core developer. Prior to this he was the moderator of the Bugtraq mailing list, and was on the founding team of SecurityFocus. He was also a developer and maintainer of the Vega open source web security scanner. David works on low-level components of Subgraph OS: recently, this includes the seccomp-bpf wrapper for the sandbox, runtime profiler for policy generation, event monitor and notification system, TLS guard, and onion guard. David also manages the project and organization administration.

Alex Plaskett

alex plaskett

Alex is Head of Technical Research at MWR InfoSecurity in the UK. Alex is best known for mobile and embedded vulnerability research and exploitation. Alex has previously presented at Deepsec, TROOPERS16, BlueHat, T2.Fi, Confidence, 44con and SyScan.

James Loureiro

Taken with Lumia Selfie

James Loureiro is a senior researcher at MWR InfoSecurity, and has interests in vulnerability research and reverse engineering. James has previously presented on Windows Kernel fuzzing at DefCon in 2016 and on Adobe Reader in 2015.

Matt Wixey


Matt currently works as a penetration tester and researcher in the Threat and Vulnerability Management (TVM) team at PwC, and leads the team’s research capability. Prior to joining PwC, he worked in law enforcement, leading a technical R&D team. His research interests include antivirus and sandbox technologies, exploit development, and RF security.

William Knowles

William Knowles-Picture

William Knowles is a Security Consultant at MWR InfoSecurity. He is primarily involved in purple team activities, which involves objective-based testing to simulate real-world threats, and helping organisations to identify effective defences to protect and detect against them. Prior to joining the industry and getting a real job, he completed a PhD in Computer Science at Lancaster University. His research interests include post-exploitation activities and offensive PowerShell.

Yuriy Bulygin


Yuriy Bulygin (@c7zero) has been the chief threat researcher at Intel Security/McAfee and led the Advanced Threat Research team. Previously, Yuriy led the microprocessor vulnerability analysis team at Intel. Yuriy is the author of the open source CHIPSEC framework.


Oleksandr Bazhaniuk

Alex Bazhanluk

Alex Bazhaniuk (@ABazhaniuk) is an independent security researcher. Previously, Alex was a member of the Advanced Threat Research and Security Center of Excellence teams at Intel and Intel Security. His primary interests are the security and exploitation of low-level hardware platforms and firmware, and binary analysis automation. His work has been presented at a number of security conferences. He is also a co-founder of DCUA, the first DEF CON group and CTF team in Ukraine.

Nelson Murilo


Nelson Murilo has been working at Cyber Analyst since 1992. He is the author of some security books in Portuguese and a regular contributor of Brazilian Computer Emergency Response Team. Nelson is the author of open source security tools like: chkrootkit – locally checks for the presence of a rootkit and Beholder – linux Wireless IDS. Nelson is a regular speaker in Brazil and international conferences such as Defcon, Thotcon, SAS Kaspersky, Ekoparty, MS Bluehat and Auscert.

Graham Sutherland

Graham Sutherland

Graham is a pentester, electronics tinkerer, ex-developer, security researcher, reverse engineer, crypto enthusiast, promulgator of useless facts, vehement drunkard, and bacon aficionado. Can often be found scurrying towards a bar. One of his shoes is probably sentient.

Collin Mulliner

collin Mulliner

Collin Mulliner is a security researcher and software engineer and spends most of his time working on mobile and smart phones. Collin is interested in vulnerability analysis and offensive security as he believes that in order to understand defense you first have to understand offense. Collin received a Ph.D. from the Technische Universitaet Berlin in 2011, and a M.S. and B.S. in computer science from UC Santa Barbara and FH-Darmstadt. Lately Collin switched his focus to the defensive side to work on mitigations and countermeasures. Collin co-authored The Android Hacker’s Handbook.

Nikhil Mittal

Nikhil Mittal Speaker Pic

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 8+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.

He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell.

In his spare time,Nikhil researches on new attack methodologies and updates his tools and frameworks. He blogs at http://www.labofapenetrationtester.com/

Cedric Halbronn

Cedric Halbronn

Cedric (@saidelike) has joined NCC Group in 2015 and has been doing reverse engineering / exploit development for 8+ years. His current interests are memory corruption bugs in browsers, kernels, mobile devices, embedded devices, etc.

Gabriel Ryan

Gabriel Ryan - Profile Picture

Gabriel Ryan (Twitter: @s0lst1c3) is a penetration tester and researcher with a passion for wireless and infrastructure testing. His career began as a systems programmer at Rutgers University, where he assessed, diagnosed, and resolved system and application issues for a user community of over 70,000 faculty, students, and staff. Gabriel then went on to work as a penetration tester and researcher for the Virginia-based defense contractor OGSystems. While at OGSystems, he worked as a lead engineer on the Mosquito project, a geospatial intelligence tool that leverages wireless technology to track potential threats.

