Recon 2025

Andreas Klopsch is a Malware Reverse Engineer at the Microsoft Threat Intelligence Center (MSTIC). With a strong background in reverse engineering, malware analysis, and vulnerability research, Andreas is dedicated to analyzing and understanding complex malware threats. His current research efforts focus on developing techniques to simplify the analysis of rust binaries.

Andrei started his career at Bitdefender in October 2008 as a junior virus researcher. In December 2011, he moved to the research and development team as a lead for Introspection Research, where he played a pivotal role in developing the innovative Hypervisor Memory Introspection technology. His contributions extended beyond the lab, authoring academic papers, presenting at prestigious conferences like Black Hat, and co-authoring 15 patents. Currently, Andrei holds a PhD in computer science and leads a team at Bitdefender focused on innovative memory protection technologies. His passion lies in low-level systems, particularly reverse engineering, kernel security, hypervisors, and hardware-based security like side-channel attacks and speculative execution vulnerabilities.

Dr. Andrew Zonenberg is a principal security consultant at IOActive's Seattle lab, where he works on the embedded and semiconductor security service lines. His research interests include semiconductor reverse engineering, high speed digital systems, open source test and measurement equipment, and networking. He has presented at industry and academic conferences on security and reverse engineering across the USA, Canada, and Europe.

As Co-Founder of RETooling, Antonio Villani dedicates his full attention to developing red-team artifacts, including the adversary emulation library. His current work builds upon a career primarily spent on the blue-team side, where he specialized in reversing sophisticated implants and delivering crucial insights to cyber-defense and threat intelligence teams. Antonio now leverages this deep understanding to meticulously analyze complex implants, dissecting TTPs for high-quality reimplementation. He also actively contributes to the cybersecurity community by instructing on advanced malware development (MalOpSec classes) at top security conferences. His academic background includes a PhD focused on malware research and digital forensics.

Bill Marczak is a Senior Researcher at the University of Toronto's Citizen Lab where he investigates novel surveillance and censorship tools that threaten Internet freedom. Bill received his PhD in Computer Science from UC Berkeley. Some of Bill’s greatest hits include leading the first public report about NSO Group’s Pegasus spyware, and the capture of the ForcedEntry and BlastPass iOS zero-click exploits. Coverage of Bill's work has been featured in Vanity Fair, the New York Times, and on CNN and 60 Minutes.

Daniel Roethlisberger is a volunteer with the University of Toronto's Citizen Lab. In his day job, Daniel is a seasoned security practitioner and engineering manager at Swisscom. Daniel is also a part-time university lecturer and has a software engineering background, having worked on the Endpoint Security API and XNU during his time with Apple's SEAR.

Danilo Erazo is an Electronics and Computer Networks Engineer from Ecuador, with extensive experience in developing electronic devices, pentesting, programming education, and infrastructure & security analysis. He is currently focused on conducting independent research in hardware hacking, radio frequency, and car hacking. Danilo also produces and shares reverse engineering content on his YouTube channel @revers3everything. He has been a speaker at major international cybersecurity events, including Hardwear USA 2025, DEFCON 32, Ekoparty 2024, Ekoparty 2023, Bsides Colombia 2024, Nerdearla Chile 2024, a lightning talk at Re//verse conference 2025, Cybercon 2025, and more, where he has presented vulnerabilities discovered through reverse engineering techniques in routers and vehicles.
Danilo holds multiple practical certifications in cybersecurity and computer networks, such as OSWP, CEH, CBP, CCSP, CPAZ, CNSP, CAP, CPNA, CCNA, API Security for Connected Cars and Fleets, and Practical Junior IoT Tester (PJIT), among others. He is a collaborator at the Car Hacking Village at DEFCON and the founder of the Car Hacking Village at Ekoparty. Additionally, he is the founder and creator of Ecuador’s most prominent cybersecurity conference, "PWN OR DIE." You can explore more about his researchs in his blog at: https://revers3everything.com

Dr. Baptiste David is an IT security specialist at ERNW, specialized in Windows operating system. His research is mainly focused on reverse engineering, security of the Windows operating system platform, kernel drivers and vulnerability research. He also worked for couple of antivirus companies. He has given special courses and trainings in different universities in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, TROOPERS, Zero Night, C0c0n, NullCon, EICAR, ECCWS…

Senior software engineer at SpecterOps

Giulio Barabino is a Master student in the Cloud & Cybersecurity curriculum at the University of Modena and Reggio Emilia, currently writing his thesis entitled 'LLVM powered Adversary Emulation'. He holds a bachelor degree from the same university.

