Call for Papers (CFP)
Register for free and submit your paper about your topic for approval
Our list of selected panelists will review and approve your paper according to our guidelines
We will notify you once your paper is approved and assist you with your travel and accommodations
Upcoming HITB Security Conferences open for paper submissions
The 10th Year Anniversary of HITB in The Netherlands taking place at De Beurs van Berlage from the 6th - 10th of May (the conference is on the 9th and 10th)!
10 Dec 2018 - 28 Feb 2019
Talks that discuss new and never before seen attack and defense methods are of more interest than a subject that has been covered several times before. Summaries not exceeding 5000 words should be submitted (in plain text format) to us through our online CFP system for review and possible inclusion in the programme.
Each accepted submission will entitle the speaker(s) to accommodation for 3 nights / 4 days and travel expense reimbursement up to EUR1200.00 per speaking slot
Topics of interest include, but are not limited to the following:
OUR REVIEW BOARD
THC / Segfault.net
Founder, Inverse Path
Andrea Barisani is an internationally known security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick…and break.
His experiences focus on large-scale infrastructure administration and defense, forensic analysis, penetration testing and software development, with more than 10 years of professional experience in security consulting.
Being an active member of the international Open Source and security community he contributed to several projects, books and open standards. He is now the founder and coordinator of the oCERT effort, the Open Source Computer Security Incident Response Team.
He has been a speaker and trainer at BlackHat, CanSecWest, DEFCON, Hack In The Box, PacSec conferences among many others, speaking about TEMPEST attacks, SatNav hacking, 0-days, OS hardening and many other topics.
Chief Technology Officer / Co-Founder, SafeBreach
Itzik Kotler is CTO and Co-Founder of SafeBreach. Itzik has more than a decade of experience researching and working in the computer security space. He is a recognized industry speaker, having spoken at DEFCON, Black Hat USA, Hack In The Box, RSA, CCC and H2HC. Prior to founding SafeBreach, Itzik served as CTO at Security-Art, an information security consulting firm, and before that he was SOC Team Leader at Radware. (NASDQ: RDWR).
Haroon Meer is the founder of Thinkst, an applied research company with a deep focus on Information Security. Haroon has contributed to several books on Penetration Testing and Security and is a regular speaker at both academic and industry conferences around the world.
Founder & CEO, P1 Security / TSTF
Founder of P1 Security and Senior Researcher for Telecom Security Task Force. Philippe Langlois has proven expertise in network security. At P1 Security, he is leading a security research team to deliver the first products to scan SS7, SIGTRAN, IMS and LTE networks for vulnerabilities and to detect these attacks in realtime. He founded and led technical teams in several security companies Qualys, WaveSecurity, INTRINsec) as well as security research teams (Solsoft, TSTF).
He founded Qualys and led the world-leading vulnerability assessment service. He founded a pioneering network security company Intrinsec in 1995 in France, as well as Worldnet, France’s first public Internet service provider, in 1993. Philippe was also lead designer for Payline, one of the first e-commerce payment gateways. He has written and translated security books, including some of the earliest references in the field of computer security, and has been giving speeches on network security since 1995 (Interop, BlackHat, HITB Dubai, Hack.lu). He can be reached through his website – http://www.p1sec.com
Senior Security Researcher, Vupen
Sofia Bekrar is a successful vulnerability and software security researcher.
During her research in Vupen, the world leading firm in vulnerability research, she invented outstanding smart fuzzing techniques combining static & dynamic binary code analysis. She implemented a fuzzing infrastructure which uncovered numerous vulnerabilities in software used by billion of users.
Sofia was the co-chair of the GreHack, offensive security conference which attracted more than 250 attendees and world class speakers (from Google, IOActive..) worlwide. She has been teaching security testing at graduate level at Grenoble INP Ensimag and University Joseph Fourrier (UJF), France.
Sofia obtained with honors her PhD in Computer Security Testing from UJF/Lig Labs/VERIMAG and her MSc Research in model graph transformation. Her PhD research was quoted as "Strategic for the Defense of France".
Founder / CEO, Quarkslab
Founder and CEO of QUARKSLAB, a cybersecurity company specialized in cutting edge solutions to complex security problems.
