Review Board
Nikias Bassen
VP Product Security, Zimperium, Inc.
Nikias Bassen has been into reverse engineering for more than a decade. The breakthrough was back in 2011 when he joined the Chronic-Dev team to work on the iOS 5 + 5.1 jailbreaks. Ongoing research was focusing mostly on iOS, and in early 2013 he became part of the famous @evad3rs who released the evasi0n and evasi0n7 jailbreaks for iOS 6 and 7. He joined Zimperium zLabs back in 2015 to continue his efforts in security research and reverse engineering targeting iOS. Back in 2018, he joined the mobile device virtualization company Corellium as VP of Platform & Security to focus on providing the next-generation platform for security research and mobile development. Since 2019, Nikias is back at Zimperium zLabs as VP of Product Security to handle research and implementation of next-generation threat detections on iOS. As part of the checkra1n development team, he found his way back to his roots, working on the greatest jailbreak of the past decade: checkra1n.
Mark Curphey
Co-Founder, Crash Override
Mark Curphey is the co-founder and Chief Marketing Officer at Crash Override, a venture backed security startup founded in 2022. Curphey is a well known security expert, author, and public speaker. He has more than 25 years of experience in the security and software development fields holding executive leadership, technical leadership and community advocacy roles.
Prior to Crash Override he was the co-founder and CPO/CTO of Open Raven, a data classification company, founder and CEO of SourceClear (acquired by Veracode in 2018) the first pure play security software composition analysis company and led the MSDN subscription team at Microsoft.
In 2002 he founded the Open Web Application Security Project, the de facto online community dedicated to improving software security. He has Masters Degree in Information Security from Royal Holloway and Bedford New College, University of London. Mark lives in the UK.
Peter blasty Geissler
Haxxin BV
Peter “blasty” Geissler is an independent security researcher from the Netherlands. He’s well known for facilitating code execution on various game console platforms, writing exploits for various popular software packages and being a founding member of the Eindbazen CTF team as well as an organizer for the HITBAMS CTF event!
Marco Balduzzi
Technical Research Lead, Trend Micro
Dr. Marco Balduzzi is a team leader & principal researcher in computer & network security. Marco holds a Ph.D. in applied security from Télécom ParisTech and a M.Sc. in computer engineering from the University of Bergamo. His interests concern all aspects of computer security, with particular emphasis on real problems that affect systems and networks.
Marco has been involved in IT security since 2002 with international experiences in both industry and academia. With previous experience as security consultant and engineer, he is now a technical research lead at Trend Micro.
With over 50 talks in major security events he is considered a veteran speaker. His work has been published in the proceedings of top peer-reviewed conferences like NDSS, RAID and ACSAC, and featured by distinguished media like Forbes, The Register, Slashdot, InfoWorld, DarkReading, BBC and CNN. He now sits in the review board of conferences, including HITB, OWASP, eCrime, DIMVA and IEEE journals.
Saumil Shah
CEO, Net Square
Saumil is the founder and CEO of Net Square, providing cutting edge information security services to clients worldwide. Saumil is an internationally recognized conference speaker and instructor for over 19 years. He is also the co-developer of the wildly successful "Exploit Laboratory" courses and authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil holds an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time playing Pacman, flying kites, traveling around the world and taking pictures.
Boris So
Software Security Specialist, Major Cloud Service Provider
Boris is a software security specialist specializing in security software development, threat modeling, defensive coding, security testing, code obfuscation, steganography, as well as rootkit research. Currently Boris is working in a major cloud service provider, where he joined from one of the world’s leading US financial services institutes. He is also the OWASP HK chapter lead, core member of VXCON, organizer of DEFCON village, BlackHat Arsenal, and OpenSSF meetup group of Linux Foundation. Boris regularly speaks in cybersecurity conferences. He holds 3 US patents, 2 bachelor degrees and 2 master degrees. Boris is an enthusiast in aviation and he holds a private pilot license. During his free time, he is probably spending his time flying while not hacking.
Jeonghoon Shin
Researcher, SingiLabs
Jeonghoon Shin
- Mentor of the KITRI BoB
- Interested on Browser bug hunting & exploitation and mobile security
Ashley Shen
Technical Leader, Cisco Talos
Chi-en Shen (Ashley) is security researcher at Cisco Talos. She specializes in researching emerging threats, including nation-state targeted attacks, financially motivated crimes, spyware, and exploitation carried out by mercenary groups. Previously, she worked as a security engineer at Google Threat Analysis Group, where she focused on zero-day exploit hunting and tracking botnets. Prior to that, she was a member of the Mandiant Global Research Team, where she tracked APT groups in APAC and contributed to the development of the Threat Intelligence platform. Passionate about supporting women in InfoSec, Ashley co-founded HITCON GIRLS, the first security community for women in Taiwan. Additionally, she serves as an organizer for Rhacklette, a security community for FINTA in Switzerland. To support the security community, Ashley serves as a review board member for Black Hat Asia, Hacks in the Box and HITCON conferences. She has also shared her expertise as a speaker at conferences such as Black Hat, Hack in the Box, HITCON, FIRST, CODE BLUE, Troopers, Confidence, RESET, and others. In her free time, she enjoys playing CTF and travel.
