Paul Craig is a security consultant at New Zealand based security-assessment.com. He is active in the security research community and has published several books on the topic of internet security. Paul co-authored the best selling Stealing the Network, How To Own The Box and Stealing the Network: How to Own A continent from Syngress publishing.

Angelo Rosiello was born in Italy. He is graduated in computer science engineering and at the moment he's attending the specialization in information technologies. Angelo Rosiello is the founder of Rosiello Security Group, Obsidis security magazine and the author of many articles about ICT security.

Released Papers:

• "UDP Remote Controls", 2003
• "UDP Controlli remoti", HackerJournal 27 - 2003
• "Stack Overflow & Simplesem", 2003
• "La goccia che fa traboccare il vaso", HackerJournal 32 (pag. 29-31) - 2003
• "The Basics of Shellcoding", 2004
• "Shellcoding", HackerJournal 37 (pag. 29-31) - 2003
• "Forse siamo spiati e non lo sappiamo", HackerJournal 49 (pag. 26-27) - 2004
• "Shadow Software Attack", 2004
• "ARC: a Synchronous stream cipher from hash functions", 2005

Angelo won the "Information Security Writers" contest of July 2004 with the article "Shadow Software Attack". During these years he discovered many security vulnerabilities such as the (http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1) and many exploits such as: MDaemon Exploit - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1200 Xscreensaver Exploit - http://www.rosiello.org/archivio/xscreen.c PSO Proxy Remote Exploit - http://www.rosiello.org/archivio/psoproxy-exploit.c SoX Exploit - http://www.rosiello.org/archivio/sox-exploiter.c FreeBSD imap4d exploit - http://www.rosiello.org/archivio/imap4d_FreeBSD_exploit.c

Angelo Rosiello is the project admin of: Kryptor - http://freshmeat.net/projects/kryptor/ (In the Top ten tools list of astalavista.com) RPM Finder - http://freshmeat.net/projects/rpf/ Extreme FTPd - http://freshmeat.net/projects/ftpd/ Udp Remote Controls - http://www.rosiello.org/modules/mydownloads/singlefile.php?cid=2&lid=3 Proxy Scanner & Validity Checker 2.0- http://www.astalavista.com/index.php?section=directory&id=56

Andrew Griffiths has been involved in computer security for approximately 5 years. During these 5 years, he has presented twice at Ruxon (2003 and 2005) and has presented at Recon (2005), about heap exploitation, format strings, and binary protection / reverse engineering. Additionally, Andrew has wrote an article for Phrack about a bug class, and an article for CodeBreakers Journal about binary protection under Linux.

Amongst other things, Andrew is a staff member for Ruxcon, helps run PullthePlug.

Hendrik Scholz is a lead VoIP developer and systems engineer at Freenet Cityline GmbH in Kiel, Germany.While studying and working in Kiel (Germany), Melbourne (Australia), Atlanta (Ga, USA) and Orlando (Fl, USA) he contributed to FreeBSD and specialized on networking security issues. Nowadays the average work day consists of a healthy mix of design, development and debugging. Having access to all sorts of VoIP devices hacking on those became a spare time passion.

Publications include various presentations as well as additions to the SIP Express Router (SE SER,available at iptel.org). Some publications are available at http://www.wormulon.net/publications/

Nishchal Bhalla, the Founder of Security Compass, is a specialist in product, code, web application, host and network reviews.

Nish has coauthored "Buffer Overflow Attacks: Detect, Exploit & Prevent" and is a contributing author for "Windows XP Professional Security", "HackNotes: Network Security", "Writing Security Tools and Exploits" and "Hacking Exposed: Web Applications, 2nd Edition". Nish has also been involved in the open source projects such as YASSP and OWASP, and is the chair of the Toronto Chapter. He has also written articles for securityfocus and also spoken at web seminars for Global Knowledge and University of Florida.

He is a frequent speaker on emerging security issues. He has spoke at reputed Security Conferences such as at "Reverse Engineering Conference 2005" in Montreal, the "HackInTheBox 2005" in Malaysia and "ISC2's Infosec Conference" in Las Vegas and New York. He also has created and taught the Exploiting & Defending Classes for Security Compass. Some of the upcoming conferences (2006) he is going to be speaking at are "ISC2's Infosec Conference" in DC/Toronto, CSI's NetSec conference in Arizona and Dallascon.

Prior to joining Security Compass, Nish was a Principal Consultant at Foundstone, where he performed numerous security reviews (Web Application / Code ) for major software companies, online banking and trading & e-commerce sites. He also helped develop and teach the "Secure Coding" class, the Ultimate Hacking, Ultimate Web Hacking and Ultimate Hacking Expert classes. Prior to working at Foundstone, Nish provided engineering and security consulting services as an independent consultant to a variety of organizations including Sun Microsystems, Lucent Technologies, TD Waterhouse & The Axa Group.

