44CON 2018 Speakers

Philippe Arteau

Philippe ArteauPhilippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He is also a contributor to the static analysis tool for .NET called Security Code Scan. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and many others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC) and JavaOne.

Twitter: h3xstream

Guy Barnhart-Magen

Guy Barnhart-MagenGuy is a member of the BSidesTLV organizing team and recipient of the Cisco “black belt” security ninja honor – the highest cyber security advocate rank.
With over 15 years of experience in the cyber-security industry, he has held various positions in both corporates and start-ups.
He is currently a security research manager at Intel, where he focuses on AI Security, reverse engineering and researching various embedded systems.

Ezra Caltum

Ezra CaltumEzra is a cyber-security practitioner, with a passion for reverse engineering, data analysis, and exploitation. He is the leader of the Tel Aviv DC9723 Defcon group and a co-founder and organizer of BSidesTlv. Currently, he works as a Security Research Manager at Intel.

James Forshaw

James ForeshawJames is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1 researcher for MSRC, as well as being a Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a number of security conferences including Black Hat USA, CanSecWest, Bluehat, HITB, and Infiltrate. He’s also the author of the book “Attacking Network Protocols” available from NoStarch Press.

Twitter: @tiraniddo
Website: tyranidslair.blogspot.co.uk

Leigh-Anne Galloway

Leigh-Anne GallowayLeigh-Anne Galloway is a Security Researcher who specializes in the areas of application and payment security. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. Which is where she discovered her passion for security advisory and payment technologies. She has presented and authored research on ATM security, application security and payment technology vulnerabilities and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, Troopers and Black Hat.

Michael Gianarakis

Michael GianarakisMichael Gianarakis is the co-founder and CEO of Assetnote, a platform for continuous monitoring of your external attack surface. Michael has presented at various industry events and meetups including DEF CON, Black Hat Asia, Thotcon, Rootcon and Hack in the Box. Michael is also actively involved in the local security community in Australia where he is one of organizers of the monthly SecTalks meetup as well as the hacker camp TuskCon.

Rancho Han

Rancho HanRancho Han is a senior security researcher of Tencent Zhanlu Lab (@ZhanluLab). He has more than Seven years of information security experience. In the past, his work involved malware detection, exploit mitigations, and bug hunting. Recently, he focused on the research of windows kernel fuzzing and exploit technique.
He participated in Pwn2Own 2017 (as Tencent Security Lance Team) and exploited MicroSoft Edge with SYSTEM privilege in less than 1 second. He has also been a speaker at HITB 2018(Amsterdam) and Hitcon 2016(Taipei).

Jahmel Harris

JayJarvis-crop-bwJahmel (Jay) is a security researcher and hacker. He co-founded Digital Interruption last year; a security consultancy which helps secure organisations with a mix of penetration testing and helping to embed security into application development pipelines. With a background in not only security testing but software development, Jahmel is able to advise engineers on balancing security with functionality.
Jahmel has a particular interest in mobile application security, reverse engineering and radio and has presented talks and workshops at home in the UK and abroad. He also runs Manchester Grey Hats – a group aiming to bring hackers together to share knowledge and skills.

Twitter: @jayHarris_Sec

Pete Herzog

pete herzogPete Herzog is the shining example of a hacker trying to fix the world. He built a career out of taking apart the security world piece by piece to figure out how it works (but he still can’t put it back together). Then he writes about it, a lot. You can find articles and projects from him all over the place, especially at the non-profit research organization, The Institute for Security and Open Methodologies (ISECOM), he co-founded in 2001 to help make this happen. There you’ll find his work with the Open Source Security Testing Methodology Manual (OSSTMM), Hacker Highschool, and the Cybersecurity Playbook as well as work in trust metrics, authentication, social engineering, vulnerabilities, risk analysis, and so much more. Pete also teaches training classes, coaches corporations on cybersecurity, analyzes the security for Smart Cities, develops security products, advises start-ups, and hacks things

Twitter: @peteherzog

Timo Hirvonen


Timo has been with F-Secure since 2010. While working in Labs, Timo kept the good guys safe by studying the latest tricks the bad guys used. He specialized in exploit analysis. Timo joined Cyber Security Services in 2016, and nowadays he enjoys protecting the enterprises by working on various types of assessments, including incident response and red team exercises. Timo has presented at INFILTRATE 2018, Black Hat USA 2014, Microsoft Digital Crimes Consortium 2014, CARO 2013, and Scandinavian Cybercrime Conference 2013, and t2 infosec conference.