By day, Hendi is a Senior Security Engineer at a German security vendor, focusing on malware analysis and dissecting binary data of all kinds.
By night, Hendi has taken an interest in reversing commercial software packers and uncovering DRM secrets.

Holger is a longtime security enthusiast, with more than 25 years of experience in the information security industry. He started his career as a penetration tester and is now working for Cisco Talos as technical leader in the malware and threat hunting sector. He finds new, cutting-edge security threats and analyzes their components. Holger gave talks at international security conferences such as Recon, BlackHat, HackInTheBox, ISC, NorthSec, CiscoLive and others. He is also the author of several offensive and defensive security tools and won the IDA plugin contest with his Dynamic Data Resolver (DDR) IDA plugin in 2020. Recently, he did extensive research on reversing Nim binaries (Recon talk 2023) and VMProtect (Recon talk 2024).

Joao Santos is a distinguished lead investigator at Human Security on the Satori team. With over a decade of specialized experience in security, he has mastered roles from reverse engineering to penetration testing and sysadmin. His impressive track record extends to conducting threat research and audits for prominent enterprises and government entities in vital areas like passports and citizen IDs. Driven by his dedication to cybersecurity, Joao tirelessly shields individuals and organizations from potential cyber threats. A recognized voice in the community, he frequently shares his insights at information security conferences, championing a safer digital landscape for all.

John McIntosh, @clearbluejar, is a security researcher at Clearseclabs. His area of expertise lies within reverse engineering and offensive security, where he demonstrates proficiency in binary analysis, patch diffing, and vulnerability discovery. Notably, John has developed multiple open-source security tools for vulnerability research, all of which are accessible on his GitHub page.

Additionally, his website, https://clearbluejar.github.io/, features detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. Boasting over a decade of experience in offensive security, John is a distinguished presenter and educator at prominent security conferences internationally. He maintains a fervent commitment to sharing his latest research, acquiring fresh perspectives on binary analysis, and engaging in collaborative efforts with fellow security enthusiasts.

• https://www.clearseclabs.com/

I am a Mathematician. Computers where always close to my heart.

I graduated with a Diploma in Mathematics at the university of Bonn in 2013. My thesis proves an - at that time - novel upper bound for the decision problem of quadratic form equivalence in the field of Algebraic Complexity Theory.

Since high school, I am a self-employed developer and decided to joined a small web-development agency in Bonn after I finished graduation. In 2015, I joined the Cyber Threat Intelligence team at CrowdStrike as a full-time reverse engineer and software developer. There, we track both state-sponsored espionage actors as well as financially motivated groups carrying out criminal operations.

Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

Luke McLaren (@datalocaltmp) is a mobile security researcher focused on reverse engineering and bug hunting in large-scale messaging platforms. He shares his work publicly under the handle @datalocaltmp and runs his blog at s11research.com, a resource hub for dissecting mobile apps.

Luke’s research has uncovered vulnerabilities in Meta’s products including WhatsApp, Messenger, and Quest, with a focus on the native code, encryption layers, and signaling logic that power real-world communications.

Marc "vanHauser" Heuse is a seasoned security researcher, best known for creating prominent tools such as THC-Hydra, THC-IPv6 and maintainer or AFL++. With over two decades of expertise, he specializes in vulnerability research, code audits and network security assessments. He founded The Hacker's Choice (THC) 30 years ago, the AFLplusplus team 6 years ago, and is currently leading the code assurance team at Security Research Labs (SRLabs). Marc frequently shares his research at global cybersecurity conferences.

Nicolò Altamura is a final-year MSc student in Computer Science and Engineering at the University of Verona. He specializes in reverse engineering, static analysis, and software security, creating tools like disassemblers, decompilers, and obfuscation frameworks. Through his blog and open-source projects, he explores advanced topics ranging from Mixed Boolean-Arithmetic transformations to malware detection heuristics. Drawing on both academic research and hands-on experience, he aims to bridge theory and practice in the field of software protection.

Or Yair (@oryair1999) is a security research professional with seven years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system's components, though his past work also included research of Linux kernel components and some Android components. Or's research is driven by innovation and a commitment to challenging conventional thinking. He enjoys contradicting assumptions and considers creativity as a key skill for research. Or frequently presents his vulnerability and security research discoveries internationally at top conferences he speaks at such as Black Hat, DEF CON, RSAC, SecTor, and many more.