We rely on innovative, efficient and practical solutions based on deep knowledge and years of internationally recognized experience in the fields of reverse engineering, software assessment, vulnerability research, operating systems and cryptography. Our team is mainly composed with senior experts. We propose a range of customized services and products completely dedicated to your precise needs.
Before that, to sum it up:
- I got a PhD on steganography
- I created MISC Magazine, the 1st IT security magazine.
- I was co-founder and president of SSTIC, the main security related conference in France.
- I started working at EADS as research engineer.
- I created the Sogeti ESEC R&D team
I am speaker at several conferences (CanSecWest, PacSec, SSTIC, HITB, ...) and also wrote for security magazines/websites (securityfocus, IEEE Security & Privacy, Journal of computer virology, ...)
VP Engineering & Security Research, Palo Alto Networks
Leading security researcher and executive. Has a strong offensive security background. Technical lead as well as hands-on. Can communicate at various levels from peer-reviewed publications to big picture summaries to non-experts and upper management. Experienced in leading and building teams and managing critical and complex projects in a cross-organization environment. A certified and experienced trainer. Has published works and actively and continuously innovating. Interested in Research as well as leadership. Has experience in managing product teams, delivering endpoint products and developing new technolgies from the top as well as the bottom.
• Experienced in managing product development and research teams delivering security products
• Well known and accomplished in the field of offensive security research. Member of conference committees and a frequent speaker. Actively performing and publishing research even outside work.
• Experienced in embedding security into enterprise processes: SDLC, product security evaluation and penetration testing. Led the creation of such programs from small scale to organizations with thousands of employees.
• Security evaluated and architected multiple types of systems including embedded, firmware, boot, trusted execution environments, kernels, applications and web services for various environments including desktops, dedicated devices and mobile devices.
• Experienced and certified trainer in various information security fields.
Founder, Code Blue
From her various experiences running international conferences such as Black Hat Japan, APWG and others, Ms. Kana Shinoda founded the information security conference “Code Blue” with the purpose of introducing excellent-but-unknown researchers to Japan and the world. The aim of the Code Blue security conference is to create official and unofficial relationships between researchers across borders.
Founder, Luta Security
Katie Moussouris is the Founder and CEO of a new company, Luta Security ( lutasecurity.com ), named for the tropical island where her mother was born in the US Commonwealth of the Northern Mariana Islands, a beautiful place that is still home to many members of Katie’s family. Not only is Luta Security the only company offering gap analysis and guidance on ISO 29147 Vulnerability disclosure, and how to implement a vulnerability coordination program (which may or may not include bug bounties), we are also a 100% female-owned and Native Pacific Islander-owned tech company. Luta Security advises companies, lawmakers, & governments on the benefits of hacking & security research to help make the internet safer for everyone. Katie is a hacker – first hacking computers, now hacking policy & regulations.
Katie’s most recent work was in helping the US Department of Defense start the government’s first bug bounty program, called “Hack the Pentagon.” Her earlier Microsoft work encompassed industry-leading initiatives such as Microsoft’s bug bounty programs & Microsoft Vulnerability Research. Katie is also an invited technical expert selected to assist directly in the US Wassenaar negotiations on the inclusion of intrusion software and intrusion software technology, helping to renegotiate broad wording to minimize unintended consequences to the defense of the Internet. She is also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market.
She is a New America Foundation Fellow and Harvard Belfer Affiliate. Katie is on the CFP review board for RSA, O’Reilly Security Conference, Shakacon, and is an advisor to the Center for Democracy and Technology
SVP Special Projects, DarkMatter LLC
Senior Vice President – Special Projects at DarkMatter LLC, with 12+ years experience in information and systems security. International Experience: USA, Middle East, Australia, Africa, Asia
* Ph.D. with Highest Honors in Computer Engineering from Princeton University
* Masters Degree in Computer Engineering from Princeton University
* B.Eng. in Computer and Communication Engineering from American University of Beirut
* Lead Senior Associate, Booz & Company, USA and Middle East
* Research Staff Member, NEC Labs-Princeton University, NJ, USA
* Research Staff Member, IBM T. J. Watson, NY, USA
* Research Staff Member, Intel Corporation, Oregon, USA
Cyber Security – Related Experience
Robert Hansen is the CEO of OutsideIntel and Smartphone Exec.