Thibault Koechlin


After a few years of pentesting and offensive R&D, I turned to defense for new challenges. As a convalescent CSO, I am focusing on defensive R&D with a strong focus on web & FOSS.



Matt Lorentzen

mattlorentzenMatt has 20 years IT industry experience working within government, military, finance, education and commercial sectors. He is a senior security consultant and penetration tester at SpiderLabs with a focus on red team engagements.
Before joining SpiderLabs, he worked with Hewlett Packard Enterprise as a CHECK Team Leader delivering penetration testing services to a global client list. Prior to HPE, Matt ran his own IT consultancy company for 7 years.

Twitter : @lorentzenman

Jack Matheson

jack matheson-44con

Jack is a principal engineer at Mellanox Technologies, where he develops software to make networks and data centers more secure. For 15 years, he has been building software/hardware hybrid solutions to accelerate and secure workloads – most recently at McAfee, where he was the chief cloud architect for enterprise security, and Intel, as the software architect for cloud identity.

Carl Morris

carl morris

Carl has over 20 years experience working within IT, over a decade of which was in a global corporate environment starting out as entry level support and working up to System Administration covering the whole breadth of the IT infrastructure, including Active Directory, Exchange, System & Patch Management but with a primary focus and interest on the security related solutions such as firewalls, endpoint security, NAC and general system security. This has been followed by around a decade working in MSSP’s, the latest of which being at SecureData for over 6 years. Initially as an Escalation Engineer followed by moving into Professional Services and subsequently to the Managed Threat Detection team as a Senior Security Analyst where he is now the lead analyst for the Managed Threat Hunting service. Aside from day to day activities the past few months have been spent developing and implementing endpoint capabilities through the use of Sysmon & WEF as well as building detection rules and analytics around that to aid in hunting exercises.

Twitter Handle: @camorris74

Willem Mouton

WillemPhotoWillem is the head of SensePost SecureData Labs – the groups R&D division. Willem is an industry veteran with decades of experience in product development, pentesting, managed services, OSInt and Reconnaissance, security research and most recently Threat Detection and Threat Hunting. He also an experience speaker and trainer with exposure at top international forums like Black Hat.

Twitter handle: @_w_m__

Lawrence Munro

Version 2Lawrence Munro is the Worldwide VP of SpiderLabs, a Post-Graduate Student at Oxford University and a member of the CREST Executive. He regularly presents at conferences on range of topics, but normally: red teaming, education in Infosec or weird side-projects. Lawrence also owns Hackarmoury.com and blogs at Pentesticles.com

Twitter handle: @munrobotic

Chen Nan

Chen NanChen Nan is a Security Researcher at ZhanLu Lab,Tencent. Currently he is focusing on security research about the DXG module in the windows kernel. Previously, he discovered 10+ vulnerabilities in a short period of time. Some of them can be used on the edge’s sandbox escape.


Enrique Nissim

Enrique Nissim

Enrique Nissim is a Senior Security Consultant at IOActive. His experience and interests include reverse engineering, exploit development, programming and application security. He has also been a regular speaker at other international cybersecurity conferences, including CansecWest, EKOParty, ZeroNights, and AsiaSecWest.

Twitter: @kiqueNissim

David Rogers

david_rogers_6_512x640David is a mobile phone and IoT security expert, founder and CEO of Copper Horse Solutions Ltd, a software and security company based in Windsor, UK. His company is currently focusing on security and privacy research for the Internet of Things, including connected car security.

