Recon 2022

Andrea Allievi

Andrea Allievi is the main author of the new Windows Internals 7th Edition (Part 2). He is a system-level developer and security research Engineer with over 15 years of experience. He graduated in the University Milano Bicocca (in the year 2010) with a Bachelor’s degree in Computer Science. For his thesis, he developed a Master Boot Record (MBR) Bootkit entirely in 64-bits capable of defeating all the Windows 7 kernel-protections (Patchguard and Driver Signing enforcement). Andrea is also a Reverse Engineer, specialized in operating systems internals, from kernel-level code all the way to user-land code. He is the original designer of the first UEFI Bootkit (developed for research purposes), published in the year 2012, multiple Patchguard bypasses, and many other research papers and articles. He is the author of multiple system tools and software used for removing malware and advanced persistent threads. In his career, he has worked in various computer security companies, from the Italian TgSoft, Saferbytes (now MalwareBytes), to the Talos group of Cisco Systems Inc. He originally joined Microsoft back in the beginning of year 2016, starting as a Security Research engineer in the Microsoft Threat Intelligence Center (MSTIC) group. Since January 2018, Andrea is a Senior Core OS Engineer in the Kernel Security Core team of Microsoft, where he mainly maintains and develop new features for the NT and Secure Kernel (like Retpoline or the Speculation Mitigations for example).

Pravan Kant is an Engineer in the Visual C++ team of Microsoft, where he develops and maintain compiler features.

  • Function overrides, from a Security mitigation to a fully-fledged Performance Feature in Windows
Andrew Ruddick

Andrew is a Security Researcher on the Vulnerabilities & Mitigations team at the Microsoft Security Response Centre (MSRC). He has worked in computer software and hardware security for around 8 years, with prior experience in software development. Andrew has particular expertise in low-level Windows OS internals, kernel development, vulnerability research, exploit development and mitigation techniques. He has previously presented at the USENIX Workshop on Offensive Technologies (WOOT) on the optimization of cryptographic primitives for hardware-accelerated password cracking.

  • <talk withdrawn>
David Manouchehri

David Manouchehri started his professional career half a decade ago after being recruited by the Department of National Defence. He has since worked for the startup Linchpin Labs (acquired by L3Harris Technologies), and started up his own company. After becoming an independent security analyst consultant in 2020, he has found and disclosed half a dozen Chrome 0days.

  • Analysis of a nation-state Chrome exploit
Enrico Barberis

Enrico is a Ph.D. candidate at VUSec. His current research focuses on microarchitectural attacks and all intrinsic threats introduced by hardware design flaws. In his recent works, he disclosed microarchitectural vulnerabilities such as Floating Point Value Injection and Branch History Injection.

  • A Dirty Little History: Bypassing Spectre Hardware Defenses to Leak Kernel Data
Fabian Freyer

Fabian is a CTF player, reverse engineer, and security researcher.

  • The Mysterious Life of an Exception
Harrison Green

Harrison (@hgarrereyn) is a vulnerability researcher at Margin research and avid CTF player for DiceGang. He is interested in esoteric computation, reading control-flow graphs, and automated vulnerability discovery and he is an incoming PhD student at Carnegie Mellon University.

  • Pulling MikroTik into the Limelight: Demystifying and Jailbreaking RouterOS
Ian Dupont

Ian is a security researcher at Margin Research focused on exploit development and reverse engineering of embedded systems. A Construction Manager in a previous life, Ian now finds catharsis in deconstructing firmware and programs.

  • Pulling MikroTik into the Limelight: Demystifying and Jailbreaking RouterOS
James Niven

James Niven is a Principal Threat Researcher at Recorded Future that focuses on Russian based ransomware.

