PTS2025

Adrian Tiron is a Co-Founder & Principal Pentester/Red Teamer at FORTBRIDGE with 20 years of experience in cybersecurity. He has a proven track record of success working with top companies in the UK, US, and Europe. As a dedicated researcher and blog author, Adrian has uncovered multiple critical vulnerabilities in open-source and commercial software, contributing significantly to improving online security.

8 years experience in operating academia FabLabs in engineering schools
3 different Labs managed (1 deeptech-oriented, 1 industry-oriented, 1 cyber-oriented)
VP of the Fab&co association for 4 years now
Actively engaged in promoting diversity in tech
Research focus: How to extend to the FabLab toolbox
Member of the Institute for Future technologies @DVHE
Currently running LabCyber, a FabLab focusing on hardware cybersecurity deployed by the PTCC

I am a PhD student in the Spirals team at Inria Lille. My main research focus is on microarchitectural side-channel vulnerabilities, how they manifest in software and how to find them.

Passionate about how systems work since my childhood and with an initial education in computer science, I gradually moved to the security of these systems and the electronic part of these equipments.Today, I work as a Cybersecurity Engineer in software and hardware reverse engineering at Quarkslab, where my daily work consists in disassembling equipments sent by our clients, then inspecting all their attack surfaces (hardware, radio, software, cloud). Then, we help our clients to find the best way to protect their systems and their equipments.

In this work, the part that seems to me the most interesting is the automation/instrumentation/hijacking part. It is fascinating to see how much it is possible to hijack a piece of equipment from its original purpose. This is even more impressive when we talk about physical equipment which has an impact on its environment.

I'm working on the cyber security domain since 2004.

After several years at the French ministry of Defense, I've founded two startups in the field of cryptography and I'm currently project manager at Quarkslab.
I spent most of my career designing systems and developping softwares related to vulnerability research and data processing.

I'm also a part time sound engineer in a recording studio.

Damien is a security researcher who joined Quarkslab in 202 . He discovered how wireless protocols can be fun to hack and created BtleJuice, one of the first Bluetooth Low Energy MitM framework (now almost dead) and BtleJack, a BLE swiss-army knife released in 2018. He has been working with Romain Cayre on a new wireless hacking framework called WHAD for more than two years, that has been released at DEF CON 32 in 2024.

Damien presented at various security conferences including DEF CON, Hack In Paris, Chaos Communication Camp, Chaos Communication Congress, BruCon, Hack.lu, SSTIC, and a dozen times at leHACK (formerly la Nuit du Hack), one of the oldest French hacking conference.

Eddie Billoir is a last year industrial PhD student with the Institut de Recherche en Informatique de Toulouse (IRIT) in France and Airbus Protect company. His research focuses on operating system access control, emphasizing the principle of least privilege. He is also the main contributor of RootAsRole project.

Florian Maury is a freelancer offering services as a software/system/security engineer and architect.
They also write a technical blog "Broken by Design" and host a podcast "Yakafokon" on Infrastructure as Code Security and DevSecOps practices.
In their spare time, Florian also contributes to free software, and they are an activist for animal rights.

Fred is a security researcher at Datadog, focusing on threat research. Fred is a fervent open source advocate and started his career by developing a digital forensics open source framework. He also worked at a CERT (Computer Emergency Response Team) dealing with threat intelligence and digital forensics and incident response and worked with cloud and container technologies. He is part of Botconf organization committee and active contributor of Yeti platform. He regularly speaks at conferences, publishes on new emerging threats and vulnerabilities and is one of Yeti maintainers.

Gaetan is a security researcher with a decade of experience uncovering software vulnerabilities. After establishing himself in offensive security in 2015, he transitioned to security research in 2022, bringing his hands-on expertise in application security. His track record includes uncovering significant vulnerabilities in enterprise-grade systems like Cisco Nexus and Apache HTTPD. Gaetan loves sharing his knowledge through blog posts, speaking at conferences, or hands-on security training sessions at universities and private organizations.
When not hunting for vulnerabilities, Gaetan can be found fishing on a river, playing chess, or on a judo mat.

Computer engineer, Pentester at Orange Cyberdefense, Lecturer at CPE Lyon, Founder of the blog "Le Guide Du Secops," Author for IT-Connect.fr.

Guillaume is a Cybersecurity Researcher at GitGuardian. He holds a PhD in networking. He likes looking at data and crafting packets. He co-maintains Scapy. And he still remembers what AT+MS=V34 means!

Holger is a long-time FOSS contributor. He is co-creator of the python testing tool "pytest", the PyPy project, and since about 10 years engaged in decentralized messaging research and development.
He is one of the co-creators of the Autocrypt and SecureJoin protocols, as well as one of the maintainers of the "Chatmail" project which explores new and more secure ways to run secure e-mail server networking.

Computer engineer since 1985 and in security since around 1995

Kévin Schouteeten is a pentester at Synacktiv in Paris. He is part of a team dedicated to offensive information security, having spent the last 16 years as a developer, malware analyst, and now focusing on penetration testing across a wide variety of technologies.

senior researcher at the Center for Internet and Society of the CNRS

Mahreen Khan is a first-year PhD researcher at Télécom Paris, IP Paris, specializing in microarchitectural security. Her research focuses on side-channel attacks, their impact on modern processor architectures, and potential mitigation strategies.

