Cut the Crap
Up in the Clouds
EC-Council Certification Training
Advanced Security Training (CAST)
Other Infosec Training
HH2011 Post Event Report
HH-2012 Post Event Report
Cut the Crap, Show Me the Hack
Cut the Crap, Show me the Hack is a highly technical track featuring no-nonsense technical security experts who demonstrate the latest hacks, reveal new zero-days, and showcase the most current threats and vulnerabilities.
Zoltán Balázs graduated at the Budapest University of Technology and Economics, finishing the Security of Infocommunication Systems special in 2006. Worked for some months at Citigroup Threat Assessment Center as IT Security Analyst. From 2006-2010 he worked as an IT Security Expert at Erste Bank Hungary, and from 2010 he worked as an IT Security team leader, at Erste. From 2011 he is working as ITSEC consultant at Deloitte. His main experts are Penetration Testing, Incident handling, Security Monitoring.
One of Zoltán's hobbies is to solve and create hacking challenges. On ITSEC conferences he likes to present about malwares, IPv6, pass-the-hash, browser malwares.
Zoltán is a CISSP, CPTS, MCP.
“Zombie Browsers, spiced with rootkit extensions”
Wayne Burke has had considerable hands-on IT Security experience consulting or lecturing, whether it was for Government Agencies, Healthcare Institutions, Financial and international companies.
His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW-SA, Security+, CEH, ECSA, LPT, CHFI) besides a bachelor’s degree in science.
Wayne is currently the CSO for Sequrit CSI, responsible for the technical realm and security management, which includes consulting teams . He is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered security assessments, Penetration Test assignments and customized training for International Corporations and many Government Agencies such as: EPA, FAA, DOJ, DOE, DOD + 8570: Air force, Army, Navy, Marines, FBI and Statewide Law Enforcement Offices in the USA.
In Europe: NATO, Europol, MOD (Military of Defense UK) various EU Law Enforcement, Dutch Ministry of Defense, Ministry of Justice, local European Law Enforcement: UK, Ireland, Switzerland, Belgium, Holland, Denmark.
ASIA: Singapore Gov, Philippines’ Presidential Office, the Undersecretary, and Cyber Crime Police Specialist Unit. Jakarta, Tax Investigations Office. Various Malaysian Gov agencies. Plus Corporate and government bodies from Africa, and numerous Gulf locations to name a few. His office has become his next long haul international flight.
Wayne’s consulting and training undertakings cover specializing in Penetration Testing, Forensics, Security Expert Advisor and secure infrastructure design. His expertise include DMZ firewalls, Secure VPNs, EAP/TLS, PEAP, SSL, PKI, Smart Cards, Biometrics, IPSEC, IDS, Vulnerability Scanners, AV, Honey Pots, Audits, filtering policies, multi-layer encrypted file systems, patch management and deployments. He additionally develops customized and blended security curriculum.
Wayne is constantly engaged in helping businesses optimize their systems security vision He is acknowledged as an expert consultant and trainer serving large organizations with cutting edge IT security. His wide range of all product experience has helped to develop his overall systems security knowledge. Wayne has a passion for tracing malicious hackers in pursuit of which he has had to grapple with issues, which are inextricably entwined in meeting the everyday challenges of information systems security.
“Mobile Hardware Hacking with Raspberry Pi”
Kevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi-Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and systems engineer on a variety of Department of Defense projects and early on was chosen as a member of the project to bring Internet access to ships at sea. Following this highly successful project he was selected to head the team that built a Network Operations Center (NOC) that provided services to the commands ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. As the leader of a 5 person Red Team he achieved a 100% success rate at compromising systems and networks.
He currently works as a free-lance consultant and provides consulting services for companies throughout the world, and as an advisor to numerous government entities within the US and UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense course. He is technical editor of the Learning Tree Course Ethical Hacking and Countermeasures and Computer Forensics. He is author of the Controlling Network Access course. He has presented at the Blackhat USA Conferences.
“Building a Live Hacking Target Range”
An alumnus of St. Petersburg State Polytechnic University, computer science department, he works upon SAP security, particularly upon Web applications and JAVA systems. He has official acknowledgements from SAP for the vulnerabilities found.
