Aaron Portnoy is Chief Product Officer at Mindgard and the inaugural Hacker Fellow at Dartmouth College, applying over twenty years of offensive research to AI security. He created the Pwn2Own hacking competition, organizing and judging its first six iterations while running research at TippingPoint's Zero Day Initiative, and went on to co-found Exodus Intelligence, one of the first firms to commercialize zero-day research. Over his career he has personally discovered hundreds of zero-day vulnerabilities in software from vendors including OpenAI, Cursor, NVIDIA, Microsoft, Google, Amazon, Palo Alto Networks, and Adobe; authored the award-winning IDA Toolbag; and published research in Phrack. He has led offensive programs at Raytheon and Boldend and pioneered attack surface management research at Randori through its IBM acquisition. His current research focuses on the security of AI systems. Featured in TIME Magazine's 2014 cover story "World War Zero," Aaron has delivered over thirty invited talks at venues including Black Hat, REcon, CanSecWest, EkoParty, USENIX WOOT, BlueHat, RSA, and the NSA Distinguished Speaker Series.

Alejandro Pinna is the manager of the Offensive Security Research team in SentinelOne, focusing on Offensive Tradecraft and evasive TTP analysis.
Passionate about CyberSecurity and Offensive Security for many years, belonged to one of the most advanced Red Teams in Spain till he joined SentinelOne in 2022, where he contributed with advanced research till finally he started leading the team in January 2025

Angelo Frasca is part of the Exploits and Antitampering Research team in SentinelOne for the last 2 years.
His work consists on understanding which techniques Windows Exploits use to obtain privileged primitives in the kernel and creating defenses against them, improving SentinelOne EDR self-protection and detection capabilities

Andy has been working at MIT Lincoln Laboratory for 14 years researching program analysis and reverse engineering.

Angelo is a security researcher specialised in Windows Internals. He currently works at SentinelOne, where he conducts research on advanced exploits and tampering techniques targeting the Windows ecosystem. Angelo’s background also includes web application penetration testing and red teaming, particularly assume-breach adversary simulations.

Angelo is eCXD, eCPPT, eJPT and OSCP certified. He enjoys reverse engineering and programming. His GitHub profile (https://github/lem0nSec) features his main contributions to the cybersecurity community.

Angelo has a master’s degree in International Security Studies from University of Leicester, where he graduated in 2021 with the ‘Best Campus-Based Masters Dissertation Prize’ and the ‘Best Campus-Based Masters Student Performance Prize’.

Arnau is a hacker, security researcher and mathematician with over a decade of experience across academia and industry, spanning software protection research and practical defenses in anti-malware and anti-cheating.

He is a Principal Research Engineer/Scientist at Hex-Rays, where he works on advancing binary semantic analysis within IDA. He is also Founder of Fura Labs, a boutique firm specializing in software protection and reverse engineering consulting and training, and an external PhD researcher at the University of London.

Arnau is a regular speaker and trainer at international security conferences.

eternal practitioner of the mystical dark arts of gibson hacking and fearless leader of a veritable global army of digital gangsters.

Elias is a longtime IDA pro user with over 20 years of experience. He was also a programmer for IDA, and during his Hex-Rays tenure, he developed key features such as the Bochs and WinDbg plugins and contributed vastly to IDAPython. Today, Elias is a game security engineer who focuses on helping first- and third-party game studios mitigate against cheaters and game vulnerabilities.
In his free time, Elias runs the @allthingsIDA YouTube channel dedicated to teaching practical reverse engineering with IDA Pro and various reverse engineering tools.
Additionally, Elias is an accomplished author/co-author with titles such as Batchography: The Art Of Batch Files Programming, Practical Reverse Engineering, and The Antivirus Hacker's Handbook.
Elias is embarking on his fifth year of teaching with us.
Fun fact: Elias likes riding Electric Unicycles (EUCs) with over 6,000 miles so far. He is an intermediate racing FPV drone flyer and a good bowling player. Elias can handle technical discussions alongside spiritual and new-age topics in a single sitting.

Erik Egsgard is a Principal Security Developer with Field Effect. With over 20 years experience in the computer security field he has found vulnerabilities across a wide range of software and operating systems including Windows, MacOS, iOS and Android.

I am doing vulnerability research and reverse-engineering in the Donjon, Ledger's product security team.

Florian Magin is a Security Researcher at Fraunhofer Institute for Secure Information Technology (SIT) with 10 years of experience in getting distracted by subpar decompiler output.