Oleg Brodt
Head of R&D and Innovation, Cyber@BGU, Ben Gurion University
During the last 2 decades, Oleg was involved in different angles of IT and infosec. Starting his career hands-on, switching to law, playing around with management roles but never going too far away from the keyboard, shaped his perspective.
In his current role, heading the R&D, Innovation and Operations of a multinational cybersecurity research center, comprised of ~ 150 people.
In addition, to CISSP, GREM, GCIH, GRID, GCFA, and numerous additional technological certifications, Oleg is recognized as a SANS Lethal Forensicator, and holds both bachelor’s and master’s degrees in international business law as well as a degree in business and management, all with honors, from the Reichman University (IDC), Israel.
Currently, Oleg is working on his PhD in Cybersecurity Engineering, and has published op-eds, papers and patents on various topics of cybersecurity.
Anthony LAI
Founder and Chairperson, VXRL / VXCON
+ Recently, I dive into browser exploitation and fuzzing.
+ For daily job, on red team and blue team mission, penetration test, incident response, SOC, and malware analysis work for customers
+ PhD, Computer Science @ HKUST for fun but not an academia, research interest: bug hunting/malware analysis/machine learning
+ Blackhat Asia CFP reviewer and Best of the Best (BoB) overseas mentor
Twitter: @darkfloyd1014
Google Scholar: https://scholar.google.com.hk/citations?user=YcjzoFkAAAAJ&hl=en
Kelvin Wong
Researcher, Hardware Ninja
Captain Kelvin (a.k.a. Forensics and Hardware Ninja) is an independent security researcher. He is specialist in hardware analysis and digital forensics. He focus on the drone security and forensics researches. He was the first and the only one Asian who leaded a group of white-hat hackers to held an in-depth, hands-on drone and hardware hacking village in BLACK HAT and DEFCON. He was also a frequent speaker and trainer in different top-notch security and forensics conferences including SANS, HTCIA, DFRWS, HITB, SINCON and HITCON.
Angelboy Yang
Security Researcher, DEVCORE @ Taiwan
An-Jie Yang(Angelboy) is a security researcher of DEVCORE and a member of CHROOT security group from Taiwan. He is a vulnerability researcher focusing on binary related security. He participated in a lot of CTF, such as HITB,DEFCON,Boston key party and won 2nd in DEFCON CTF 25/27 with HITCON CTF Team. In the past two years, he has pwned several products in Pwn2Own Mobile. He is also a speaker at conferences such as HITCON, CodeBlue, VXCON, AVTokyo, HITB GSEC.
Gal Diskin
VP Identity Threat & Research, Delinea
VP Identity Threat & Research @ Delinea. Security & ML Researcher, hacking for fun (and hopefully some profit)
Formerly VP Engineering @ Palo Alto Networks, CTO & Co-founder @ Authomize (aquired by Delinea). CTO @ Cyvera (acquired by PANW), CTO @ First Group, CTO @ HeXponent (acquired by First Group) and head of security research for Intel SW Security Organization.
One of the founders of the SW security organization, led SGX (aka Secure Enclave) security (incl BIOS Guard, Boot Guard and others) and worked on PIN dynamic binary instrumentation engine. At PAN (and Cyvera) I headed the endpoint product line and was involved in the creation of PAN centralized cloud and ML. At HeXponent I developed techniques for network analysis using side-channel information. At First Group I worked on key security, custody services, algo-trading, cryptocurrency security. Current startup still in stealth.
Tarjei Mandt
Senior Security Researcher, Trenchant
Tarjei Mandt (@kernelpool) is a senior security researcher at Trenchant (formerly Azimuth Security) with more than 10 years of experience researching iOS and macOS device security. He holds a Master’s degree in Information Security from NTNU Gjovik and has spoken at security conferences such as Black Hat, CanSecWest, Hack in the Box, INFILTRATE, RECon, and SyScan. In his free time, he enjoys spending countless hours challenging security mechanisms and researching intricate issues in low-level system components. Previously, Tarjei has discovered several vulnerabilities in both Windows and macOS/iOS operating systems, as well as performed extensive research and analysis on the Secure Enclave Processor and its operating system, SEPOS.
Enno Rey
ERNW
Enno is a long time infosec practitioner, both in the offense and the defense space. Being an expert in protocol analysis he gave a few talks at HITB events himself, and he's always happy to look at interesting security research.
Alan Chung
Researcher, 9Hack Labs
Paolo Stagno
Director of Research, Crowdfense
Paolo Stagno (aka VoidSec) has worked as a Penetration Tester for a wide range of clients across top-tier international banks, major tech companies and various Fortune 1000 industries.
He worked as a Vulnerability Researcher and Exploit Developer for Exodus Intelligence, where he was responsible for discovering and exploiting unknown vulnerabilities (zero days) in Windows OS, enterprise applications, network infrastructure components, IoT devices, new protocols, and technologies.