David chairs the Device Security Group at the GSM Association and sits on the Executive Board of the Internet of Things Security Foundation. He is a Visiting Professor in Cyber Security and Digital Forensics at York St John University and teaches Mobile Systems Security at the University of Oxford.

He has worked in the mobile industry for 20 years in security and engineering roles. Prior to this he worked in the semiconductor industry. His book ‘Mobile Security: A Guide for Users’ was published in 2013. Most recently he authored the UK’s ‘Code of Practice for Security in Consumer IoT Products and Associated Services’, in collaboration with DCMS, NCSC, ICO and industry colleagues.

Twitter: @drogersuk

Gabriel Ryan

Gabriel Ryan - Profile PictureGabriel Ryan is a penetration tester and researcher with a passion for wireless and infr astructure testing. He currently serves a co-founder and principal security consultant for Digital Silence, a Denver based consulting firm that specializes in impact driven penetration testing and red team engagements.

Prior to joining Digital Silence, Gabriel worked as a penetration tester and researcher for Gotham Digital Silence, contributing heavily to their wireless security practice and regularly performing large scale infrastructure assessments and red teams for Fortune 500 companies. Some of Gabriel’s most recent work includes the development of EAPHammer, an 802.11ac focused tool for breaching WPA2-EAP networks. On the side, he serves as a member of the BSides Las Vegas senior staff, coordinating wireless security for the event. In his spare time, he enjoys producing music, exploring the outdoors, and riding motorcycles.

Twitter: @s0lst1c3

Saumil Shah

saumil_headshot_softSaumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognised speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Twitter: @therealsaumil

Shubham Shah

Shubham Shah - croppedShubham Shah is the co-founder and CTO of Assetnote, a platform for continuous monitoring of your external attack surface. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, BSides Canberra and WAHCKon. Shubham is also a founder of the charity Hackers Helping Hackers which provides hackers from under-represented and less privileged groups access to industry events, mentorship and training.

Kevin Sheldrake

Kevin SheldrakeKevin Sheldrake is a penetration tester and researcher who started working in the technical security field in 1997. Over the years, Kev has been a developer and systems administrator of ‘secure’ systems, an infosec policy consultant, a penetration tester, a reverse engineer and an entrepreneur who founded and ran his own security consulting company. His current interests are tool development for better penetration testing, and he has specialised in IoT and crypto for a number of years.

He has a Masters degree, is a Chartered Engineer and, in the past, has been a CHECK Team Leader, a CISSP and held CLAS.

Kev has presented at 44con, Troopers, DEFCON 4420, 441452 and 441392 on RFID crypto (Cracking HiTag2 Crypto); EMF Camp, DEFCON 4420 and 441452 on hacking embedded devices (Inside our Toys); presented on building debuggers for embedded devices at Securi-Tay (Phun with Ptrace()); and also presented a lengthy take down on the use of NLP in Social Engineering at DEFCON 4420 (Social Engineering LIES!). He has also presented regularly at his employer’s internal security conference, winning best talk in 2014 for ‘Embedded Nonsense’, a talk about hacking an IoT device and reversing its crypto, which he subsequently presented at Cyber Security Challenge.

Twitter: @kevsheldrake
Website: rtfc.org.uk

Klaus Schmeh

Klaus-Schmeh-CFKlaus Schmeh is the world’s leading blogger in the field of crypto history. Klaus’ blog has become the most important online forum for unsolved encryptions and historical ciphers. Even the NSA has forwarded to him inquiries concerning encrypted documents.

Klaus’ blog readers have proved extremely successful in breaking old cryptograms.

Klaus Schmeh has published 14 books, 200 articles, 700 blog posts and 20 research papers about encryption technology, which makes him the most-published cryptology author in the world. While he writes his blog in English, most other of his publications are in German.

As his main profession of security consultant at the German company, cryptovision, Klaus utilizes his special skill in explaining complex technical topics, often using self-drawn cartoons and Lego brick models for visualization.