After an initial excursion into industry at ERNW Research GmbH, he switched to the kind of place where it's acceptable to spend months solving the
general problem instead of 5 minutes in a debugger: an academic research institute.

There, he has been building analysis tooling to tackle the myriad languages cropping up in the iOS app store: Objective-C, Swift, Flutter, React
Native, and others.

Founder and CEO at Knostic, CISO-in-Residence for AI, Cloud Security Alliance.

Gadi Evron is Founder and CEO at Knostic, an AI agent security company, CISO-in-Residence for AI at CSA, and chairs the [un]prompted conference. Previously, he founded Cymmetria (acquired), was the Israeli National Digital Authority CISO, founded the Israeli CERT, and headed PwC's Cyber Security Center of Excellence. He wrote the post-mortem analysis of the "First Internet War" (Estonia 2007), founded some of the first information-sharing groups (TH-Research, 1997, DA/MWP, 2004), wrote APT reports (Rocket Kitten - 2014, Patchwork - 2016), and the first paper on DNS DDoS Amplification Attacks (2006). Gadi has written two books on cybersecurity, is a frequent contributor to industry publications, and speaker at industry events, from Black Hat (2008, 2015) to Davos (2019) and CISO360 (2022).

Grégoire Menguy is a researcher at CEA LIST in the Binsec team, where he works on new reverse engineering methods to help code understanding and malware analysis. He is the lead researcher and developer of Xyntia, a state-of-the-art black-box deobfuscation framework for binary code. He received his PhD in 2023 for his work on symbolic AI for reverse and program comprehension.

Holger is a long-time security enthusiast with over 25 years of experience in the information security industry. He began his career as a penetration tester and now works at Cisco Talos as a technical leader in malware and threat hunting. His work focuses on discovering emerging threats and analyzing their inner workings.

Holger has presented at international security conferences including Recon, Black Hat, Hack In The Box, ISC, NorthSec, and Cisco Live, among others. He is also the author of several offensive and defensive security tools and won the IDA Plugin Contest in 2020 with his Dynamic Data Resolver (DDR) plugin.

More recently, his research has focused on reversing Nim binaries (Recon 2023), VMProtect (Recon 2024), and dynamic binary instrumentation (Recon 2025).

Security researcher with strong interest in Windows internals, RE tooling and automation. Previously spent two years at the French Ministry of Defense on vulnerability research and RE tooling. Currently works at Konvu on automated vulnerability triage. Lectures on cybersecurity at French engineering schools.

Christian Herrmann, better known in the hacker community as “Iceman”, is a co-founder of AuroraSec and RRG, and has helped develop many of today’s most widely used RFID research tools, including the Proxmark3 RDV4 and the Chameleon Mini.

He is a well-known RFID hacking and Proxmark3 evangelist, serving the community as both a forum administrator and a major code contributor alongside other developers since 2013.
Christian has spoken at hacker conferences around the world, including Troopers, Black Hat Asia, DEF CON, Hardwear IO, SSTIC, NullCon, Pass-the-Salt, BSides Tallinn, BlackAlps, TenguCon, Balccon, TumpiCon, WHY and SaintCon.
He also runs a YouTube channel where he shares his knowledge of RFID hacking with the public.

With over 15 years of experience in bespoke software development, Christian specializes in .NET platforms and is a Certified MCPD Enterprise Architect.

He possesses near-unmatched expertise in the Proxmark3 architecture and various RFID technologies, and has served as an instructor for Red Team Alliance (RTA), including training sessions at Black Hat.

Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, occasional YouTuber, creator of the first electronic badges for DEFCON, member of L0pht Heavy Industries, and former technological juvenile delinquent.

John McIntosh (@clearbluejar) is a security researcher at ClearSecLabs specializing in reverse engineering and offensive security. His expertise spans binary analysis, patch diffing, and vulnerability discovery, with multiple open-source security tools for vulnerability research available on his GitHub. His website, https://clearbluejar.github.io/, features detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra.

John has delivered advanced reverse engineering and vulnerability discovery talks at leading international security conferences worldwide, including Black Hat, REcon, Insomnihack, Ringzer0, SecTor, 44CON, and DEF CON. His sessions emphasize systematic, reproducible workflows and hands-on, AI-augmented analysis, consistently recognized for clarity and technical depth. A distinguished presenter and educator, John maintains a fervent commitment to sharing cutting-edge research, advancing binary analysis, and fostering collaboration within the global security community.

