Security Fest 2024

Adhokshaj Mishra

Adhokshaj Mishra works as Security Research Lead – Detections and Threat Research specializing in Linux and MacOS platforms. His interest lies in offensive and defensive side of Linux malware research. He has been working on container specific attacks, and detections in his professional career. In his free time, he mostly researches about new offensive techniques in malware as well as applied cryptography. He loves speaking in security meetups and conferences; and has presented in various Null and OWASP chapter meetups, apart from other security events.

  • Breaking Container Boundary Using Side Channel Attack
Alexander Andersson

Alexander is a Principal Forensic Consultant at Truesec. Alexander has a background in red teaming and software development. Today, he spends most of his time providing incident response services to companies that have suffered from an attack. He has led hundreds of complex investigations into everything from full-scale ransomware attacks to zero-day exploits and APT campaigns. Whenever not in an active incident, Alexander spends time in research and development with a focus on both novel forensic techniques and offensive vulnerability research.

  • Demystifying Cloud Infrastructure Attacks
Anders Olsson

Anders Olsson is VMware VCDX #182, and has 15 years of experience designing and implementing VMware environments. Now he focuses on vSphere security, helping customers protect against Ransomware attacks and breaches, both proactively and in incident response cases.

  • Guardians of the Hypervisor: ESXi Ransomware Incident Response in Action
Anna Guetat

Anna Guetat is the Vice President of Data and Analytics at Recorded Future. With a Master's degree in Digital Media and Web Technology from Harvard University, Anna brings over 15 years of expertise in New Product Development, primarily in Data, Analytics, and AI. Her passion is focused on bridging the gap between humanity and technology.

Linkedin: https://www.linkedin.com/in/anna-guetat-5839a242/recent-activity/all/

  • Double-edged Sword - Exploring Offensive and Defensive AI Applications
Dan Tentler

Dan is the Executive Founder of Phobos Group, a boutique information security services and products company specializing in custom tailored assessment and engineering work. Having been on both red and blue teams, Dan brings a wealth of defensive and adversarial knowledge to bear on offensive, defensive or architectural concerns. Dan has spent time at Twitter, British Telecom, Websense, Anonymizer, Intuit and Sempra Energy, to name a few and has a strong background in systems, networking, architecture and wireless networks, translating to strengths in lateral movement, data exfiltration, hiding from the blue team, physical security and a variety of other red team techniques. Outside of work, Dan's cooking, FPV drones, making hot sauce and absurd home automation projects.

  • Adversarial Defenses: Beartrapping Linux Servers
Emil Trägårdh

My name is Emil Trägårdh and I’m a Swedish hacker, entrepreneur and Blueteamer. At the age of 14 I created my first botnet and some where in high school I hacked a small city. At the age of 20 I founded a web dev agency and four years later I did my first large scale government contract with the Swedish authorities. Some where in the middle I traveled the world with my family for a year and I no longer work as regular people. Instead I devote most of my time to security because its fun!
Let’s talk security =)

  • Hack the patch: and attack websites at large scale
Hrishikesh Somchatwar

Meet an esteemed cybersecurity expert and distinguished speaker who has graced prestigious stages such as c0c0n, Bsides Delhi 2019, Bsides Ahmedabad 2021, and HackFest Canada 2021. Despite an accepted village invitation at DefCamp Romania 2019 and 2023. Their insights have found a profound resonance with diverse audiences, cementing their status as a revered authority in the cybersecurity realm. Beyond the podium, this luminary author penned the acclaimed “Hacking the Physical World,” capturing readers’ attention on Amazon’s bestseller lists.

Venturing further into the intricate tapestry of technology and human narratives, they host the “StorytellingHacker” podcast. Here, they unravel the captivating intersection of storytelling and electronics hacking, sharing compelling tales and insights that bridge the gap between technology and human experiences.

  • Wheels of Wonder
Jim Manico

Jim Manico is the Founder of Manicode Security, a company dedicated to providing expert training in secure coding and security engineering to software developers. His work at Manicode Security reflects his deep commitment to elevating software security standards in the industry.

In addition to leading Manicode, Jim is actively involved in the tech startup ecosystem as an investor and advisor. His portfolio includes notable companies such as SemGrep, EdgeScan, Nucleus Security, Defect Dojo, KSOC, Akto, MergeBase, Inspectiv, Levo.ai, Pheonix, and Bearer. Furthermore, he is a fund limited investor with Aviso Ventures, bringing his extensive knowledge of software security to the venture capital domain.

Jim is a recognized figure in the software development community, particularly known for his contributions to secure software practices. He holds the esteemed title of a Java Champion, acknowledging his significant contributions to the Java community. His expertise in this field is further solidified by his authorship of "Iron-Clad Java: Building Secure Web Applications", published by Oracle Press.

Beyond his professional endeavors, Jim is committed to giving back to the community through his volunteer work with the OWASP foundation. He co-leads crucial projects such as the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series, contributing significantly to the field of web application security.

For more detailed insights into Jim Manico's professional journey and contributions, please visit his LinkedIn profile (https://www.linkedin.com/in/jmanico) or visit him on X/Twitter: @manicode (https://twitter.com/manicode).

  • The Abridged History of Application Security: Lessons and Progress over Six Decades
Melina Phillips

I am an Offensive Security Engineer with 10 years of IT experience and 6 years specifically focused on IT Security. As an Offensive Security Engineer, I leverage my expertise and passion for red teaming to identify vulnerabilities and develop effective strategies to protect my organization against cyber threats. I have spent a significant amount of my personal time expanding my skills and knowledge in several IT security areas. I also love CrossFit, country music, bbq and playing with makeup!

  • Hoedown Roundup: Wrangling Active Directory Misconfigurations, Texas Style!
Nicklas Keijser

Nicklas is a Threat Research Analyst, a role that involves much reverse engineering and looking into all things malware. Nicklas is also a subject matter expert in industrial control systems and anything related to its security. He started his career programming PLCs, SCADA systems, and almost anything else possible within the industry. Before joining Truesec, Nicklas worked at the Swedish National CERT in the Swedish Civil Contingencies Agency.

  • Guardians of the Hypervisor: ESXi Ransomware Incident Response in Action
Priyank Nigam

As a senior offensive security engineer @Microsoft, Priyank's primary areas of focus is conducting security exercises that emulate real-world threats impacting billions of users. He is well-known for his expertise in identifying high-impact vulnerabilities and has shared his research openly through various industry conferences.

His forte is web/mobile application security assessments, network penetration testing and secure source code reviews. In the past, he has advised Fortune 500 brands and startups and does mobile and IoT related research in his spare time.

As a new parent, he is now (re)learning hacking from his toddler who defeats all the "restrictions" to limit their mobility.

  • UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities.
Stephan Berger

Stephan Berger has worked in IT security for over ten years, now for over three years at the Swiss security company InfoGuard, where he leads the Incident Response Team. He is an active twitterer (@malmoeb), owns a Bachelor's in Computer Science and a Master's in Engineering, as well as various SANS certifications and the OSCP.

  • The Gist of Hundreds of Incident Response Cases
Szymon Chadam

IT Security Consultant at SecuRing. His key responsibilities are web and mobile application security testing. Throughout his career, Szymon has performed numerous penetration tests of critical infrastructure for a wide range of industries, such as banking, financial services, medical technologies, and telecommunications sectors. His main area of interest and expertise is Android application security. Occasional bug bounty hunter and university lecturer.

  • How (not) to implement secure digital identity - case study of Poland's Digital ID system