Nish holds his Masters in Parallel Processing from Sheffield University, is a post graduate in Finance from Strathclyde University and a Bachelor in Commerce from Bangalore University.

Barnaby Jack is a Senior Research Engineer at eEye Digital Security. His role at eEye involves developing internal technologies, malicious code analysis, vulnerability research and applying this research to the eEye product line. His main areas of interest include reverse engineering and operating system internals. He has been credited with the discovery of numerous security vulnerabilities, and has published multiple papers on new exploitation methods and techniques.

Andre Derek Protas is a researcher with an academic background. He holds dual BS degrees in Computer Science and Criminal Justice, as well as being enrolled for a Masters Certificate in Information Assurance from the National Defense University.

Mr. Protas is heavily involved in both the academic and industry-specific communities for information security including IEEE, ACM, USENIX, and LISTA. Mr. Protas also possesses a limited law enforcement history by working with the DOD DCIS as well as the Texas Alcoholic Beverage Commission. Mr. Protas also participates in the Los Angeles and Dallas chapters of the FBI's InfraGard organization, a federally-funded organization dedicated to being the liaison between law enforcement and civilian communities regarding the protection of the national infrastructure.

Mr. Protas has performed security assessments for financial institutions across the Dallas-Fort Worth Metroplex as well as for a Fortune 100 company located in Dallas. Mr. Protas brings with him the technical history from his education and personal research, as well as the high-level insight that he has gained by working with multiple enterprise level production environments.

Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle anti-hacker trainings and gave various presentations on security conferences like Blackhat, Bluehat, IT Underground.

Alexander Kornbrust has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander has found over 220 security bugs in different Oracle products.

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems in Mannheim, Germany. There he teaches besides "system administration" also more interesting courses like the "hacking lab", a half year long CTF-style course.

Thorsten is one of the founders of the German Honeynet Project. His work there concentrates currently on bots and botnets. He is one of the authors of the "Know Your Enemy: Tracking Botnets" paper and has also published some other papers in this area, e.g., at SecurityFocus and various academic conferences / magazines. Besides this, he is also interested in other areas of IT security, e.g., phishing, web application (in ) securities, or exploitation techniques.

He gave talks and trainings at various conferences. CanSecWest / EuSec / PacSec, Black Hat, CCC, and various other (academic) conferences are examples. Moreover, he is the editor-in-chief of the German IT security magazine MISC. You can find his blog at http://honeyblog.org A list of publications and talks is available at http://pi1.informatik.uni-mannheim.de/staff/home/holz

Alexander Sotirov has been involved in computer security since 1998, when he became one of the editors of Phreedom Magazine, a Bulgarian underground technical publication. For the past nine years he has been working on reverse engineering, exploit code development and research in automated source code auditing. His most well-known work is the development of highly reliable exploits for Apache/mod_ssl, ProFTPd and Windows ASN.1. He graduated with a Master's degree in computer science in 2005. His current job is as a reverse engineer on the security research team at Determina Inc, a HIPS startup in Redwood City, CA.

Marek Bialoglowy is an IT Security Researcher and Consultant from Poland (currently living in Indonesia) who among other areas actively researches mobile related technologies i.e. Bluetooth, Wi-Fi.

Enrique Sanchez is a Security Consultant based in Mexico, he constantly develops and researches new techniques on logical security while he delivers pentestings, education, risk analisis and strategy for companies such as Tipping Point LatinAmerica, 3Com, Mayan Resorts, Arknus, sm4rt, and other companies in general.

He was the first to develop an steganographic virus which was presented in g-con I in Mexico City and has imparted courses in all europe on ethical hacking while working with Defcom (now symantec) in the sweden and then the spanish office as the CTO of the latest one.

Currently he owns Yaguarete Security, company dedicated to research and ethical hacking and works on projects such as computadora.de, APenFra, and others.

Joachim De Zutter is a university student who has released multiple advisories to the bugtraq mailing list before switching to non-disclosure. Joachim has been involved in freelance security work, reverse engineering (burneye), low-level coding, exploit development, codebreaking and some kernel module experiments on windows and linux operating systems.

In his presentation on feedback fuzzing, a feedback loop between the internal state and jump decisions of the cpu - as given by the emulator Bochs - and the fuzzer will be investigated as a means of efficiently enumerating all possible execution paths potentially leading to exploitable bugs in IA-32 programs and/or the underlying operating system.

Joanna Rutkowska has been involved in computer security research for several years. She has been fascinated by the internals of operating systems since she was in primary school and started learning x86 assembler on MS-DOS. Soon after she switched to Linux world, got involved with some system and kernel programming, focusing on exploit development for both Linux and Windows x86 systems.

A couple of years ago she has gotten very interested in stealth technology as used by malware and attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels. She now focuses on both detecting this kind of activity and on developing and testing new offensive techniques.

She currently works as a security researcher for COSEINC, a Singapore based IT security company.