Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch.

In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 7th year, SyScan is one of the most recognised security conference in the security community.

As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of "BluePill" - the first hardware based VM rootkit back in 2006.

Claudio managed to score his first hack at the age of 10 to download more contents from the local BBS bypassing ratio restrictions. After that he managed to graduate at Milano TU and started his PhD while being the principal consultant at Secure Network. He's been involved in web application security and then moved into virtualization security because he loves cloud and vaporware. He presented at various conferences like BlackHat and CONFidence and he's an editor at virtualization.info. In his free time, usually between 2 and 5 in the morning, he sleeps.

Shreeraj Shah, B.E., MSCS, MBA, CSSLP is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at NetSquare. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books Web 2.0 Security, like Hacking Web Services (Thomson 06) and Web Hacking:Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), OWASP, HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O'reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology, SC Magazine etc. as an expert.

Shreeraj was instrumental in product development, researching new methodologies and training designs. He has performed several security consulting assignments in the area of penetration testing, code reviews, web application assessments, security architecture reviews and managing projects.

Stephen Ridley is a Senior Researcher at Matasano Security LLC, an independent security research and development firm specializing in software security and reverse engineering.

Prior to Matasano, Stephen worked at McAfee as a founding member of the Security Architecture research group. Before that, Stephen did reverse engineering and software vulnerability research in a �skunkworks� team at a leading U.S. Defense/Intel contractor. He is privately credited with vulnerability discoveries in popular COTS packages as well as open-source software. Stephen has written for several trade magazines and been quoted in publications such as �Wired� and "Security Focus". He has also taught reverse engineering companies from the Fortune 500 and to Military and Defense agencies. Stephen currently lives in Manhattan, New York.

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq�s professional career has included Fortune 100 companies, leading information security firms and innovative start-ups.

Currently living in Thailand, the Grugq works as a senior security researcher for COSEINC. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

• pioneered anti-forensics
• developed "userland exec"
• released voip attack software
• decade of experience in info sec
• long term liaison w/ digital underground
• described as "extremely handsome" [by his mom]
• 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.

Gallagher - Tom Gallagher has been intrigued with both physical and computer security from a young age. He is currently the lead of the Microsoft Office Security Test team. Tom co-authored the Microsoft Press title "Hunting Security Bugs" and has presented at OWASP (Seattle), Black Hat, CanSecWest, and the TechEd conferences.

Conger - David Conger started at Microsoft in 2005 after graduating from the University of Puget Sound. He is a Software Development Engineer in Test II on the Microsoft Access team and built DFF as a way to better utilize his teams resources for fuzzing.

List of presentations/publications:

Tom Gallagher

• Book:
  • "Hunting Security Bugs", Tom Gallagher, Bryan Jeffries, and Lawrence Landauer, Microsoft Press, October 2006
• Presentations:
  • Cansecwest 2010 "Under the Kimono of Office Security Engineering", March 2010
  • BlueHat v9 "Under the Kimono of Office Security Engineering", October 2009
  • UNC Charlotte Fall 2009 Cyber Security Symposium "Under the Kimono of Office Security Engineering", October 2009
  • UNC Charlotte Fall 2008 Cyber Security Symposium "Hunting Security Bugs with Fuzz Testing", October 2008
  • TechEd USA 2008 "Making Security Testing Part of Everyday Development", June 2008
  • OWASP Seattle "Hunting Security Bugs in your Code", November 2007
  • UNC Charlotte Fall 2007 Cyber Security Symposium "Hunting Security Bugs in Your Software", October 2007
  • BlackHat USA 2006 "Finding and Preventing Cross-Site Request Forgery", August 2006

David Conger

• Cansecwest 2010 "Under the Kimono of Office Security Engineering", March 2010
• BlueHat v9 "Under the Kimono of Office Security Engineering", October 2009

Metlstorm is an independent unix hacker from New Zealand, where he milks both sheep and hobbits. In the brief gaps in this bucolic schedule, he finds time to organise Kiwicon - the NZ hacker con, co-host the award-winning Risky.biz weekly infosec podcast and hold down a day job as a whitehat security consultant. In true sellout style, Metl has worked the floor at Blackhat, Defcon, Kiwicon & Ruxcon, achieving minor notoriety at the latter for being the only speaker ever punched out by a member of the audience at the end of his talk. Metlstorm loves bugs that are features, carrier networks and "enterprise" unix software, because we all know that "enterprise" means "the 80s called, they want their long environment variables back".

Having conducted vulnerability assessments, network reviews, and penetration tests for the majority of the large companies in New Zealand, Insomnia founder Brett Moore brings with him over six years experience in information security. During this time, Brett has also worked with companies such as SUN Microsystems, Skype Limited and Microsoft Corporation by reporting and helping to fix security vulnerabilities in their products. Brett has released numerous whitepapers and technical postings related to security issues and has spoken at security conferences both locally and overseas, including BlackHat, Defcon, Ruxcon, and the invitation only Microsoft internal security conference called BlueHat.

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the german web application company SektionEins GmbH that he co-founded.

Laurent is a French senior IT Security consultant, who founded TEHTRI-Security (link: http://www.tehtri-security.com) in 2010. Last 15 years, he has been hired as a security expert to protect and pentest networks and systems of highly sensitive places like the French Nuclear Warhead Program, the French Ministry of Defense, the United Nations, etc.

He has been doing research on defensive technologies and underground activities with numerous security projects handled, and he was a member of team RstAck and of the Steering Committee of the Honeynet Research Alliance. Laurent has been a frequent presenter or instructor at computer security and academic conferences like Cansecwest, Pacsec, Black Hat USA-Asia-Europe, Hack-In-The-Box Dubai, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.

Travis Goodspeed is an independent hacker of embedded systems from Southern Appalachia. He has discovered methods for extracting keys and firmware remotely from a few ZigBee chips, locally from nearly all of them. In his spare time, he maintains an open JTAG debugger and tries without success to introduce India Pale Ale to Germany. He has neighbors everywhere.

Hermes(Lei) Li, Chinese, 8 years working experience in the field of web security. Former employee of Symantec and now working at Websense Security Lab as a security researcher for more than 3 years.

Ulysses Wang, Chinese, security researcher in Websense Security Lab. 4 years working experience, used to be working at Fortinet.

Nanika's major areas of expertise include vulnerability research, exploit techniques, malware detection and mobile security. Especially on Windows platform and malicious office document, he has discovered numerous Windows system and office vulnerabilities. He frequently presents his researches at security conferences in Taiwan, including Hacks in Taiwan 05/06/07/09, Syscan Taipei/Hong Kong 08. Nanika was a member of the Vulnerability Research Lab (VRL) of COSEINC and now he is currently pursuing a Master's degree in NTUST.

TT is a security researcher and software developer with Trend Micro. His major areas of interest include malware detection, system vulnerability and protection, web security, cloud and virtualization technology. He also has many years experience in security product development.

Ben Nagy is a senior security researcher with COSEINC, and recently moved from Kuala Lumpur to hack with a view of the mountains in Kathmandu. For over a year he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office. Previously working on liver destruction with eEye in Geneva and Bangkok, he has written whitepapers on a number of subjects and presented at conferences in Europe, Asia and Australia. Ben is probably that guy over there drinking beer and talking about Ruby.

Udi Shamir is a Senior Researcher with the Advanced Malware Labs of COSEINC. His work in the company includes research into Rootkits, Operating Systems, Virtualization Security and Kernel Hacking.

A few of his projects includes:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).