Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch.

In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 7th year, SyScan is one of the most recognised security conference in the security community.

As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of "BluePill" - the first hardware based VM rootkit back in 2006.

Wayne is the Founder to Armorize Technologies and is a highly experienced security expert having an extensive knowledge in information, network, and software security. He is internationally known for his expertise in Web application security and has published many well-cited papers in top conferences and journals (ACM/IEEE) worldwide. He is a frequent speaker in global security conferences, including RSA, OWASP, ZendPHP, WWW, DSN, ISSRE, and HITCon. Wayne is currently a member of the OWASP Conferences committee and chairs the OWASP Taiwan Chapter.

During his PhD program at EE, National Taiwan University, Wayne received Microsoft Fellowship from Microsoft Research Asia for his outstanding security research.

Wayne is the first author of two award-winning papers in the International World Wide Web (WWW, jointly held by W3C and ACM) Conferences (2003, 2004), and co-author of Security in the 21st Century, chapter “Web Application Security – Past, Present, and Future.” (Springer-Verlag).

The Founder and CTO of Immunity, Dave Aitel, was a consultant with @stake and a research scientist with the National Security Agency. Dave's background lies in Linux and Unix systems. His focus changed to Windows exploitation after founding Immunity, and in more recent years has expanded to include web applications and engine development for CANVAS such as MOSDEF, the engine's C compiler. Dave continues to write CANVAS exploits and conduct security research while leading the technical team and product and service direction at Immunity. He oversees all technical projects at Immunity.

Ben Nagy is a security researcher with COSEINC, currently working out of Kuala Lumpur. For the past few months he has been working full time in the guts of the Word 2007 Binary Format and integrating the results into Metafuzz, his ruby-based fuzzing framework. Previously working on liver destruction with eEye in Geneva and Bangkok, Ben has written whitepapers on a number of subjects and presented at several conferences in Europe (Infosecurity in London) and Asia (Ruxcon). These papers include:

• "SEH security changes in XPSP2"
• "Generic Anti-Exploitation Technology for Windows"

Charlie Miller: Pwn2Own winner 2008, 2009. Popular Mechanics top 10 hackers 2008. Previous publications/presentations:

• "The Mac Hacker's Handbook", with Dino Dai Zovi, ISBN-13: 978-0470395363, Wiley, March 2009.
• "Fuzzing for Software Security Testing and Quality Assurance", Ari Takanen, Jared DeMott, Charles Miller, ISBN-13 9781596932142, Artech House, June 2008.
• "Open Source Fuzzing Tools", with Noam Rathaus, Gadi Evron, Charles Miller, ISBN-13 978-1597491952, Syngress, Aug 2007.
• "Fun and Games Using In-Memory Execution on Mac OS X and iPhone", with Vincenzo Iozzo, to be presented at BlackHat Europe 2009.
• "Hacking Macs for Fun and Profit", with Dino Dai Zovi, presented at CanSecWest 2009
• "Hacking and Securing iPhones", presented at InfoSec World 2009
• "Pulling a John Connor, Defeating Android", presented at Shmoocon 2009
• "iPwning the iPhone", presented at Hack in the Box Malaysia 2008.
• "Owning the Fanboys: Hacking Mac OS X", presented at BH Japan 2008.
• "Iron chef: Fuzzing Challenge", with Brian Chess and Jacob West, presented at BH USA 2008
• "Engineering Heap Overflow Exploits with JavaScript", with Jake Honoroff and Mark Daniel, presented at WOOT, USENIX 2008.
• "Adventures in Disclosure: Inside the Legal Exploit Sales Market", presented at AuCert 2008
• "Virtual Worlds - Real Exploits", Charles Miller, Network Security, April 2008. ISSN: 1353-4858.
• "Breaking Security Systems: From Vulnerability Discovery to Disclosure", presented at RSA 2008
• "Fuzz by Number", presented at CanSecWest 2008
• "Virtual Worlds - Real Exploits", with Dino Dai Zovi, presented at ShmooCon 2008
• "Fuzzing with Code Coverage by Example", presented at Toorcon 2007
• "Real World Fuzzing", presented at Toorcon 2007
• "How Smart is Intelligent Fuzzing - or - How Stupid is Dumb Fuzzing?", presented at DEFCON 2007
• "Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X", presented at Black Hat USA 2007

Justine Osborne is a Security Consultant for iSEC Partners, an information security organization. At iSEC, Justine specializes in application security, focusing on web application penetration testing, code review, and secure coding guidelines. She also performs independent security research, and has presented at security conferences such as Blackhat, Defcon and DeepSec. Her research interests include emerging web application technologies, dynamic vulnerability assessment tools, Rich Internet Applications (RIA), and mobile device security.

