pts2024

Aaron is the technical lead of the Let's Encrypt software development team, which builds the CA's validation and issuance software. His work both with ISRG and previously with the Chromium Project is focused on making the web a better place through open source initiatives.

One day while playing a CTF I thought "hey, this decompiler could be done better".

I like C++, LLVM, binaries, Free Software and privacy.

During my dark academia years I presented at USENIX, DEF CON and several other compilers/computer security conferences.

I'm the co-founder of rev.ng Labs, the company developing the rev.ng decompiler.
My activities include overseeing the overall design and maintaining the first half of the decompilation pipeline.

Enjoy when human are using machines in unexpected ways. I break stuff and I do stuff.

Damien Cauquil works as Security Engineer at Quarkslab, with a focus on embedded and wireless security and hardware/software reverse-engineering.

David Szili is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. He has more than ten years of professional experience in various areas like penetration testing, red teaming, security monitoring, security architecture design, incident response, digital forensics, and software development. David has two master's degrees, one in computer engineering and one in networks and telecommunication, and he has a bachelor's degree in electrical engineering. He holds several IT security certifications, such as GSE, GSEC, GCFE, GCED, GCIA, GCIH, GCFR, GMON, GCTD, GCDA, GNFA, GPYC, GMOB, GMLE, GAWN, CCSK, OSCP, OSWP, CAWASP, CRTP, BTL1, and CEH.

He is also a certified instructor at SANS Institute, teaching FOR572: Advanced Network Forensics and FOR509: Enterprise Cloud Forensics and Incident Response, and he is the lead author of SANS DFIR NetWars. David regularly speaks at international conferences like BruCON, Hack.lu, Hacktivity, x33fcon, Nuit du Hack, BSides London, BSides Munich, BSides Stuttgart, BSidesLjubljana, BSidesBUD, BSides Luxembourg, Pass the SALT, Black Alps, Security Session, Future Soldier, SANS @Night Talks, Meetups, and he is a former member of the organizer team of the Security BSides Luxembourg conference.

I am a PhD student at SEEMOO, Darmstadt. Main focus is on low-level / hardware security, including previous research on driver layer in iOS & macOS and physical fault injection.

Always been taking things (including software) apart, looking inside and tinkering with electronics. So both the hacker mindset, as well as my love for everything hardware-related come naturally.

Edouard is a Senior Security Engineer at Datadog, with a background in both security and software engineering. He enjoy working in large-scale infrastructure and distributed systems. He currently work as part of Datadog's Offensive Security team that is focused on building automation tools to enable proactive and continuous security assessments of the company's large-scale, cloud-first infrastructure.
Always up for a challenge and with a passion for information security, Edouard enjoys staying up to date on the latest security topics while pushing for stronger and more robust security tooling.

Éric Leblond is the co-founder and chief technology officer (CTO) at Stamus Networks. He sits on the board of directors at Open Network Security Foundation (OISF). Éric has more than 15 years of experience as co-founder and technologist of cybersecurity software companies and is an active member of the security and open-source communities. He has worked on the development of Suricata – the open-source network threat detection engine – since 2009 and is part of the Netfilter Core team, responsible for the Linux kernel's firewall layer. Eric is a respected expert and speaker on all things network security.

Éric resides in Escalles, France.

Eva Szilagyi is a principal consultant at Alzette Information Security, an information security consulting company based in Europe. She has more than ten years of professional experience in various areas like penetration testing, security source code review, vulnerability management, digital forensics, IT auditing, telecommunication networks, and security research. Eva has two master's degrees in electrical engineering and in networks and telecommunication. She holds several IT security certifications, such as GSEC, GICSP, GCFE, GCIH, GCFA, GMON, GRID, GSSP-JAVA, GWAPT, GDSA, GCDA, GMOB, GMLE, CDP, CCSK, eCIR, eWPT, and eJPT.

Eva regularly speaks at international conferences like BruCON, Hack.lu, Nuit du Hack, Hacktivity, Black Alps, BlackHoodie, BSides London, BSides Munich, BSidesBUD, BSides Stuttgart, Pass the SALT, Security Session, SANS @Night Talks, and she is a former member of the organizer team of the Security BSides Luxembourg conference.

I’m Fabrice, R&D Engineer at XWiki, working on CryptPad.

Before that I came from academia, doing my PhD at École Normale Supérieure de Lyon on privacy-enhancing cryptographic constructions before moving my research toward post-quantum cryptography at IIT Madras (India) and PQShield (UK). Now I’m working on developing CryptPad and improving its security.

PhD Student at Hornet Security

Julien Terriac a French senior security researcher with a strong background of pentesting with a special taste for Windows authentication, Active Directory inner working and reverse engineering. He developed several offensive tools to automate such as ProtonPack, Lycos, ExploitPack, IAMBuster.

He led the R&D department at XMCO for 5 years before joining Datadog as the Team Lead for Adversary Simulation Engineering (ASE) where his team aims at building offensive tools and frameworks that will automate the simulation of real life attacks against Datadog.

Julio is an R&D engineer at Quarkslab, with a focus on cryptography.

Hi, I'm Kévin Schouteeten, a pentester at Synacktiv, a French company dedicated to offensive information security. Over the last 16 years (yes, I'm old), I've had multiple careers, first as a developer, then as a malware analyst, and now as a penetration tester. Since joining Synacktiv, I've been able to work with a wide variety of technologies, but this latest discovery regarding Azure environments and Kubernetes has pushed me to prepare this talk.