Dmitriy is also a WEB 2.0 and social network security geek who found several critical bugs in Yandex services (Russian largest search engine), Google, Vkontakte (
), the Russian largest social network. He is a contributor to the OWASP-EAS project. He spoke at the following conferences: BlackHat USA, Hack in the Box and BruCON.
Actively participates in the life of the Russian Defcon Group.
“Breaking SAP Portal”
Gianni Gnesa, BCS, MSCS, CEH, OSCP, OSEE, Network+, Linux+, is a security researcher and professional trainer at Ptrace Security, a Swiss-based company that offers specialized IT security services to customers worldwide. With almost seven years of experience in vulnerability research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security research on kernel exploitation and rootkit detection.
“Advanced Industrial Espionage Attacks”
Ben Miller – C|EH, Security+ --Information systems specialist turned offensive security expert, Ben Miller brings a unique mix of networking, compliance and security experience to the table. As a Certified Ethical Hacker for Parameter Security, Miller identifies and exploits weaknesses in clients’ networks – emulating a real-world attack.
Prior to Parameter Security, Ben was employed by Lincoln County Medical Center where he gained extensive knowledge of meeting and maintaining HIPAA compliance regulations on an ongoing basis, creating and deploying as well as securing systems against malicious hackers.
“What you don't know can hurt you!”
Kyle Osborn is a penetration tester at AppSec Consulting, where he specializes in web application security, network penetration, and physical assessments. He plays a bad guy at the Western Regional Collegiate Cyber Defense Competition. Osborn has developed a CTF, with his team, for the United States Cyber Challenge "Cyber Camps", where a number of campers competed in. Osborn has previously discussed browser and mobile security at prominent conferences such as BlackHat USA, DefCon, Toorcon, DerbyCon, TakeDownCon, and Brucon.
“Physical Drive-by Downloads - An Android Modders Weakness”
Prutha Parikh is a Vulnerability Signature Engineer at Qualys. She is responsible for creating signatures for QualysGuard to detect existing and newly discovered vulnerabilities in various applications and operating systems. She has an MS degree in Computer Science from University of Southern California and holds a CISSP.
“Attacking Apache Reverse Proxy”
As the Chief Technology Officer with Application Security, Inc.(AppSec),Josh Shaul is responsible for the overall direction of the organization’s technical strategy, which includes responsibility for the product portfolio -- AppDetectivePro for auditors and IT advisors, and its flagship solution, DbProtect for the enterprise.
During his tenure at AppSec, Josh has held positions in product management, engineering, sales and technical strategy.
Prior to AppSec, Josh was Director, Worldwide Systems Engineering with SafeNet, Inc. working on the industry's first complete IPsec accelerator chip. In his five years with SafeNet, he was responsible for the design, development and enhancement of SafeNet's embedded security solutions, covering a wide range of applications.
Josh is the foremost security policy and standards guru at the firm, with additional expertise in U.S. and Canadian Federal governments (both military and civilian), trusted computing and application-level security issues.
He is the author of the acclaimed Practical Oracle Security: Your Unauthorized Guide to Relational Database Security, which received resoundingly positive critical reviews. He's presented at numerous global technology conferences including Microsoft TechEd, McAfee FOCUS, InfoSec World, WhiteHatWorld, Computer Security Institute, GFirst, IOUG COLLABORATE, several Oracle Users Group conferences, Federal Information Assurance Technology Forum, OWASP, Federal Information Security Conference, and FS-ISAC.
Josh holds a B.S. in Computer Systems Engineering from the University of Massachusetts.
“Hacking The Big Four Databases”
David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, focused on technology and the law, and helping companies lower the risk of a cyber-incident and reducing or eliminating the liability associated with loss or theft of information. David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM. He has published many articles, the most recent, “Hacking Back In Self-Defense: Is It Legal; Should It Be?”, and another popular one, “When Does Electronic Espionage Become An ‘Act of War’?” His speaking engagements include: the FBI ICCS conf., RSA, CSI, HTCIA, ISSA, FBCINC, the 4th Int'l Cyber Crime Conf., Australia, Cornerstones of Trust, FISSEA and others. He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard. He was recently quoted in a Fox News Exclusive:
, and his recent article was published on Fox News: Is the US Already Engaged in a Cyber War?:
“Hacking Back In Self-Defense: How Can I Do It Legally?”
Copyright 2014 by EC-Council