Matthew “Shok” Conover
Matt Conover is a Principal Software Engineer at Symantec in Security Response. Recently, he has been focusing on Windows heap exploitation, and developing tools to reverse engineer worms/rootkits. He has been active in computer security since the late 90's and has worked at security companies such as Bindview, Guardent, and Entercept. He is well respected as a long-time security researcher, and a pre-eminent authority in the field. He has previously presented at CanSecWest, SANS, and the University of Utah.

SAN
San is a security researcher, who has been working in the Research
Department of NSFocus Information Technology (Beijing) Co., Ltd for more than three years. He's also the key member of XFocus Team, the pre-eminent security research group in China, who has discovered and published many Microsoft vulnerabilities.

His focus is on researching and analyzing application security, and he's also the main author of "Network Penetration Technology" (Chinese version book).

Dave McKay
Dave McKay is currently an independent security consultant. McKay has been involved in the information security field for 9 years. McKay's prior employment includes an impressive list of companies where he served in a security capacity including, Hotmail, Google, Microsoft, US Department of Defense and @stake (now Symantec). McKay is now in Rome writing a book.

Ilja van Sprundel
Ilja van Sprundel has a passion for somewhat offensive computer security. Among other things he has previously imlemented a secure creditcard transaction solution. Ilja also attended the RWTH-Aachen summerschool of applied I.T. security where he learned a great deal about offensive and defensive security mechanisms. He is also the winner of the 21c3 stacksmashing contest and a member of the Netric security research group.

IIja an Sprundel currently works for Suresec.org.

Fyodor Yarochkin and Meder Kydyraliev
Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the "security" service delivery field. These years, however, weren't completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.

Meder Kydyraliev has been involved has been involved in research and development of Xprobe2 active OS fingerprinting tool. Some of his personal interests include: network reconnaissance and information gathering techniques, applications of distributed computing in information security tools. His senior project was titled "Multi-threaded, distributed platform for information security tools".
Meder has obtained his Bachelor of Science degree in software engineering from AUK/Kyrgyzstan and is at early stage of getting to know what real security industry is.

Emmanuel Gadaix
Emmanuel has been involved in the information security and telecommunications fields for over 12 years. Originally from Western Europe, Emmanuel has been living in Southeast-Asia since 1993. After few years spent at Nokia commissioning mobile networks' NMS and IN systems, he started his own security consulting company in 1997, which eventually got acquired by TruSecure in 2001. Emmanuel now runs the Telecom Security Task Force, a specialized research firm focusing on GSM, GPRS and 3G/UMTS security. Personal interests included SS7 signalling, VoIP protocols and legacy X.25 networks. "

He is a CISSP, a Certified ISO-8583 Financial Transaction Protocol Engineer and a Certified Oracle DBA.

Neil Archibald
Neil Archibald is a security professional from Sydney Australia. He has a strong interest in programming and security research. Neil is employed by Suresec (http://www.suresec.org) as a Senior Security Researcher. He has coauthored two books published by Syngress - "Aggressive Network Self Defense" and "Ethereal, Snort & Nessus Power Tools".

Pukhraj Singh
Pukhraj Singh is the CTO and Co-Founder of SigInt Network Defense Pvt Ltd,
a leading provider of information security services in North India. At SigInt he is leading a team of entrepreneurial think-tanks.

Previously he worked with Network Intelligence India, a leading provider of Managed Security Services to global clientèles, as a security researcher. There in he performed the penetration testing of some leading Indian companies and international banks.

Later he joined the Indian R&D arm of a top-tier funded Silicon Valley based Security start-up, called Blue Lane Technologies (still in stealth mode). He was a part of the team working on a next-generation Intrusion Prevention System based on a patent-pending technology, which will guard against hacker intrusions in a novel way.

Having an innate interest in making people more aware about security and its importance in present scenario, he has spoken in many conferences (Hack In The Box, Bahrain), technology meets and has conducted professional grade ethical hacking workshops. His articles are also cited leading information security resources on Web (www.SecurityFocus.com) and newspapers.

Marcel Holtmann and Adam Laurie
Marcel Holtmann is the maintainer and the core developer of the official Linux Bluetooth stack which is called BlueZ. He started working with the Bluetooth technology back in 2001. His work includes new hardware drivers, upper layer protocol implementations and the integration of Bluetooth into other subsystems of the Linux kernel. In January 2004 he overtook the maintainer role from the original developer Max Krasnyansky.
Together with Jean Tourrilhes he maintains the OpenOBEX project. He is also responsible for the IrDA and Bluetooth integrations of the Gnokii project.