He is now the Director of Research at Crowdfense, focused on Windows OS offensive application security (kernel and user-land). He enjoys understanding our digital world, disassembling, reverse engineering and exploiting complex products and code.
In his own research, he discovered various vulnerabilities in the software of multiple vendors and tech giants like eBay, Facebook, Google, HP, McAfee, Microsoft, Oracle, Paypal, VMware and many others.
Since the beginning of his career, he has enjoyed sharing his expertise with the security community through his website (https://voidsec.com). He is also an active speaker in various security conferences around the globe like HITB, Typhooncon, Vulncon, Hacktivity, SEC-T, Droidcon, HackInBo, M0leCon, TOHack and Meethack.
A non-exhaustive list of vulnerabilities and CVEs that he has discovered can be found at https://voidsec.com/advisories/
Matteo Collura
Manager, Ernst & Young
Matteo is a Manager at Ernst&Young focusing on Cloud Security and Penetration Testing. In the past he worked on technical research projects involving FPGAs, wireless networks and NFC systems, presented at different conferences around the world, e.g., DEFCON, BlackHat Arsenal, Hack In The Box, CCC.
He holds a double-degree M.Sc in Micro and Nanotechnologies for Integrated Systems agreed upon EPFL Lausanne, Politecnico di Torino and INP Grenoble, a double M.Sc degree at Politecnico di Milano in Electronic Engineering thanks to Alta Scuola Politecnica, and a B.Sc in Electronic Engineering from Politecnico di Torino.
Piano player in the free time, globetrotter whenever possible, with love for chess, card magic, and strategy games.
Bletchley Chen
Research Director , CyCraft @ Taiwan
Chung-Kuan Chen is currently a senior researcher in Cycraft, and responses for organizing their research team. He earned his PHD degree of Computer Science and Engineering from National Chiao-Tung University (NCTU). His research focuses on network attack and defense, machine learning, software vulnerability, malware and program analysis. He tries to utilize machine learning to assist malware analysis and vulnerability discovery, and build automatic attack and defense systems. He has published several academic journal and conference papers, and has involved in many large research projects from digital forensic, incident response and malware analysis. He also dedicates to security education. Founding of NCTU hacker research clubs, he trains students to participate world-class security contests, and has experience of participating DEFCON CTF (2016 in HITCON Team and 2018 as coach in BFS team). Besides, he has presented technical presentations in non-academic technique conferences, such as HITCON, RootCon, CodeBlue OpenTalk, FIRST and VXCON. As an active member in Taiwan security community, he is in the review committee of HITCON conference, and ex-chief of CHROOT - the top private hacker group in Taiwan. He organized BambooFox Team to join some bug bounty projects and discover some CVEs in COTS software and several vulnerabilities in campus websites.
Hikohiro Y LIN
Managing Director, PwC Consulting LLC
Mr. Hikohiro Y Lin had been in charge of Product Security at Panasonic headquarters for over 15 years. He led several projects, including devising and deploying security test methods and risk assessments for IoT devices, formulating product security standard rules and guidelines, building a global product security system, formulating head office product security strategies, establishing Panasonic Cyber Security Lab for future cybersecurity research and product-focused security incident responses team, etc. He had served as Head of Panasonic PSIRT, Head of Product Security at Panasonic Global, and Director of Panasonic Cyber Security Laboratory. Also, He has received (ISC)² ISLA(Information Security Leadership Achievement)APAC Senior Information Security Professional 2018 Showcased Honoree and Community Service Star. He speaks in many international conferences such as Black Hat, CODE BLUE, Kaspersky Security Analyst Summit (SAS),HITCON and Government invited roundtable Panelist. Mr. Hikohiro Y Lin is currently appointed Managing Director of Digital Trust at PwC Consulting LLC
Dr. Kitti Kosavisutte
Chairman , Thailand Banking Sector Computer Emergency Response Team (TB-CERT)
Dr. Kitti Kosavisutte is chairman of Thailand Banking Sector Computer Emergency Response Team (TB-CERT). He has more than 20 years experiences in information security covering policy, standards, architecture, data security, threat intelligence and human element.
Kitti is a founding member of TB-CERT which aims to develop the standards and strengthen the competency in cybersecurity for Thailand banking sector. Kitti also works as Chief Information Security Officer for Bangkok Bank and an advisor to Asian CIO Association Graduating with an M.Eng and Ph.D. in Computer engineering from The University of Electro-communications, Japan.
Paramin Chuangmanee
CERT Manager, Thailand Banking Sector Computer Emergency Response Team (TB-CERT)
Paramin Chuangmanee is a CERT manager of Thailand Banking CERT (TB-CERT). He has been in cyber security since 2006 and he has a strong background in both technical and management.
He gained great experience in cyber security by working for leading companies in various sectors (banking, telecommunication, healthcare, manufacturing, and consulting). Currently, he is working on cyber threat intelligence (CTI) for the banking sector and coordinated security incidents that impacted banking.
He also is a cyber protection team of the National Cyber Security Agency (NCSA) and contributed knowledge and experience to drive the cyber security communities in Thailand.