She completed her Master’s in Integrated Circuit Design in 2024 at Télécom Paris, where she specialized in VLSI, digital/analog IC design, and hardware security. She developed expertise in semiconductor design, low-power architectures, and microarchitecture.

Currently, she explores security vulnerabilities using architectural simulators like gem5, contributing to a deeper understanding of microarchitectural threats and defenses.

I am a Matrix expert working on the Tchap project for French Interministerial Directorate for Digital Affairs (DINUM).

cyberpunk is now. they/them

Olivier has been a pentester and occasional teacher for the last 8 years.
He loves Linux, and writing applications in Rust.

Pauline Bourmeau works at the intersection of artificial intelligence, human cognition, and information security.

She is the founder of Cubessa, where shet puts humans at the center of its research. With a diverse background including linguistics, programming, and criminology, she brings a unique perspective blending humanistic and technical approaches to analyze cyber threats and their evolution.

She is also involved in AI education and open-source projects, notably within the MISP community. Outside of her work, Pauline is a medal-winning para-climber and interested in projects that make AI more accessible.

Philippe is an engineer at Google in London. He is part of the TrustFabric team building and deploying software powering transparency ecosystems, where he's the tech lead for Certificate Transparency.

Raphael has worked in secure messaging for over a decade, contributing to the security and privacy of several messaging platforms. He is a co-author of the Messaging Layer Security (MLS) protocol and helped initiate the MIMI working group. As former Head of Security at Wire, he was part of the broader effort to improve platform trust and usability. He has also collaborated with NGOs to ensure secure messaging solutions are accessible and user-friendly. His work spans end-to-end encryption, secure conferencing, and cryptographic authentication.

Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.

Long-time member of the Arch Linux security team, Remi works at PowerDNS on DNSdist, an open-source DNS load-balancer.

Roger Ng is a software engineer at Google based in London, United Kingdom. He mainly works on Certificate Transparency and transparency logs in Google Open Source Security Team.

Dr. Romain Cayre (male), whose research work focuses on the identification, analysis and prevention of emerging threats related to the deployment of new wireless communication protocols and embedded systems for Internet of Things and Industry 4.0, with an interdisciplinary approach at the interface between signal processing, embedded electronics and security.

Sébastien Dudek is the founder of PentHertz, a consulting company that specializes in wireless and hardware security. He has a deep passion for identifying vulnerabilities in radio communication systems and has published research on mobile security, including baseband fuzzing, interception, mapping, and more. Additionally, his expertise extends to data transmission using power-line technology, encompassing domestic PLC plugs, electric cars, and charging stations. Sébastien also dedicates his efforts to practical attacks involving various technologies, such as Wi-Fi, RFID, and other wireless communication systems.

My name is Sihem Bouhenniche. I am currently pursuing a PhD. in cybersecurity at the University of Lille, with a focus on user privacy protection. My research centers around privacy and security issues related to mobile devices, particularly Android device fingerprinting.

I am also a member of the Spirals research team at Inria Lille. Before starting my PhD, I worked with the team for two years as a research engineer. During that time, I contributed to the development of amiunique.org, a popular browser fingerprinting platform that accounts around 2,000 visits per day.

I graduated from the Higher School of Computer Science of Algiers (ESI - Oued Smar) with both a Software Engineering degree and a Master’s degree. I also worked as a frontend developer at Ouedkniss.com, the largest e-commerce platform in Algeria, where I helped redesign the platform's interface and contributed to various new projects.

The authors of this talk have chosen to submit their work under a pseudonym.

Thibault is a research engineer working on distributed systems. He is focused on making emerging technologies interoperable with current web standards. At Cloudflare, he works on Privacy Pass, Key Transparency, and alternatives to CAPTCHA systems.

Developer & Pentester @ Synacktiv

Thomas Chopitea is a forensics investigator and engineer at Google (he used to do work in the CERT of a big financial institution, but he’s fine now). When he’s not writing code and hunting down bad guys, he enjoys poking malware with a long stick and reading up on threat intelligence processes. His long-term professional goal is to automate himself out of a job.

Vincent Lopes is a security engineer at Quarkslab, with a focus on embedded and hardware/software reverse-engineering

William manages the technical team behind AS197692 at Conostix S.A. in Luxembourg. He’s been working in cybersecurity using free and opensource software on a daily basis for more than 25 years. Recently, he presented his work on SSL/TLS toolkits at Nullcon 2025 in Goa. He contributed to the cleanup and enhancement efforts done on ssldump lately. He particularly enjoys tinkering with open (and not so open) hardware. Currently he likes playing around with new tools in the current ML scene, building, hopefully, useful systems for fun and, maybe, profit. When not behind an intelligent wannabe machine, he's doing analog music with his band of humans.

After studying electronics and computer architecture, Yves spent a decade developing embedded software, first in a small business, then at Airbus. He then moved on to the Airbus A350 design office to work on its security. There, he practiced supplier management, systems engineering, and security requirements for systems with critical, safety-related impacts. Since then he has worked on various topics related to security, from governance to formal proofs of security properties, in several industrial domains such as aeronautics, railway and automotive.
In his free time, he develops his side-project sslh, which helps evading firewalls, hiding network services, and performs various network plumbing tasks.