Adam Laurie is Chief Security Officer and a Director of The Bunker Secure Hosting Ltd. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe 's largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world's first CD ripper, 'CDGRAB'. At this point, he and Ben became interested in the newly emerging concept of 'The Internet', and were involved in various early open source projects, the most well known of which is probably their own—'Apache-SSL'—which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers - http://www.thebunker.net ) as secure hosting facilities. Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings.

Major Malfunction
Major Malfunction is a security professional by day, and a White Hat hacker by night. He is a good example of what happens to TheGoodGuys(tm) when you force them to travel, eat junk food, drink too much coffee, and stay in cheap hotels. If your hotel has a hole in it, Major Mal will find it... He has been involved in DEFCON, as a Goon, since DC5, and the computer industry since the early Eighties. He was co-founder of the world's first full time Internet pirate radio station, InterFACE, and wrote the first ever CD ripper, 'CDGRAB', disproving the industry lie that computers could not read music CDs. In his spare time, he likes to play with guns. Big guns. Little guns. As long as it goes BANG, it will be his friend, and he will love it, care for it, and feed it plenty of ammo. Let him fondle your weapon, and you'll have a friend for life...

Fabrice Marie
Fabrice is the manager of FMA-RMS, a small dedicated security consulting firm based in Singapore. Developer by trade for many years, he has been involved in the information security field for over 6 years. His interests are in secure programming, cryptography, open source and firewalling techniques. For the last few years he has been breaking mostly bank and telecom web applications in the Asia Pacific region,
as well as performing penetration tests for them. Originally from France, Fabrice has been staying in Singapore for the last 5 years.

Alex Stamos
Alex Stamos is a founding partner of iSEC Partners, LLC, a strategic digital security organization, with several years experience in security and information technology. Alex is an experienced security engineer and consultant specializing in application security and securing large infrastructures, and has taught multiple classes in network and application security.

Before he helped form iSEC Partners, Alex spent two years as a Managing Security Architect with @stake. Alex performed as a technical leader on many complex and difficult assignments, including a thorough penetration test and architectural review of a 6 million line enterprise management system, a secure re-design of a multi-thousand host ASP network, and a thorough analysis and code review of a major commercial web server. He was also one of @stake’s West Coast trainers, educating select technical audiences in advanced network and application attacks.

Before @stake, Alex had operational security responsibility over 50 Fortune-500 web applications while at Loudcloud, Inc. The technical aspects of his position required advanced knowledge of Unix and Windows based application servers, experience with datacenter level administration and monitoring tools, and a deep understanding of network architecture and security.

Alex has also worked in a security role at a DoE National Laboratory. He holds a BSEE from the University of California, Berkeley, where he participated in research projects related to distributed secure storage and automatic C code auditing.

Shreeraj Shah
Shreeraj founded Net-Square to establish the company as a strong security research and security software development company. He leads research and development arm of Net Square. He has over 7 years of experience with system security architecture, system administration, network architecture, web application development, security consulting and has performed network penetration testing and application evaluation exercises for many significant companies in the IT arena. In the past Shreeraj worked with Foundstone, Chase Bank and IBM in area of web security.

Shreeraj graduated from Marist College with a Masters in Computer Science, and has a strong research background in computer networking, application development, and object-oriented programming. He received his graduate degree in Computer Engineering from Gujarat University, and an MBA from Nirma Institute of Management, India. Shreeraj has also authored a book titled “Web Hacking: Attacks and Defense” published by Addison Wesley. Shreeraj spoke at conferences like HackInTheBox, RSA, Blackhat, Bellua, CII and NASSCOM etc. in the past.

Himanshu Dwivedi
Himanshu Dwivedi is a founding partner of iSEC Partners, LLC, a digital security organization, with 11 years experience in security and information technology. Before forming iSEC, Himanshu was the Technical Director for @stake’s Bay Area practice. His professional experience includes application programming, infrastructure security, and secure product design with an emphasis on storage security for the past 5 years.

Himanshu is considered an industry expert in the area of SAN security, specifically Fibre Channel Security. Himanshu specializes in SAN and NAS security. His research includes Fibre Channel (FC), iSCSI, and NAS (CIFS/NFS) storage devices. The technical publications including the following:

PATENTS:

• U.S. Patent Serial No. 10/198,728
  Patent pending for Fibre Channel security design techniques (including authentication, authorization, and auditing) for storage architectures and devices used in SANs

ISSUED BOOKS:
- Implementing SSH: Strategies for Optimizing the Secure Shell, Wiley Publishing
- The Complete Storage Reference (Ch. 25, Security Considerations), McGraw-Hill
- Storage Security, NeoScale Publishing