Philippe Laulheret is a Senior Vulnerability Researcher at Cisco Talos. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them to behave in interesting ways. Philippe presented multiple projects covering hardware hacking, reverse engineering and exploitation at DEF CON, Hardwear.io, Eko Party, Hexacon, and more. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

Riccardo Mori is a Security Engineer at Quarkslab, where he performs vulnerability research on embedded and mobile devices. He is one of the maintainers of qbindiff (a modular binary differ) and quokka (a binary exporter)

Robin David, Phd, is a Software Security Researcher and R&D lead at Quarkslab. His expertise spans firmware analysis, software testing, fuzzing, symbolic execution, and attacking obfuscation schemes. He actively contributes to several open-source security tools like TritonDSE, Pastis, QBindiff, Quokka, python-bindiff or Numbat. Robin has presented his research at multiple security conferences such as Black Hat, SSTIC, IEEE S&P, and also delivers a fuzzing training with RingZer0.

Sebastian Walla is an expert for Cloud Threat Intelligence. He is the deputy manager of the Emerging Threats team (focusing on Cloud) and built the Cloud Threat Intelligence mission at CrowdStrike. Since 5 years Sebastian worked as a reverse engineer and has been focusing on cloud intrusions for 3 years.
Sebastian studied Cybersecurity, has a Masters in Computer Science, and published a paper on automatically identifying and exploiting tarpit vulnerabilities to fight malware. He further holds the GREM and GCLD certification and presented at Euro S&P 2019, Fal.Con 2023, fwd:cloudsec EU 2024, and BSides Bern 2024.

https://web.cs.dartmouth.edu/people/sergey-bratus

Silvio La Porta is CEO and Co-Founder at RETooling defining and developing Threat Actor emulation platform enabling red team to recreate a realist attack scenario. Previously he was a Senior Cyber Security Architect designing security products and researching advanced detection technology for complex malware/APT. Silvio previously was a lead research scientist with EMC Research Europe based in the Centre of Excellence in Cork, Ireland. His primary research focus areas were real-time network monitoring and data analysis in smart grids to detect malware activity in SCADA systems and corporate networks. He was also leading Security Service Level Agreement (Sec-SLA) and end user security/privacy protected data store projects for hybrid Cloud environment. He is a frequent speaker in professional and industry conferences. Before joining EMC, Silvio worked as a Malware Reverse Engineer in Symantec’s Security Response team in Dublin, Ireland. Silvio holds a PhD in Computer Network Security from the University of Pisa, Italy.

Meet Sina Kheirkhah, widely recognized as @SinSinology in the cybersecurity community. Sina is a dedicated full-time vulnerability researcher with a passion for breaking into various systems. From cracking server-side enterprise solutions to targeting hardware and delving into reverse engineering, Sina's expertise covers a wide spectrum. He specializes in low-level exploitation, attacking .NET/Java stacks, bypassing security measures, and chaining bugs seamlessly. Notably, Sina has competed in Pwn2Own for four consecutive years and has won the "Master of Pwn" title as a solo researcher in pwn2own 2025, demonstrating his dedication to the field.

Tillmann Werner is a researcher at CrowdStrike, where his duties include the in-depth analysis of targeted attacks. He has a passion for proactive defense strategies, like honeypots and botnet takeovers. Werner is actively involved with the global computer security community and is a regular speaker on the international conference circuit.

Tim Blazytko is a well-known binary security researcher and co-founder of emproof. After working on novel methods for code deobfuscation, fuzzing and root cause analysis during his PhD, Tim now builds code obfuscation schemes tailored to embedded devices. Moreover, he gives trainings on reverse engineering & code deobfuscation, analyzes malware and performs security audits.

Toshinori Usui is an associate distinguished researcher and security principal at NTT Social Informatics Laboratories, with 10+ years of experience in binary analysis, malware analysis, and offensive security. Toshinori has presented his research at top-tier hacker and academic conferences such as Black Hat USA, RAID, and ACSAC. He is also a CTF lover focused on reversing and pwn, formerly belonging to Sutegoma2 and binja and currently Team Enu. Toshinori received his Ph.D. in 2021 and has some security certificates, including GREM and GCFE.

Travis Goodspeed is a reverse engineer from East Tennessee, where he drives a Studebaker and knows all the neighborhood dogs by name. Recently he published Microcontroller Exploits, a book detailing dozens of tricks for extracting firmware from locked chips.