Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch.

In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 8th year, SyScan is one of the most recognised security conference in the security community.

As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of "BluePill" - the first hardware based VM rootkit back in 2006.

Don A. Bailey is a Security Consultant with iSEC Partners, Inc. With over six years in the field, Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software.

While Don's primary expertise is in developing exploit technology, he is also well versed at reverse engineering, fuzzing, enterprise programming, binary analysis, root kit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies in recent years and has been invited to speak about risk management from a ClSO perspective at government organized conferences.

For the past five years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, DECT, GSM, and microcontroller security. Most recently, Don spoke at Blackhat Abu Dhabi 2010 and ToorCon San Diego 2010 regarding vulnerabilities in the global telephone network and the GSM protocol.

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German web application company SektionEins GmbH that he cofounded.

The Grugq is a pioneering information security researcher with over a decade of professional experience. He has worked extensively with digital forensic analysis, binary reverse engineering, rootkits, Voice over IP, telecommunications and financial security. The Grugq's professional career has included Fortune 100 companies, leading information security firms and innovative start-ups.

Currently living in Thailand, the Grugq works as a senior security researcher for COSEINC. While not on engagements, the Grugq continues his research on security, forensics and beer.

Claims to fame:

• pioneered anti-forensics
• developed "userland exec"
• released voip attack software
• decade of experience in info sec
• long term liaison w/ digital underground
• described as "extremely handsome" [by his mom]
• 1992 sussex County 3-legged race, 2nd place

The Grugq has spoken at dozens of conferences over the last 7 years; provided expert training courses to .gov, .mil, police and businesses; domain expertise on forensics, voip, telecommunications and financial systems.

Moti Joseph is currently a Senior Security Researcher with the Vulnerability Research Lab (VRL) of COSEINC. He has been involved in computer security since 2000 and has been working on reverse engineering exploit code and developing security products for CheckPoint and WebSense Security Labs.

Philippe Langlois has proven expertise in network security. He founded and led technical teams in several security companies (Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF). He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France's first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first ecommerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Hack.lu). Now Philippe is providing with P1 Security the first Core Network Telecom Signaling security scanner & auditor which help telecom companies, operator and government analyze where and how their critical telecom network infrastructure can be attacked. He can be reached through his company's website at: http://www.p1security.com

Neophyte security researcher who has a penchant for booze. Tinkerer that has spiralled down into the kernel. Visionary Street Fighter IV player. I've no impressive list of CVE's and no string of acronyms after my name. Mere dwarf standing on the shoulders of giants. I've researched automated malware analysis while getting my masters in security informatics from Johns Hopkins. I then joined Symantec as a malware analyst where I reverse engineered malware and file formats to aid in detection of exploits. After that I joined iSIGHT Partners Lab to build/break things for our customers.

Ben Nagy is a senior security researcher with COSEINC, currently working from Kathmandu, Nepal - braving 14 hours per day of scheduled power cuts, wild dog packs and amusing diseases such as typhoid and cholera. For more than two years, he has been exploring ways to improve fuzzing scalability, especially against complex, closed source targets like Windows and Office, and has been credited (inordinately) with 'pioneering' industrial fuzzing. Ben is a one-eyed Ruby zealot and a firm believer in Not Invented Here, Beer and Enraged Ranting. latest, from infiltrate

Assaf Nativ is a leading security researcher at Sentrigo. He has been active as an SRE during the last 10 years in various positions. Assaf is credited for discovering various DBMS vulnerabilities. In his free time he practices professional cheating in Facebook games. Presented at RECon 2010 and soon at Nullcon.

Alfredo Ortega is a programmer and exploit developer with more than ten years of experience, working mostly in embedded and Unix systems. Currently finishing a PhD at ITBA (Instituto Tecnologico de Buenos Aires). He is a co-founder of Groundworks Technologies and is specialized on firmware and embedded security.

In the past he was selected as speaker on several security and computer science conferences, including Blackhat, Defcon, CansecWest, SyScan and Ekoparty.

His hobbies are FPGA synthesis, security research and debugging where no man has debugged before.

Laurent is a French senior IT Security consultant, who founded TEHTRI-Security (link: http://www.tehtri-security.com) in 2010. Last 15 years, he has been hired as a security expert to protect and pentest networks and systems of highly sensitive places like the French Nuclear Warhead Program, the French Ministry of Defense, the United Nations, etc.

He has been doing research on defensive technologies and underground activities with numerous security projects handled, and he was a member of team RstAck and of the Steering Committee of the Honeynet Research Alliance. Laurent has been a frequent presenter or instructor at computer security and academic conferences like Cansecwest, Pacsec, Black Hat USA-Asia-Europe, Hack-In-The-Box Dubai, Defcon, US DoD/DoE, Hope, Honeynet, PH-Neutral, Hack.LU, as well as a contributor to several research papers for SecurityFocus, MISC Magazine, IEEE, etc.

2007
Security architect at major German bank data centre

2007 - present
Red Hat Security Response Team

2002 - present
Regular presenter at major sec conferences CSW, Blackhat, RSA, SyScan, HITB, etc.

2005 - 2010
Wrote PhD thesis about Java vulnerabilities

2002 - present
Reported multiple vulnerabilities in

• Java
• major Browsers (Firefox, Chrome, Safari, IE, Opera)
• OS system libraries (Linux, Win, OSX)

Listed in Google Chrome Security Hall of Fame

Udi Shamir is a Senior Researcher with the Advanced Malware Labs of COSEINC. His work in the company includes research into Rootkits, Operating Systems, Virtualization Security and Kernel Hacking.

A few of his projects includes:

• The BlueBox is watching Me, (Hacking the Linksys checksum)
• DirStat filesystem security event tracker, http://sf.net/projects/dirstat.
• EM (Enforcement Module) http://sf.net/projects/em-module.
• WMI (re-patch wmi version for linux).