He is the former VP of Labs at WhiteHat security and the former Chief Executive of SecTheory and Falling Rock Networks which focused on building a hardened OS. Mr. Hansen began his career in banner click fraud detection at ValueClick.
Mr. Hansen has worked for Cable & Wireless doing managed security services, and eBay as a Sr. Global Product Manager of Trust and Safety. Mr. Hansen contributes to and sits on the advisory board of several companies.
Mr. Hansen has co-authored "XSS Exploits" by Syngress publishing and wrote the eBook, "Detecting Malice." Robert is a member of WASC, APWG, IACSP, ISSA, APWG and contributed to several OWASP projects, including originating the XSS Cheat Sheet. He is also a mentor at TechStars.
Founder & CEO, Net-Square
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at awesome conferences like Deepsec, Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled “Web Hacking: Attacks and Defense” and “The Anti-Virus Book”.
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
Thanh 'rd' Nguyen is the founder of VNSecurity, with 20 years of security experience focused on application security, low-level kernel, bios, firmware, chipset, micro-architecture and he has presented talks at several security conferences including BlackHat US, Hack In The Box, Deepsec, Pacsec...
Previously, Thanh has worked as a CPU Security Architect at Intel Corporation to secure several Intel next generation technologies including Mobile & SoC platforms, vPro & Management Engine, IvyBridge and Haswell microarchitecture.
In his free time, Thanh used to play a lot of Capture The Flag security contests with CLGT team and helped to organize those very first Capture The Flag events in Asia for HITB Security Conference over 10 years ago. He is also a member of the renowned security research group “The Hacker’s Choice”, which was the first group to e.g. crack A5 GSM in 2006 within a minute.
Founder, Zimperium / ZecOps
Zuk Avraham is a world-renowned white-hat security researcher and the founder of mobile security company Zimperium.
An innate hacker with a passion for detecting code vulnerabilities, Zuk started his career as a security researcher in the IDF before being recruited by Samsung Electronics, where he published the first return-oriented programming technique for ARM architecture at DEFCON 18 and Blackhat. His security work has been the subject of academic research and is often quoted in leading publications such as Forbes, MIT Technology Review, TIMES and Engadget.
As Founder, Chairman and Chief Technology Officer at Zimperium, Zuk leads a team of specialists dedicated to protecting organizations from the growing threat of infiltration via mobile devices. He and his team have pioneered many new security approaches, including signature-independent protection. Founded only in 2010, Zimperium have already earned innovation awards for their cutting-edge enterprise Mobile IPS.
For more information, visit Zuk’s security blog at http://imthezuk.blogspot.com and follow him on Twitter: @ihackbanme
Chief Technology Officer, Opposing Force
Chief Technology Officer, IOActive
Cesar Cerrudo is Chief Technology Officer for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in areas including Industrial Control Systems/SCADA, Smart Cities, the Internet of Things, and software and mobile device security. Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter, to name a few. He has a record of finding more than 50 vulnerabilities in Microsoft products including 20 in Microsoft Windows operating systems. Based on his unique research, Cesar has authored white papers on database and application security as well as attacks and exploitation techniques. He has presented at a variety of company events and conferences around the world including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, 8.8, Hackito Ergo Sum, NcN, Segurinfo, RSA, and DEF CON.
He recently started Securing Smart Cities (http://www.securingsmartcities.org), a non profit initiative to make cities around the world safer.
Cesar collaborates with and is regularly quoted in print and online publications. His research has been covered by Wired, Bloomberg Businessweek, TIME, The Guardian, CNN, NBC, BBC, Fox News, The New York Times, New Scientist, Washington Post, Financial Times, The Wall Street Journal, and so on.
Senior Research Scientist, Trend Micro
Dr. Marco Balduzzi holds a Ph.D. in applied security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspect of computer security, with particular emphasis on real problems that affect systems and networks. Some topics of interest are web and browser security, code analysis, malware detection, cybercrime, online privacy, and threats in the IoT space.
He has been involved in IT security for over 10 years with international experiences in both industry and academia. With previous experience as security consultant and engineer, he is now a full-time research scientist at Trend Micro.