Mickaël Salaün is a kernel developer and open source enthusiast. He is mainly interested in Linux-based operating systems, especially from a security point of view. He has built security sandboxes before hacking into the kernel on a new LSM called Landlock, of which he is now the maintainer. He previously worked for the French national cybersecurity agency (ANSSI) on systems hardening. He is currently employed by Microsoft to work on Linux-related security projects.

Hi, I'm Paul Barbé, a pentester and red team operator at Synacktiv, a French firm dedicated to offensive information security. Over the last 4 years, I have participated in a wide variety of offensive assessments, which has led me to develop an interest in cloud technologies. I share the knowledge I've gained about these technologies by serving as a trainer for our clients and student clubs.

I have published some advisories in the past, such as https://www.synacktiv.com/sites/default/files/2023-02/Advisory_Oracle_APS_JAPI_Lack_Access_Control_2021.pdf or https://www.synacktiv.com/sites/default/files/2023-06/synacktiv-ucopia-multiple-vulnerabilities-2022.pdf. This will be my first time sharing my research with the community, and I am both excited and hopeful to present my findings at the conference.

With a background in criminology and software engineering, Pauline harbors a strong passion for linguistics, for which she was trained at the University of Sorbonne. She leads Cubessa, where her work focuses on the intersection of AI, human cognition, and cybersecurity. With her unique linguistics-based perspective, she brings innovative insights into the development of AI systems and their role in cybersecurity. More than just a technical contributor, Pauline is a fervent advocate for AI education and actively involved in open-source projects. Her commitment extends to conducting hardware security training sessions and participating in the MISP community. Additionally, she co-founded the DEFCON group in Paris.

Previously working as a Senior Threat Intelligence analyst, she continues to dedicate her work to the field of human-centered security, an approach that emphasizes the human aspect in cybersecurity and focuses on understanding how human behavior interacts with and affects security systems.

Peter is an engineer working as open source evangelist at Balabit (a One Identity business), the company that developed syslog-ng. He assists distributions to maintain the syslog-ng package, follows bug trackers, helps users and talks regularly about sudo and syslog-ng at conferences (SCALE, All Things Open, FOSDEM, LOADays, and others). In his limited free time he is interested in non-x86 architectures, and works on one of his PPC or ARM machines.

Philippe is an engineer at Google in London. He is part of the TrustFabric team building and deploying software powering transparency ecosystems, where he's the tech lead for Certificate Transparency.

Senior cybersecurity and R&D engineer at Quarkslab since 2023. Previously cybersecurity engineer at ESA, NATO and DGA.
Author of open-source projects oletools, ViperMonkey, olefile, balbuzard and exefilter.

After having passed almost a decade working as an incident responder for a big European Institution I recently joined CIRCL as a developer. My development projects focus on endpoint monitoring and threat detection, mostly to provide open-source alternatives to paid solutions.

Topics of interest: programming, detection engineering, threat-hunting, bug hunting (when I have time)

Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.

CyberSecurity dinosaur.
Former speaker at BlackHat, CanSecWest, IT Underground, etc.
Owner of @XssPayloads
Founder of ParaCyberBellum (paracyberbellum.io) project.

A lecturer and researcher at ESIEA and an independent consultant in Threat Intelligence, he contributes to numerous open source projects such as MISP and Yeti. He is also the author of numerous articles, an international speaker and lecturer on malware analysis, digital forensics and Cyber Threat Intelligence at ESIEA, and co-author of the book "Cybersécurité et Malwares Détection, analyse et Threat Intelligence (4e édition)".

I'm a security researcher at Quarkslab.

Security expert, founder at StalkPhish, CERT analyst. I do tools, investigations, awareness, I try to help protect. Co-orga of 'feu' Hackito Ergo Sum and other stuff.

Cryptography software engineer

Thomas has been a DFIR practitioner for 10+ years. He's currently a Security Engineer in the DFIR team at Google who loves running towards the proverbial cyber fires. He enjoys detective work and poking malware with a long stick, and has given talks about DFIR, malware analysis, and threat intelligence at many conferences throughout Europe and the US.

Dr. Tommaso Gagliardoni is a mathematician, cryptographer, and privacy advocate. He published influential peer-reviewed papers in the areas of cryptography, quantum computing, security, and privacy, and spoke at many international conferences in these fields. Additionally, he has a background in privacy hacktivism, investigative journalism, and ethical hacking, and being a strong advocate of the FOSS philosophy and digital freedoms. Tommaso obtained a PhD in cryptography at the Technical University of Darmstadt, Germany. He worked at IBM Research before joining Kudelski Security in 2019, where he is currently technical lead for the initiatives in quantum security and advanced cryptography.

Developer & Pentest @ Synacktiv

Xavier Mertens is a freelance security consultant running his own company based in Belgium (Xameco). With 15+ years of experience in information security, Xavier finds “blue team” activities more attractive. Therefore, his day job focuses on protecting his customers' assets by providing services like incident handling, malware analysis, forensic investigations, log management, security visualization, and OSINT). Besides his day job, Xavier is also a Senior Handler at the SANS Internet Storm Center, Certified SANS Instructor (FOR610/FOR710), security blogger and co-organizer of the BruCON security conference.