Jeremy (aka Birdman) has more than ten years of experience with host-based security, focusing on kernel technologies for both the Win32 and Linux platforms. In early 2001 he was investigated and subsequently held prison by Taiwan Criminal Investigation Bureau for creating Taiwan’s first widespread trojan BirdSPY. The court dropped charges after Jeremy committed to allocate part of his future time to assist Taiwan law enforcement in digital forensics and incidence response. Jeremy specializes in rootkit/backdoor design. He has been contracted by military organizations to deliver military-grade implementations. Jeremy also specializes in reverse engineering and malware analysis, and has been contracted by law enforcements to assist in forensics operations.

Jeremy is a sought-after speaker for topics related to security, kernel programming, and object-oriented design; in addition to frequently speaking at security conferences, Jeremy is also a contract trainer for militaries, law enforcements, intelligence organizations, and conferences like Hacks In Taiwan. In 2005, Jeremy founded X-Solve Inc. and successfully developed forensics and anti-malware products Archon and MTDS, which both received good market adoption. In July 2007, X-Solve was acquired by Armorize Technologies and Jeremy helped Armorize launch a new product line Protector, which remotely detects Web malware and informs website owners. Jeremy regularly speaks at top security conferences including OWASP, SyScan and HTCIA.

Fyodor Yarochkin is a security analyst for GuardInfo. He is a frequent speaker at international security conferences, including BlackHat 2001 HK, BlackHat 2001 Singapore, BlackHat 2002, Ruxcon 2003, XCon 2003 / 2006, HITB 2004 and 2005, SyScan 2005, Bellua 2005, HITCon 2006 / 2007, and VNSecurity 2007, SyScan TW 2008, OWASP Asia 2008, Deepsec 2008, Coscup 2008.

He has also published many well-cited papers on top security conferences and magazines, including Usenix and Phrack Magazine. Fyodor is an early developer to snort, maintainer of the snort FAQ, and founder to Xprobe. Fyodor has a MS degree in computer science from Kyrgyz Russian Slavic University and is current under his PhD program at EE, National Taiwan University.

Cédric has been working for 7 years in network security field, performing audits and penetration tests. In 2004, he joined EADS Innovation Works and now runs the Computer Security Research Lab in Suresnes, France. His research focuses on network security, wireless links and protocols security, Wi-Fi in particular. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He had delivered technical resentations and trainings worldwide, written papers and articles on network security and wrote Wi-Fi traffic injection tool Wifitap. Cédric's website: http://sid.rstack.org/

Lukas Grunwald is the CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany) a globally acting consulting firm working mainly in the field of security solutions for enterprises and federal governments in europe and asia.

He is also the head of the Hacking Lab where new technology is evaluated. Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, forensic analysis, audits and active networking.

Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively at serveral conferences all over the world.

Mr. Grunwald is co-author of RFDump an RFID attack and audit tool, that is free software and got some attention for the firsttime clone and attack the ePassport live at BlackHat, Mr. Grunwald spoke at many international security conferences.

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the german web application company SektionEins GmbH that he co-founded.

Marc Schönefeld started his IT career in the early 80s with a C64, a datasette and a 6502 book from Rodney Zaks. After a university detour and a degree showing that he is able to arbitrarily mix business administration with IT, he returned to core IT. There he focussed on security research and presents on major internal conferences since 2002, focussing on JDK and JEE security. He discovered major security flaws in OpenOffice, JEE application servers (Glassfish, JBoss, Geronimo), and Sun and OpenJDK Java distributions.

After being in the banking IT sector for over 10 years, since 2007 he joined a operating system vendor, working on security testing and response tasks. In his free-time he chases his dogs, looks for the best chow mein in the world, tortures his Wii, explores the endless world of free software and listens to Ennio Morricone's music.