  • Malware Wars: DarkSide Strikes Back as BlackMatter
Jannis Kirschner

Jannis is a Swiss Vulnerability Researcher and CTF player. With a passion for reverse engineering and exploit development, he loves to analyze cutting edge technology, finding flaws in highly secured systems and complex applications. With his research team suid.ch he discovered critical flaws in highly sensitive systems like electronic voting systems or wifi routers. Jannis regularly participates in national and international cybersecurity competitions and shares his knowledge at conferences and events all over the world.

  • Reverse engineering of black-box binaries with symbolic and concolic execution techniques
jiska

Jiska likes to break things.

  • When Wireless Malware Stays On After Turning Off iPhones
Juan Andres Guerrero-Saade

Juan Andrés is a Principal Threat Researcher at SentinelOne and an Adjunct Professor of Strategic Studies at Johns Hopkins School of Advanced International Studies (SAIS). Juan Andrés was Chronicle Security’s Research Tsar, founding researcher of the Uppercase team. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. His joint work on Moonlight Maze is now featured in the International Spy Museum’s permanent exhibit in Washington, DC.

  • Beyond AlphaGolang: Automated hunting based on reversing Go binaries
Lindsay Kaye

Lindsay Kaye is the Director of Operational Outcomes for Insikt Group at Recorded Future.  Her primary focus is driving the creation of actionable technical intelligence - providing endpoint, network and other detections that can be used to detect technical threats to organizational systems.  Lindsay’s technical specialty and passion is malware analysis and reverse engineering.  She received a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

  • Malware Wars: DarkSide Strikes Back as BlackMatter
Marius Muench

Marius is a postdoctoral researcher at Vrije Universiteit Amsterdam. His research interests cover (in-)security of embedded systems, as well as binary and microarchitectural exploitation. He obtained his PhD from Sorbonne University in cooperation with EURECOM. He developed and maintains avatar2, a framework for analyzing embedded systems firmware. Most recently, he used the framework in the scope of the FirmWire project for automated security testing of cellular baseband implementations.

  • The Mysterious Life of an Exception
Martin Herfurt

Martin is an independent security researcher focusing - but not exclusively - on various aspects of product security related to Bluetooth wireless technology. As one of the co-founders of the trifinite.group, Martin worked with the Bluetooth SIG, helping the technology and its adopters overcome early design and implementation issues. Martin holds a master's degree in telecommunications engineering from the University of Applied Sciences in Salzburg. During the last year, he spent his free time to investigate security issues with Tesla vehicles. As part of his fascination with rapid developments in IT technology, Martin has been a regular participant and speaker at the Chaos Communication Congress (CCC) and other international IT security conferences since 1997.

  • Project TEMPA - Demystifying Tesla's Bluetooth Passive Entry system
Matt Graeber

Matt is a threat researcher who loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to more confidently contextualize them, understand relevant detection optics, and to understand the workflow attackers use to evade security controls. He is committed to making security research both accessible and actionable to defenders.

  • Living Off the Walled Garden: Abusing the Features of the Early Launch Antimalware Ecosystem
Michael Grube

I'm a developer who split off into malware design.

  • Samsara Metamorphic Engine
Moritz Schloegel

Moritz Schloegel is a binary security researcher and final-year PhD student at Ruhr-Universität Bochum. His research focuses on automated finding, understanding, and exploitation of bugs. Beyond this, he loves digging into code (de-)obfuscation, in particular looking at automated attacks and countermeasures thereof.

  • The Next Generation of Virtualization-based Obfuscators
Natalie Silvanovich

Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is messaging applications and video conferencing. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

  • Zooming in on Zero-click Exploits
Philippe Laulheret

Philippe Laulheret is a Senior Security Researcher on the Trellix vulnerability research team with Trellix’s Threat Labs. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them behave in interesting ways. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding.

Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

  • Reversing an M32C firmware -- Lesson learned from playing with an uncommon architecture
Pietro Frigo

Pietro is a PhD candidate @VUSec. His research focuses on hardware security, investigating attack vectors such as Rowhammer and microarchitectural side channels. He disclosed the first WebGL-based Rowhammer attack and was recently behind TRRespass (Rowhammer on DDR4) and the discovery of Intel’s MDS and BHI vulnerabilities.

