Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch.

In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 7th year, SyScan is one of the most recognised security conference in the security community.

As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of "BluePill" - the first hardware based VM rootkit back in 2006.

Nanika's major areas of expertise include vulnerability research, exploit techniques, malware detection and mobile security. Especially on Windows platform and malicious office document, he has discovered numerous Windows system and office vulnerabilities. He frequently presents his researches at security conferences in Taiwan, including Hacks in Taiwan 05/06/07/09, Syscan Taipei/Hong Kong 08. Nanika was a member of the Vulnerability Research Lab (VRL) of COSEINC and now he is currently pursuing a Master's degree in NTUST.

Udi Shamir is a Senior Researcher with the Advanced Malware Labs of COSEINC. His work in the company includes research into Rootkits, Operating Systems, Virtualization Security and Kernel Hacking.

A few of his projects includes:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).

Nguyen Anh Quynh is a security researcher with multiple interests: operating system, virtualization, trusted computing, digital forensic, intrusion detection, malware analysis and vulnerability. He published a lot of academic papers in those fields, and frequently gets around the world to present his research results in various hacking conferences. Quynh obtained his PhD degree in computer science from Keio University, Japan. He is also a member of VnSecurity, a pioneer security research group in Vietnam.

Moti Joseph has been involved in computer security. In the last few years he has been working on reverse engineering exploit code and developing security products. Moti is a former speaker at

• (*)CONF2009, Poland,
• POC 2009, South Korea,
• ShakaCon 2009, USA,
• Black Hat 2007, USA

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq’s professional career has included Fortune 100 companies, leading information security firms and innovative start-ups.

Currently living in Thailand, the Grugq works as a senior security researcher for COSEINC. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

• pioneered anti-forensics
• developed "userland exec"
• released voip attack software
• decade of experience in info sec
• long term liaison w/ digital underground
• described as "extremely handsome" [by his mom]
• 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.

Anthony Bettini is part of the McAfee Labs senior management team. His professional security experience comes from working for companies like McAfee, Foundstone, Guardent, Bindview, and independent contracting. He specializes in software security and vulnerability detection. Anthony has spoken publicly for NIST, the Computer Anti-Virus Research Organization (CARO) in Europe, RSA Europe 2009 in London, and most recently at the 22nd Annual FIRST Conference in Miami on locale-specific threats. Anthony has published new vulnerabilities found in Microsoft Windows, ISS Scanner, PGP, Symantec ESM, and other popular applications. In addition to contributing to a handful of security books, Anthony was also the technical editor for Hacking Exposed 5th edition.

Published books:

• Sole Technical Editor for Hacking Exposed 5th Edition
• Contributing author of Sockets, Shellcode, Porting, and Coding
• Contributing author of Buffer Overflow Attacks: Detect, Exploit, Prevent

Published papers:

• 2010 – Locale-specific Threats: The Internet Has Always Been Flat. McAfee Labs (pending, published soon, eta 0-2 months)
• 2010 – Social Networking Apps Pose Surprising Security Challenges. McAfee Labs (pending, published soon, eta 0-2 weeks)
• 2009 – PCI DSS: Better Than Nothing. McAfee Security Journal: Summer 2009 Ed.
• 2008 – Vulnerabilities in the Equities Markets. McAfee Security Journal: Fall 2008 Ed.
• 2004 – The Value of No False Positives. Foundstone Labs

Ben Nagy is a senior security researcher with COSEINC, and recently moved from Kuala Lumpur to hack with a view of the mountains in Kathmandu. For over a year he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office. Previously working on liver destruction with eEye in Geneva and Bangkok, he has written whitepapers on a number of subjects and presented at conferences in Europe, Asia and Australia. Ben is probably that guy over there drinking beer and talking about Ruby.

Cristofaro Mune is an independent security researcher currently focusing, mainly, on Mobile and Embedded security.

In the past he has been Security Research Lead for Mobile Security Lab, discovering, with his team, vulnerabilities in mobile devices, applications and services. In his experience there are also security assessments of IT networks, devices and services for major companies.

His main interests are exploitation of embedded architectures, reverse engineering and loves everything that is "food for (security) thought"

His works have been presented at important security conferences:

• "Hijacking Mobile Data Connections" - BlackHat Europe 2009 (Co-Author & Presenter)
• "Hijacking Mobile Data Connections 2.0: Automated and Improved" - DeepSec 2009 (Co-Author)
• "(Too Much) Access Points - Exploitation Roundup" - CONFidence 2010 (Author & Presenter)

Author of MFCUK

• MiFare Classic Universal toolKit

Day-time programmer (after-8pm type of hobbyist hacker)

Generally interested in:

• Programming/hacking: RFID, GSM, biometrics, embedded
• Almost everything which:
  • Is connected to networks/communications lines
  • Have smart-cards (contact and contactless)
  • Have crypto involved somewhere down the line
  • Is or should be secure

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the german web application company SektionEins GmbH that he co-founded.

Jose Duart (Tora) is a reverse engineer with more than ten years of experience in the field. In the past, he's been also working as a computer forensics analyst, doing static analysis of disk images and executables, and also giving trainings to Spanish law enforcement about topics like anti-forensics or malware unpacking. Tora has been accepted as speaker in conferences like Power Of Community and CodeGate in South Korea, or ReCon in Canada. Recently he joined Zynamics to work in unpacking automation and binary auditing.