With over 30 talks in major security events like BH and HITB, he is considered a veteran speaker. His work has been published in the proceedings of top peer-reviewed conferences like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes, The Register, Slashdot, InfoWorld, DarkReading, BBC and CNN. He now sits in the review board of conferences, including HITB, OWASP, eCrime, DIMVA and IEEE journals.
Anthony Lai focus on offensive "Kungfu", malware analysis, target attack research as well as attribution. He is passionate over Capture the Flag game, reverse engineering and exploitation for years.
After inspired by Black Hat and DEFCON in 2007-8, he has found a non-profit making research group called VXRL (Valkyrie-X Security Research Group) since 2009 in Hong Kong, researchers have published various research in various security and hacker conference including AVTokyo, Codegate, Blackhat USA, DEFCON, DFRWS, HITCON, HTCIA USA and Asia Pacific. He organized a small conference called VXCON (vxcon.hk) and line up various his good friends to give cutting edge sharing and workshop.
Anthony acts as a director of Knownsec Hong Kong and Macau (knownsec.asia) and currently engages a part-time PhD program in Hong Kong University of Science and Technology, his research focus is on malware/threat attribution, machine learning and software analysis. He has been invited to be the technical team coach with Zetta KE and Alan HO for the CTF Team named "FireBird" sponsored and supported by Cyber Security Lab in HKUST (cybersecurity.cse.ust.hk).
Anthony is a mentor of SANS GREM and GXPN holder for official course.
TSTF focuses on security issues in the telecommunications industry such as infrastructure security, signalling analysis, SS7 audits, financial systems fraud review and Core Network vulnerability analysis.
We have experts in various countries across Asia and Europe.
Security Engineer, Apple
Product Security Engineer at Apple
Lead Fuzzing Researcher
Fabien Duchene's current research focuses on evolutionary fuzzing to improve vulnerabilities detection in black-box (not grey-box!) harness.
He created the GreHack hardcore security conference. Previously, he worked at Microsoft and Sogeti-ESEC. He holds an MSc in Computer Science from the “Grande Ecole” Ensimag, France, where he created the SecurIMAG CTF team, and is now lecturing basics in fuzzing, memory corruption exploit writing, pen-testing, web security, and network security.
He has also been studying at University of Queensland, Australia and Universidad Politecnica de Madrid, Spain. Fabien spoke at prestigious hacking and academic conferences: Black-Hat, IEEE WCRE, ACM Codaspy (double-blinded, 16% acceptance rate)…
HITB Core Crew, Hack In The Box
IoT / Blockchain dude at JD Security (JD.COM), / HITB Core Crew
KaiJern (xwings) is a senior security researcher in JD.COM. His research topic mainly on embedded device, hardware security, blockchain security, reverse engineering and various security topics. He presented his findings in different international security conferences like HITB, Codegate, QCon, KCon, Brucon, H2HC few different Defcon group and etc. He conducted hardware Hacking course in various places around the globe. He is also part of core team member/review board for Hack In The Box Security Conference and advisor for UnicornTeam/HACKNOWN Team.
HITB.nl Team Lead 2.0, HITB / The S-Unit
1337 Hacker, HITB .NL CTF Crew / The S-Unit
HITB Core Crew, HITB / The S-Unit
Barry ‘Fish’ van Kampen is an enthusiast hacker and thinker full of ideas and energy. During his technologic journeys, he made a lot of friends in the hacker(space) community.
As part of the HITB Core crew he is co-organising HITB Amsterdam since 2010. He is also the chairman and one of the founders of Randomdata, a hackerspace in Utrecht. As a professional, he is the MD of The S-Unit with a great passion for technology.
HITBSecConf series is a deep-knowledge technical conference.
HITBSecConf or the Hack In The Box Security Conference is an annual must attend event in the calendars of security researchers and professionals around the world. Held annually in Kuala Lumpur, Malaysia and Amsterdam in The Netherlands, HITBSecConf is a platform for the discussion and dissemination of next generation computer security issues. Our events routinely feature two days of trainings and a two-day multi-track conference featuring cutting-edge hardcore technical talks delivered by some of the most respected names in the computer security industry.
HITBSecConf is a place where ideas are exchanged, talent discovered and genius celebrated.