Joshua Reynolds is the founder of Invoke RE. With over a decade of experience, Joshua has held senior roles at industry-leading companies, including Cisco and CrowdStrike. Joshua has spoken at major conferences such as REcon, RSA, DEF CON and Virus Bulletin on topics including ransomware, malicious document analysis and automating malware analysis. Joshua’s industry-standard malware analysis training courses are taught to hundreds of students globally through his company Invoke RE.

Kirils Solovjovs is Latvia's leading white-hat hacker and IT policy activist. He began programming at age 7, and by grade 9 was already writing machine code directly in a hex editor during lunch breaks. Renowned for uncovering and responsibly disclosing critical vulnerabilities in national and international systems, he is an expert in network flow analysis, reverse engineering, and social engineering. A lifelong command-line enthusiast, he uses bash daily for hacking, automation, and large-scale data processing.
He is the author of the jailbreak tool for MikroTik RouterOS and played a pivotal role in developing e-Saeima, the world's first fully remote legislative system used by the Latvian Parliament. Today, Kirils serves as lead researcher at Possible Security.

Lennert is a security researcher specializing in the security of embedded and connected devices. His research focuses on reverse engineering, physical attacks, and practical attacks on real-world systems. Among his recent high-profile projects are the development of a modchip for fault injection attacks on a Starlink user terminal, and uncovering vulnerabilities in Saflok hotel locks.

Marion Marschalek is an independent security consultant and trainer with her consulting company Hack & Cheese. Prior to that she held senior positions at AWS and Intel, and different roles in the threat detection industry, as a malware reverse engineer and incident responder. Marschalek is a frequent speaker at major security conferences, including Black Hat, Defcon, HITB, RSA, and SyScan, among others. She used to teach reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master’s Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry. In her spare time she enjoys long distance running.

Marion Marschalek is an independent security consultant and trainer with her consulting company Hack & Cheese. Prior to that she held senior positions at AWS and Intel, and different roles in the threat detection industry, as a malware reverse engineer and incident responder. Marschalek is a frequent speaker at major security conferences, including Black Hat, Defcon, HITB, RSA, and SyScan, among others. She used to teach malware analysis and reverse engineering classes at University of Applied Sciences St. Poelten, from where she graduated in 2011 with a Master's Degree in Information Security. In 2015 she started a hacker bootcamp for women titled BlackHoodie, which over the years established itself as a global initiative to attract more diverse talent to the security industry. In her spare time she enjoys long distance running.

Mark Lim has been in the cybersecurity domain for close to 20 years. Currently, he is a principal malware reverse engineer at Palo Alto Networks. He focuses on analysing malware samples and developing detection mechanisms. Mark constantly looks for opportunities to improve his reverse engineering skills by sharing experiences with others. Mark believes every piece of binary contains a story waiting for a reverse engineer to tell it. Before working at Palo Alto Networks he spent 10 years as a blue teamer at the Singapore government. Mark has spoken at VirusBulletin 2023, 2024 and 2025 and JSAC 2026.

I'm Mathieu Farrell a member of Quarkslab's Adversary Simulation Team
focusing on vulnerability research and exploit development looking for
initial access vectors.

Mathilde Venault is a security researcher at CrowdStrike, where she specializes in threat detection through malware analysis, adversary tradecraft research, and reverse engineering of Windows internals. She has delivered workshops and presented at conferences including Black Hat USA, REcon, 44CON, SinCon, and c0c0n, driven by a passion for documenting what Microsoft won't. True to her French roots, she's always down to turn any conference hallway into a dinner table — bread and cheese non-negotiable.

Nick is a member of the Android Anti-Malware Team at Google where he focuses on off-market malware and phishing applications. When Nick isn’t reversing malware he’s day-dreaming about endpoint detection strategies, lockpicking, and carbs (mostly beer, but bread too). An interesting fact about Nick is that he has an eclectus parrot who keeps escaping from his house in Seattle.

Nicole Fishbein is a security researcher and malware analyst. Prior to Intezer, she was an embedded researcher in the Israel Defense Forces (IDF) Intelligence Corps. Nicole has been part of research that led to the discovery of previously unseen APT malware and novel attacks on Linux-based cloud environments. Her current research focuses on the use of non-standard languages like .NET, Go, and Rust by advanced threat actors.

Nicolò Altamura is a security engineer (MSc, University of Verona) working in software protection field. He specializes in reverse engineering, static analysis, and software security, creating tools like disassemblers, decompilers, and obfuscation frameworks. Through his blog and open-source projects, he explores advanced topics ranging from Mixed Boolean-Arithmetic transformations to malware detection heuristics. Drawing on both academic research and hands-on experience, he aims to bridge theory and practice in the field of software protection.