Tim Todd

Tim ToddFrom a background in Reverse Engineering and Algorithm Design, Tim’s past life as a developer had him working on projects as diverse as BIOS & BIST code for Critical Systems through to designing efficient algorithms for Network Load Distribution.

As a hobbyist, Tim’s passion is modifying embedded firmware; whether it’s his A/V equipment, his phone, or his games console, few things in his house run their original firmware.

A few years ago Tim ‘jumped the fence’, and currently works as an Embedded Pentester. He is a regular presenter at internal conferences, with talks on Bare-metal R.E., Cryptography, Device Design, and Car Networks.

If none of that appeals… 1) Why are you here? …2) Come and chat about magic and mentalism; guitars, keyboards, & chord theory; or the more interesting bits of NLP, hypnotism and social engineering.

Tomi Tuominen


Tomi is known as the “InfoSec Swiss Army Knife” because when it comes to defending computers, he’s done a little bit of everything. In his more than two decades in the industry, he has taken part in breakthrough research on Windows networking, physical access control systems and electronic voting.
As F-Secure’s Head of Technical Security Consulting, he specializes in protecting enterprises – often by breaking into them before anyone else can. The founder of the t2 infosec conference, Tomi has thrice been named one of the Top 100 IT Influencers in Finland.

Chris Wade

WADE.CHRISChris is a seasoned security researcher and testing consultant. He’s usually got at least one project on the go- for example, reverse engineering hardware, firmware and RF, or fingerprinting USB vulnerabilities with his own fuzzing framework. Another really good example is using Software Defined Radio, with his modded RTL-SDR dongle to sniff radio signals, mainly looking at NFC protocols.

He also has experience of analysing x86 executables to break protections such as license key requirements, and also for crafting exploits for general buffer overflow vulnerabilities, though this is definitely not as strong as his work analysing the ARM architecture. He’s also pretty good on the guitar.

Charl van der Walt

charl van der waltI’m a founder of SensePost – a pentesting company in South Africa and the UK – where I still form part of the management. Over almost 20 years at SensePost I acted in various roles including CEO for about 5 years. After we sold SensePost to a UK business called SecureData I took a diverse role with the group that includes leading its research unit, directing security strategy and also leading the ‘Security Intelligence Unit’, which amongst other things runs a significant Managed SIEM and Threat Hunting (MDR) Operation.

I have spoken on a variety of occasions over the duration of my career, including at Black Hat, HITB, Defcon, NATA CCDCOE, BSides and others (but never at 44COn).

I used to have a dog called Fish, but she died. Now I have a dog called Rabbit with three legs.

Twitter @charlvdwalt

Julien Voisin


Julien (jvoisin) Voisin used to pwn and reverse stuff while contributing to radare2, he nowadays focus on protecting web applications while keeping his own bug alive on websec.fr and writing things on dustri.org. He’s also running some high-speed Tor relay.

Tim Yunusov

Timur YunusovTim Yunusov is a Security Expert in the area of banking security and application security. He has authored multiple researches in the field of application security, which include “Apple Pay replay attacks” (Black Hat USA 2017), “7 sins of ATM protection against logical attacks” (PacSec, POC), “Bruteforce of PHPSESSID”, “XML Out-Of-Band” (BlackHat EU), and is rated in the Top Ten Web Hacking Techniques by WhiteHat Security. He regular speaks at conferences and has previously spoken at CanSecWest, Black Hat USA, Black Hat EU, HackInTheBox, Nullcon, NoSuchCon, Hack In Paris, ZeroNights and Positive Hack Days.

Jie Zeng

Jie ZengI am a senior security researcher from zhanlu lab of Tencent. I have many years of security research experience, focusing on bug hunting and Exploit technology about Adobe Flash and various browsers.

In the past few years I have found 30+ vulnerabilities of Adobe Flash player and got 20 CVE number (some of them have won the chrome reward program’s bounty). I am also the winner of the Microsoft Edge project in Pwn2Own 2017(the Team Lance).

Twitter: @hi_tedJoy