PAPERS:
Protecting Intellectual Property Whitepaper
Storage Security Whitepaper

Cedric Blancher
After 4 years as IT security consultant, performing audits and penetration testing, Cedric joined EADS Corporate Research Center to perform R&D within the network security field, including wireless technologies. He is an active member of Rstack team and French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He regularly authors technical presentations and articles, and gives lectures at university. Strongly involved in Free Software community, he delivers GNU/Linux security trainings accross Africa for an IT sustained development program.
Homepage:

Krisztian Piller and Sebastian Wolfgarten
Krisztian Piller (29) is M.Sc.E.E. and he is working for the European Central Bank (ECB) as a security expert. He plans and analyzes the security of IT Projects, performs security assessments and penetration testing. Formerly he has been worked for Ernst & Young as a senior advisor for IT security where he analyzed the security of computer systems and networks of national as well as international large-scale enterprises. He has been a speaker several times at various IT security-related conferences all over Europe.

Sebastian Wolfgarten (24) is a student of business & computer science at the University of Cooperative Education in Stuttgart/Germany and is working for Ernst & Young Risk Advisory Services (RAS) department for two years now. Together with his colleagues he analyzes the security of computer systems and networks of national as well as international large-scale enterprises. He has published more than a dozen articles for various German IT magazines and two books for the Addison & Wesley publishing house.

Clflush and Amnesia
Amnesia has been researching the Linux kernel for a year. I focus mainly on rootkit detection, binary/kernel object modification and exploit code development.

Clflush has a keen interest in computer security and loves exploring and testing both offensive and defensive techniques in his spare time. He has been researching on the Linux kernel for a year. He is also interested in code emulation and poly/meta-morphic engines as well as virus techniques.

The following training classes will be available before SyScAN’05: Attacking and Defending Web Application by Shreeraj – NetSquare Windows Overflow by Dave Aitel – Immunity Auditing Microsoft RPC by Dave Aitel – Immunity Digital Forensic by The Grugq Attacking and Defending Web Application Title: Attacking and Defending Web Application Duration: 2 days Trainer: Shreeraj from NetSquare Training Fee: US$500 per student including lunches and tea-breaks Requirement: Students with laptops if wanted to make interactive Hands on training. Content: Beginning with an introduction to Web applications, the participants will be offered an insight into web hacks and their resulting effects, followed by thorough assessment methodologies and defense strategies for varying environments. Introduction to web applications • Components of a web application • Basics of web technologies and protocol information • Evolution of technologies and impact on security • Understanding other basic web security-related concepts • Learning tools like netcat, achilles etc. to understand its usage and • application. (Hands on for the group) Web Hacking – Areas of attack Various attacks will be covered in detail with demonstration followed by hands on exercises. Following is a brief list of attacks. • Cross-site scripting attacks • SQL Query Injection • Session Hijacking • Buffer Overflows • Java Decompilation • HTTP brute forcing • Trojan Horses and Malware products • Form Manipulation, Query Poisoning • Input Validation,Parameter Tampering • Authentication • Information leakage • File operations • Client-side manipulations • Cryptography • Error/Exception handling Attack and Defense strategies • Impact of attacks • Risk analysis • Countermeasures • Defense strategies and methods • Assessment Methodology and Defending Applications • Reconnaissance – Profiling a web application • Black-box and White-box testing • Exploiting vulnerabilities • Defending applications • Secure coding strategies Web Services Assessment • Footprinting • Discovery • Technology Identification • Attack vector for web services • Defense methods Hands-on: The training program will end with an “assessment challenge” – a live Web Application. Working with time constraints, participants are expected to analyze the application, identify and exploit loopholes and apply all defense strategies learnt, to secure the application. Digital Forensic Title: Digital Forensic - Windows Duration: 2 days Trainer: The Grugq Training Fee: US$500 per student including lunches and tea-breaks Requirement: Students with laptops. Forensic software will be provided. Content: Using a task oriented approach; students will learn digital forensic analysis techniques and methodologies that can be applied immediately. During the course, strong emphasis is placed on technical understanding and skills. The first day focuses on a thorough examination of the digital forensic analysis process. Centered around this process, and using extensive laboratory exercises, the class will learn how to: • Acquire digital evidence • Perform systems analysis • Extract digital artifacts • Build a case • Present findings The second and third day is dedicated to deep level knowledge training. During hands on “File System Intensives”, students will learn the on-disk structures of several file systems, including NTFS and FAT. Students will learn how perform a digital forensic investigation, picking the right tools at each phase with complete knowledge of how those tools operate.   Diamond Sponsor:             Gold Sponsor:             Silver Sponsor:         Luncheon Sponsor:             Cocktail Sponsor:             Officially Supported by:           Supporting Organisations:           Patron of SyScAN:             Unofficial Media: