Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch.

In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 7th year, SyScan is one of the most recognised security conference in the security community.

As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of "BluePill" - the first hardware based VM rootkit back in 2006.

Nguyen Anh Quynh is a security researcher with multiple interests: operating system, virtualization, trusted computing, digital forensic, intrusion detection, malware analysis and vulnerability. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio University, Japan. He is also a member of VnSecurity, a pioneer security research group in Vietnam.

Matthieu Suiche is a security researcher who focuses on reverse code engineering and volatile memory analysis. His previous researches/utilities include Windows hibernation file, Windows physical memory acquisition (Win32dd/Win64dd) and Mac OS X Physical Memory Analysis. Matthieu has been a speaker during various security conferences such as PacSec, BlackHat USA, EUROPOL High Tech Crime Meeting, Shakacon etc.

Prior to starting in 2010 MoonSols, a computer security and kernel code consulting and software company based in France, Matthieu worked for companies such as E.A.D.S. (European Aeronautic Defence and Space Company) and the Netherlands Forensics Institute of the Dutch Ministry of Justice.

Isaac Dawson has been in the security consulting industry for nine years prior to contracting at Veracode as a security researcher. He has conducted hundreds of application penetration tests while working at @stake and subsequently Symantec Consulting. Shortly after @stake was purchased he released a paper on exploiting Blind Buffer Overflows in ISAPI extensions[1] which was featured on SecurityFocus. Late in 2005 he relocated to Japan and helped build the Symantec Japan security consulting team. Since relocating, he has done extensive application testing work for a large cellular operator. One such assessment was of a mobile browser implementation, from then on he has enjoyed learning and attempting to break various browsers.

Long Le, CISA, is a security manager at one of the largest software outsourcing companies in Vietnam. He has been actively involved in computer security for more than 10 years since he and his friends founded the pioneer Vietnamese security research group VNSECURITY (http://vnsecurity.net).

Described as neither a researcher nor a hacker, he loves playing wargames and Capture-The-Flag with the CLGT team in his spare time. In 2007 he was an organizing and technical committee member of VNSECON -the first international security conference in VN.

Udi Shamir is a Senior Researcher with the Advanced Malware Labs of COSEINC. His work in the company includes research into Rootkits, Operating Systems, Virtualization Security and Kernel Hacking.

A few of his projects includes:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).

Gallagher - Tom Gallagher has been intrigued with both physical and computer security from a young age. He is currently the lead of the Microsoft Office Security Test team. Tom co-authored the Microsoft Press title "Hunting Security Bugs" and has presented at OWASP (Seattle), Black Hat, CanSecWest, and the TechEd conferences.

Conger - David Conger started at Microsoft in 2005 after graduating from the University of Puget Sound. He is a Software Development Engineer in Test II on the Microsoft Access team and built DFF as a way to better utilize his teams resources for fuzzing.

List of presentations/publications:

Tom Gallagher

• Book:
  • "Hunting Security Bugs", Tom Gallagher, Bryan Jeffries, and Lawrence Landauer, Microsoft Press, October 2006
• Presentations:
  • Cansecwest 2010 "Under the Kimono of Office Security Engineering", March 2010
  • BlueHat v9 "Under the Kimono of Office Security Engineering", October 2009
  • UNC Charlotte Fall 2009 Cyber Security Symposium "Under the Kimono of Office Security Engineering", October 2009
  • UNC Charlotte Fall 2008 Cyber Security Symposium "Hunting Security Bugs with Fuzz Testing", October 2008
  • TechEd USA 2008 "Making Security Testing Part of Everyday Development", June 2008
  • OWASP Seattle "Hunting Security Bugs in your Code", November 2007
  • UNC Charlotte Fall 2007 Cyber Security Symposium "Hunting Security Bugs in Your Software", October 2007
  • BlackHat USA 2006 "Finding and Preventing Cross-Site Request Forgery", August 2006

David Conger

• Cansecwest 2010 "Under the Kimono of Office Security Engineering", March 2010
• BlueHat v9 "Under the Kimono of Office Security Engineering", October 2009

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq’s professional career has included Fortune 100 companies, leading information security firms and innovative start-ups.

Currently living in Thailand, the Grugq works as a senior security researcher for COSEINC. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

• pioneered anti-forensics
• developed "userland exec"
• released voip attack software
• decade of experience in info sec
• long term liaison w/ digital underground
• described as "extremely handsome" [by his mom]
• 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.

Ben Nagy is a senior security researcher with COSEINC, and recently moved from Kuala Lumpur to hack with a view of the mountains in Kathmandu. For over a year he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office. Previously working on liver destruction with eEye in Geneva and Bangkok, he has written whitepapers on a number of subjects and presented at conferences in Europe, Asia and Australia. Ben is probably that guy over there drinking beer and talking about Ruby.

List of publications and papers published previously:

• SQL Injection - Are your web applications vulnerable? (Kevin Spett - SPI Dynamics)
• Advanced SQL Injection in SQL Server Applications (Chris Anley - Next Generation Security Software)
• Blindfolded SQL Injection (Ofer Maor, Amichai Shulman - Imperva)
• Advanced SQL Injection (Victor Chapela - Sm4rt Security Services)
• SQL Injection Attacks by Example (Steve Friedl - Unixwiz.net)
• Blind SQL Injection Automation Techniques (Cameron Hotchkies - 0x90.org)
• Blind SQL Injection - Are your web applications vulnerable? (Kevin Spett - SPI Dynamics)
• Data-mining with SQL Injection and Inference (David Litchfield - Next Generation Security Software)
• New Benchmark alternative or effective blind SQL-injection (Elekt - www.antichat.ru)
• An earlier version of this was presented at
  • OWASP AppsSec Brazil 2009 (Sebastian Cufre - Core Security Technologies)
  • CanSecWest Vancouver 2010 (Fernando Russ - Core Security Technologies)

Yaniv Miron Is an information security consultant and researcher currently working at "IL Hack" as a security consultant and researcher for major organizations. In addition, Yaniv is a senior instructor at the "IL Hack Institute" that teaches hacking classes in Europe. Prior to that Yaniv worked for major consulting firms and as a CISO. Yaniv is the founder of the biggest Israeli hacking convention - IL.Hack. Yaniv is certified as a CISO from the Israel Institute of Technology and a Certified Locksmith. Yaniv spoke at security and hacking convention as OWASP, Hacker Halted, IL.Hack, Israeli Police - Department of Cyber Crime Investigations Conference and at the Israeli Institute of technology as in many other hacking and security conventions. Yaniv is highly skilled with hands on penetration testing and security research and found several security vulnerabilities.