Gabriel currently works for the international security consulting firm Gotham Digital Science at their New York office, where he performs full scope red team penetration tests for a diverse range of clients. He also contributes heavily to his company’s research division, GDS Labs. Some of his most recent work includes a whitepaper on rogue access point detection, along with the popular tool Eaphammer, which is used for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys live music, exploring the outdoors, and riding motorcycles.

Olivier Bilodeau

olivier bilodeauOlivier Bilodeau is leading the Cybersecurity Research team at GoSecure. With more than 10 years of infosec experience, Olivier managed large networks and server farms, wrote open source network access control software and recently worked as a Malware Researcher. Passionate communicator, Olivier has spoken at several conferences like Defcon, Botconf, SecTor, Derbycon and many more. Invested in his community, he coorganizes MontréHack — a monthly workshop focused on applied information security through capture-the-flag challenges —, he is in charge of NorthSec’s training sessions and is hosting NorthSec’s Hacker Jeopardy. His primary research interests include reverse engineering tools, Linux and/or embedded malware and honeypots. To relax, he likes to participate in information security capture-the-flag competitions, work on various opensource projects and brew his own beer.

Ruben Boonen

Ruben BonnenMy name is Ruben Boonen (@FuzzySec), I have been working in InfoSec since 2012. I have a well-rounded skill set, having taken on many application, infrastructure and bespoke engagements. I have however developed a special interest for Windows: Domains, exploit development, client-side attacks, restricted environments, privilege escalation, persistence, post-exploitation and of course PowerShell!

I love breaking stuff but it is equally important to me to share that knowledge with the wider community. I have previously been a trainer at Black Hat, Def Con and various BSides events in the UK. Additionally, I maintain a InfoSec blog (http://www.fuzzysecurity.com/) and GitHub account (https://github.com/FuzzySecurity) where I publish research on a variety of topics!


Didier Stevens

Didier StevensDidier Stevens (Microsoft MVP, SANS ISC Handler, Wireshark Certified Network Analyst, CISSP, GSSP-C, GCIA, GREM, MCSD .NET, MCSE/Security, MCITP Windows Server 2008, RHCT, CCNP Security, OSWP) is a Senior Security Analyst (NVISO https://www.nviso.be). You can find his open source security tools on his IT security related blog at https://blog.DidierStevens.com.

Saumil Shah

saumil_photo_squareCEO, Net-Square    @therealsaumil

Saumil Shah, is the founder and CEO of Net-Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 18 years. He is also the co-developer of the wildly successful “Exploit Laboratory” courses and authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.

James Forshaw

No Image for personJames is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate.

Daniel Crowley

Daniel CrowleyDaniel Crowley is a Senior Security Engineer and Regional Research Director for NCC Group Austin, tasked with finding and exploiting flaws in everything from Web applications and cryptosystems to ATMs, smart homes, and industrial control systems. He denies all allegations of unicorn smuggling and questions your character for even suggesting it. He has been working in information security since 2004. Daniel is TIME’s 2006 Person of the Year. He has developed and released various free security tools such as MCIR, a powerful Web application exploitation training and research platform, and FeatherDuster, an automated modular cryptanalysis tool. He does his own charcuterie and brews his own beer. He is a frequent speaker at conferences including Black Hat, DEFCON, Shmoocon, Chaos Communications Camp, and SOURCE. Daniel can open a door lock with his computer but still can’t launch ICBMs by whistling into a phone. He has been interviewed by various print and television media including Forbes, CNN, and the Wall Street Journal. He holds the noble title of Baron in the micronation of Sealand. His work has been included in books and college courses.

Amanda Rousseau

Amanda RousseauAmanda absolutely loves malware. She works as a Senior Malware Researcher at Endgame on the threat research team focusing in dynamic behavior detection both on Windows and OSX platforms. Prior to Endgame, she worked as a malware researcher at FireEye, malware reverse engineer in commercial DFIR, and malware reverse engineer in the U.S. Department of Defense.

You can follow her on Twitter @malwareunicorn

Aaron Guzman

AaronGuzmanAaron Guzman is a Manager with Gotham Digital Science (GDS), located in Los Angeles, CA. Mr. Guzman previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell SecureWorks breaking code and architecting infrastructures. Aaron has spoken at a number of conferences worldwide which include DEF CON, OWASP AppSec EU, OWASP AppSec USA, HackFest, Security Fest, HackMiami, AusCERT as well as a number of BSides events. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. Follow Aaron’s latest research on Twitter at @scriptingxss