From BruCON 2011


Lieven Desmet

Lieven Desmet is Research Manager on Secure Software at the Katholieke Universiteit Leuven (Belgium), where he coaches junior researchers and leads a research team on web application security. His main interests are in software verification and security of middleware and web-enabled technologies. Lieven is actively engaged in OWASP and is board member of the OWASP Chapter Belgium.

Ian Amit

Hacker, Researcher, Husband, Father, Consultant, Techie, Business. Ian Amit is providing strategic consulting services to companies in the security business with coverage of both business, technical, innovation, marketing and competitive analysis. Ian likes to play around with computers, break them, fix them and generally surrounds himself with gadgets.

With over 10 years of experience in the information security industry, Iftach Ian brings a mixture of Software development, OS, Network and web security to the Strategic consulting firm Security & Innovation. Prior, Ian held a Director level roles at web security firms Aladdin and Finjan. Prior to that, Ian was the founder and CTO of a security startup in the IDS/IPS arena and developed new techniques for attack interception. Prior to that, he served in a director position at Datavantage (NASDAQ:MCRS) with responsibility for software development, Information security as well designing and building a financial Datacenter. Prior to Datavantage, he managed the Internet application department at Comsec Consulting as well as the Unix Department, where he has been consulting to major banking and industry companies worldwide. Iftach Ian holds a Bachelors degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

Paul Asadoorian

Paul Asadoorian is currently the Product Evangelist for Tenable Network Security, where he regularly uses vulnerability scanning and management products and showcases them using blogs, podcasts, and videos. Paul is also the Founder of PaulDotCom, an organization centered around the award winning PaulDotCom Security Weekly podcast that brings listeners the latest in security news, vulnerabilities, research, and interviews with the security industry's finest. Paul has a background in penetration testing, intrusion detection, and is the author of WRT54G Ultimate Hacking a book dedicated to hacking Linksys routers.

Fabian van den Broek

In March of 2010 Fabian obtained his Masters degree in Computing Sciences at the Radboud University of Nijmegen with the thesis "Catching and Understanding GSM-Signals" (

He is currently employed by the Radboud University Nijmegen as a Researcher in security of wireless technologies.

Dale Pearson

Dale Pearson is a passionate Information Security Professional with 8 years experience in IT Security, and over 12 years in the IT Industry. He has been exposed to and works in a wide range of security areas, such as security and risk consulting, policy and compliance, penetration testing, social engineering, forensics, incident response, and awareness training.

Dale is the founder of where he blogs about social engineering, hypnosis, and other skills to improve success as a social engineer. He is also one of the hosts of the Eurotrash Security Podcast.

Mikko Hypponen

Mikko Hypponen is the Chief Research Officer for F-Secure. He named the Storm worm. He spoke at the legendary Rubicon conference in Detroit before it was shut down. He holds US patent 6,577,920. He does his own stunts.

Roel Verdult

Roel Verdult is one of the main hackers that uncovered the serious security vulnerabilities in the widely used MIFARE Classic RFID tag. This is a contactless smartcard used in several public transport systems around the world and also in highly secured facilities like ministries, military bases, banks, nuclear power plants and prisons. Currently a member of the Digital Security group at the Radboud University Nijmegen. His last publications cover on several security topics like E-Passports, Smartcards, Secure storage en Transmission security. During his young career he already has received international awards for his publications and research work.

Craig Balding

Craig Balding is an IT Security Practitioner at a fast paced banking and finance Fortune 500 where he leads a global team of technical security specialists.

He has a decade of hands-on IT Security experience, with over 15 years in the IT industry. He is co-author of “Maximum Security: A Hackers Guide to Protecting Your Network”, CISSP and CISA certified and a British Computing Society Chartered IT Professional (MBCS CITP). He specialises in penetration testing, incident response, forensics, UNIX/Linux and ORACLE security.

Craig founded where he blogs about Cloud Computing and Security. He is a co-host of the Cloud Security podcast and has presented at Black Hat Europe, eCrime London and the World Cloud Computing Summit.

Tyler Shields

Tyler Shields is a Senior Researcher for the Veracode Research Lab whose responsibilities include understanding and examining interesting and relevant security and attack methods for integration into the Veracode product offerings. In the past, Tyler has worked as a consultant for both @Stake and Symantec, delivering security assessments to fortune 500 companies, major financial institutions, institutions of higher education, and the highest levels of the U.S. government. Tyler has presented at major industry conferences including Shmoocon, H.O.P.E, and SOURCE Boston and released numerous security advisories.

Presentation/Publication List:

Olivier Thonnard

Olivier Thonnard was born in Brussels, Belgium, in May 1975. He graduated as an engineer in Telecommunications from the Royal Military Academy (Belgium). He also holds a Master in Applied Computer Science from the Vrije Universiteit Brussel (Belgium). In March 2010, he completed a PhD in computer security at EURECOM (Sophia Antipolis, France) under the supervision of Marc Dacier (Symantec Research), with a focus on attack attribution in cyberspace. As a military Officer, he is teaching at the Polytechnic Faculty of the Royal Military Academy, where he is involved in several courses related to computer and network security.