Olivier’s 21 years of expertise in the silicon domain began at the helm of one of the world’s most elite Integrated Circuit (IC) Analysis Labs. Under his leadership, the facility focused on the dual mission of securing next-generation silicon and engineering robust countermeasures for current devices to neutralize piracy and counterfeiting threats.
During this tenure, Olivier pioneered numerous innovative techniques for semi- and fully-invasive IC analysis. His deep mastery of Failure Analysis (FA) methodologies and specialized laboratory equipment allows him to pinpoint and access vulnerable logic on even the most hardened target devices.
A pioneer in offensive hardware security, Olivier is redefining the limits of automated IC analysis. His methodologies transcend traditional low-complexity targets like smartcards, scaling effectively to modern System-on-Chips (SoCs) featuring millions of gates and advanced technology nodes.
Olivier is also the architect of ChipJuice, a cutting-edge software toolchain designed to efficiently recover hardware designs regardless of their architecture, technology node, or Standard Cell Library.
He is the co-founder and CTO at Texplained.

Philippe Laulheret is a Senior Vulnerability Researcher at Cisco Talos. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them to behave in interesting ways.
Philippe presented multiple projects covering hardware hacking, reverse engineering and exploitation at DEF CON, Black Hat, REcon, Hardwear.io, Eko Party and more. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).

Roy Tu is a security engineer for the Android Anti-Malware Team at Google, specializing in static code decompilation of non-standard Android apps. Previously, Roy worked as a pentester for 4 years for NCC Group. His interests include binary reverse engineering, control flow lifting, LLVM/MLIR and hardware hacking.

My name is Sina Kheirkhah also known as @SinSinology I’m a full-time vulnerability researcher with a passion for popping shells across all kinds of targets, server-side enterprise solutions, hardware devices and I also do reverse engineering, low-level exploitation, attacking .NET/Java stacks, bypassing mitigations, chaining bugs, and all the good stuff.

To highlight some of my work, I’ve been a Pwn2Own contestant multiple times 20{22,23,24x2,25x3} and have won the “Master of Pwn” title at the 2025 January edition of Pwn2Own competition in Tokyo Japan. Later in October of the same year, came back as @SummoningTeam (@_mccaulay, @Yogehi, @Ch0pin, @hyprdude) and all of us together won the “Master of Pwn” title at the October edition of Pwn2Own in Cork Ireland.

Stefan Esser is an independent security researcher focused on Apple platform internals. He is best known for early work on PHP security, including Hardened-PHP and Suhosin, as well as vulnerability research across a wide range of software. Over the last decade his work has centered on iOS and macOS, with a focus on kernel and Apple Silicon security architecture. He co-authored iOS Hackers Handbook and regularly speaks internationally about Apple security research and reverse engineering.

Tim Blazytko is a well-known binary security researcher and reverse-engineering expert with a PhD in program analysis. He focuses on independent consulting and hands-on work across reverse engineering and software protection. He regularly contributes to the reverse engineering community through trainings, international conference talks, research papers, and open-source tools. Furthermore, he supports clients with advanced binary analysis, malware investigations, and security audits. Tim also serves as Chief Scientist at Emproof.

Tim is a professional Silvio Cesare impersonator who specializes in wedding(), birthday_party() and funeral().

I have extensive experience across diverse industry verticals such as automotive, banking, medical, mobile, embedded, industrial control, public utilities, oil & gas, wired and wireless networking, telecommunications, cloud computing, and AI.

As a key member of advanced security research teams at BreakingPoint Systems, Accuvant Labs, Optiv Security, Duo Security, Trend Micro, Atredis Partners, and Together AI, I have successfully delivered hardware and software products, security research, and consulting services to customers and the wider security community.

I attended the conference a couple of times in the 2008-2012 time frame. You don't need me to tell you how great REcon is. It's really great.

Toshinori Usui is an associate distinguished researcher and security principal at NTT Social Informatics Laboratories, with 10+ years of experience in binary analysis, malware analysis, and offensive security. Toshinori has presented his research at top-tier hacker and academic conferences such as Black Hat USA Briefings, REcon, RAID, and ACSAC. He is also a CTF lover focused on reversing and pwn, formerly belonging to Sutegoma2 and binja and currently Team Enu. Toshinori received his Ph.D. in 2021 and has some security certificates, including GREM and GCFE.

Cybersecurity researcher and software engineer at MIT Lincoln Laboratory.