Speakers

Emanuele Barbeno Compass Security

Emanuele has 10 years of experience working in the area of IT security and he is an IT Security Analyst at Compass Security since 2019. As part of Compass Security's offensive security team, Emanuele conducts security analysis of web applications, external and internal networks, cloud infrastructures, as well as Android applications. Emanuele has responsibly disclosed vulnerabilities in different open source libraries and products, among others in products from Microsoft, Alibaba and others and is also responsible for giving various security-related trainings at Compass Security such as web application security and internal network with focus on the Active Directory security.

Talk: Now I See You: Pwning the Synology BC500 Camera

Yves Bieri Compass Security

Yves has studied Computer Science at the ETH Zurich and holds a Master in Information Security. He has been working as an IT Security Analyst at Compass Security since 2019. In his job, he performs security analysis of web applications, external networks, cloud infrastructures, as well as iOS applications. Additionally, he is a teacher for web application and Active Directory security trainings and has been presenting talks at security conferences. In his spare time, Yves plays CTFs focusing on binary exploitation. He has won the Defcon CTF as part of team MMM multiple times and is a Defcon black badge holder.

Talk: Now I See You: Pwning the Synology BC500 Camera

Federico Cerutti

Hey, I'm Federico/ceres-c, a PhD student in Brescia. I graduated in Computer Security at VUSec Amsterdam with a master thesis on Intel microcode voltage glitching and I like all things hardware and low level. My idea of a fun evening is two friends in front of an oscilloscope 🙂

Talk: Voltage Glitching Intel Microcode

Andrej Danis TU Wien

Andrej is a student of TU Wien finishing his Software Engineering & Internet Computing master studies. After graduating in 2019 with school director's recognition from Gymnasium on Grösslingová Street 18 (Grössling-Gasse 18 / Grössling-utca 18), a prestigious gymnasium (high school) with extended teaching of mathematics, he moved for his studies to Vienna. At TU Wien, his passion for cyber security awakened, and thus, he decided to focus his studies, including his bachelor's and diploma thesis, entirely on cyber security. Since 2022 he has been working at the Viennese Bosch Engineering branch as a Project Security Manager, where he joined his passion for automotive with the knowledge of cyber security gained from his university studies. Apart from studies and work, he likes joining hackathons and letting the creative engineering spirit out. He is a winner of the "Advanced Technology" prize at the Tourism Technology Festival, winner of 2 different challenges with two different projects at the Sustainista - Sustainable Blockchain Hackathon, winner of the MasterCard Most Ethical Hack Challenge at the StartHACK Hackathon, and a runner-up in the RBI OpenAPI Hackathon, Erste Group IT Hackathon, Resco MADHack Hackathon. In his free time, he works on various projects like hacking a car instrument cluster, setting up his hacking infrastructure, or tinkering with old game consoles.

Talk: Exploiting Smart TVs using the HbbTV Protocol

Robin Jadoul Cryptographic Engineer @ 3MI Labs

Robin holds a PhD in Engineering Science from COSIC, KU Leuven, doing research on privacy-enhancing technologies such as secure Multiparty Computation, Zero-Knowledge Proofs and Fully Homomorphic Encryption. He is working as a cryptography engineer at 3MI Labs, living on the line between more cryptographic research and applications thereof. Outside of research and work, he is also an avid CTF player with `organizers`, challenge author (for competitions such as CSAW, ICC and ECSC), and admin of Cryptohack.

Talk: How to prove that 42 is prime

Hiroki Matsukuma Middle Manager @ Cyber Defense Institute, Inc.

Hiroki MATSUKUMA is a middle manager at Cyber Defense Institute, Inc., where he leads reverse engineering section. His main areas of interests involve vulnerability research and exploit development. 'House of Einherjar', a GLibc heap exploitation technique used in CTFs, is one of his works.

Talk: Unawakened Wakeup: A New PHP Object Injection Technique for __wakeup() Bypass