His current research activities are closely related to the global analysis of Internet threats. In this context, he is actively participating in the WOMBAT project (Worldwide Observatory of Malicious Behaviors and Attack Threats), an EC-funded project started in 2008 and involving several partners from the academic and industrial world (

Andreas Moser

Andreas Moser is an IT Security Researcher at the International Secure System Lab at the Vienna Technical University, Austria. He obtained a PhD in Computer Security and his main research topics are malicious code and underground economy infrastructure analysis.

Currently he is participating in the WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) project, where he implemented a system to track down malicious networks on the Internet.

Stephan Chenette

Stephan Chenette is a Principal Security Researcher for Websense Security Labs working on malcode detection techniques. Mr. Chenette specializes in research tools and next generation emerging threats. He has released public analyses on various vulnerabilities and malware.

Prior to joining Websense, Stephan was a security software engineer for 4 years working in research and product development at eEye Digital Security.

Chris Nickerson

Chris Nickerson is a (CISSP) whose main area of expertise is focused on Red Team Testing and Infosec Testing. In order to help companies better defend and protect their critical data and key information systems, he has created a blended methodology to assess, implement, and manage information security realistically and effectively. At Lares, Chris leads a team of security consultants who conduct Security Risk Assessments, which can cover everything from penetration testing, Application Testing and vulnerability assessments, to policy design, computer forensics, Social Engineering, Red Team Testing and regulatory compliance. Prior to starting Lares, Chris was Director of Security Services at Alternative Technology, a Sr. IT compliance at KPMG, Sr. Security Architect and Compliance Manager at Sprint Corporate Security, and developed an enterprise security design as network engineer for an international law firm. Chris is a member of OWASP, ISACA Denver and is also a featured member of TruTV's Tiger Team, a 30 minute reality television program showing the activities of actual Red Team tests and active assessments. Chris is also the co host of the Exotic liability Podcast.

Joseph McCray

Joe McCray has 8 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Joe is a frequent presenter at security conferences, and has taught the CISSP, CEH, CHFI, Security+, and Web Application Security at Johns Hopkins University (JHU), University of Maryland Baltimore College (UMBC), and several other technical training centers across the country.

Mitch Altman

Mitch Altman is a San Francisco-based hacker and inventor, best known for inventing TV-B-Gone remote controls, a keychain that turns off TVs in public places. He was a co-founder of 3ware (a Silicon Valley RAID controller company), did pioneering work in Virtual Reality at VPL Research, and created the Brain Machine, one of MAKE Magazine's most popular DIY projects. He contributes to MAKE Magazine, and for the last several years has been leading workshops around the world, teaching people to make cool things with microcontrollers and teaching everyone to solder. Mitch is a co-founder of Noisebridge, a San Francisco hacker space, and he is CEO of Cornfield Electronics.

Brian Honan

Brian Honan is recognised as an industry expert on information security and has addressed a number of major conferences relating to the management and securing of information technology such as RSA Europe, BruCON, Source Barcelona and numerous others. Brian is author of the book "ISO 27001 in a Windows Environment" ( and has also published a number of technical papers and has been technical editor and reviewer of a number of industry recognised publications. Brian is the European editor for the SANS Institute’s weekly SANS NewsBites, a semi-weekly electronic newsletter. Brian founded the Irish Reporting and Information Security Service (IRISS which is Ireland's first national CSIRT (Computer Security Incident Response Team). He is a member of the Information Systems Security Association, Irish Information Security Forum, Information Systems Audit and Control Association, a member of the Irish Computer Society,the Business Continuity Institute and was a founding member of the Irish Corporate Windows NT User Group.

Ryan Dewhurst

Ryan is a frontline security engineer working for the Integrated Security and Compliance Management specialists RandomStorm whilst continuing to study Ethical Hacking for Computer Security at a UK University. At RandomStorm Ryan is a member of the Security Research and Professional Security services team which involves him in resolving real-world security issues for a wide range of commercial and public sector organisations on a daily basis. Ryan specialises in Web application security and as a first year student he developed Damn Vulnerable Web App (DVWA), a tool now widely used by thousands of like minded security professionals and students to practice and hone their skills in a legal environment. A regular attendee and contributor at worldwide Web security forums Ryan is also a frequent speaker at the meetings of the Northern Chapter of the Open Web Application Security Project (OWASP). With the little remaining time he has, Ryan likes to stay up to date with the latest thinking in the Web security world and share his insights with his peers via his blog and Tweets that have attracted a growing band of regular followers.

Matias Madou

Matias Madou is principal security researcher at Fortify's Security Research Group, which is responsible for building security knowledge into Fortify's products. His work focuses on developing new techniques to detect vulnerabilities. Matias holds a Ph.D. in computer engineering from Ghent University, where he studied application security through program obfuscation to hide the inner workings of an application. During his Ph.D., he collaborated with top research and industry players in the field of program obfuscation.

Samy Kamkar

Samy Kamkar is best known for the Samy worm, the first XSS worm, infecting over one million users on MySpace in less than 24 hours. A co-founder of Fonality, Inc., an IP PBX company, Samy previously led the development of all top-level domain name server software and systems for Global Domains International (.ws).

In the past 10 years, Samy has focused on evolutionary and genetic algorithmic software development, Voice over IP software development, automated security and vulnerability research in network security, reverse engineering, and network gaming. When not strapped behind the Matrix, Samy can be found stunt driving and getting involved in local community service projects.