  • A Dirty Little History: Bypassing Spectre Hardware Defenses to Leak Kernel Data
Rohit Mothe
  • <talk withdrawn>
Slava Makkaveev

Slava Makkaveev is a Security Researcher at Check Point Research. Holds a PhD in Computer Science. Slava has found himself in the security field more than ten years ago and since that gained vast experience in reverse engineering and vulnerability research. Recently Slava has taken a particularly strong interest in mobile platforms and firmware security. Slava was a speaker at REcon, DEF CON, CanSecWest, HITB and others.

  • Researching the Unisoc baseband, like in the army
Takahiro Haruyama

Takahiro Haruyama is a Sr. Threat Researcher on the VMware Threat Analysis Unit (TAU), with over ten years of extensive experience and knowledge in malware analysis and digital forensics. He previously worked on reverse-engineering cyber espionage malware with Symantec's threat intelligence team. He has spoken at several famous conferences including Virus Bulletin, REcon, HITB, SANS DFIR Summit, BlackHat Briefings USA/Europe/Asia.

  • Detect Me If You Can - Anti-Firmware Forensics
Tim Blazytko

Tim Blazytko is a well-known binary security researcher and co-founder of emproof GmbH. After working on novel methods for code deobfuscation, fuzzing and root cause analysis during his PhD, Tim now builds code obfuscation schemes tailored to embedded devices. Moreover, he gives trainings on reverse engineering & code deobfuscation, analyzes malware and performs security audits.

  • The Next Generation of Virtualization-based Obfuscators
Tomer Bar

Tomer Bar is a hands-on security researcher with ~20 years of unique experience in cyber security. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. Currently, he leads the SafeBreach Labs as the director of security research.
His main interests are Windows vulnerability research, reverse engineering, and APT research.

His recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation of 2021 Pwnie awards and several research studies on Iranian APT campaigns.
He is a contributor to the MITRE ATT&CK® framework.
He presented his research at BlackHat 2020, Defcon 2020, 2021, and Sector 2020 conferences.

  • OopsSec -The bad, the worst and the ugly of APT’s operations security
Valentina Palmiotti

Security researcher focused on low level vulnerabilities, exploit development, and offensive security.

  • Breaking the Glass Sandbox: Find Linux Kernel Bugs and Escape
Vitor Ventura

Vitor Ventura is a Cisco Talos security researcher and manager of the EMEA and Asia Outreach team. As a researcher, he investigated and published various articles on emerging threats. Vitor has been a speaker in conferences, like VirusBulletin, NorthSec, Defcon’s Crypto and Privacy Village, among others. Prior to that he was IBM X-Force IRIS European manager where he was the lead responder on several high profile organizations affected by the WannaCry and NotPetya infections. Before that he did penetration testing at IBM X-Force Red, leading projects like Connected Car assessments and ICS security assessments, custom mobile devices. Vitor holds a BSc in Computer Science and multiple security related certifications like GREM, CISM.

  • Instrumenting system applications on Android stock images
Vladislav Hrčka

Vladislav Hrčka has been working as a malware analyst at ESET since 2017. His focus is on reverse engineering challenging malware samples. He has presented results of his work at the Black Hat USA and AVAR conferences. He’s currently studying Computer Science at the Comenius University in Bratislava in the first year of master’s degree.

  • Under the hood of Wslink’s multilayered virtual machine
Yaron Samuel

Yaron Samuel is a principal malware reverse engineer at Palo Alto Networks.
Yaron spent over 10 years in the field of security research, focused on malware analysis and OS internals.
Yaron previously published a few blog posts in the Unit42 blog and got credited by MSRC for a number of reported vulnerabilities.

  • Dotnetfile: parsing .NET PE files has never been easier