THE Speakers
Aditya Singh
Trojan Penguin in the Windows: Advanced Attack Vectors Through WSL2
Aditya Singh is a Senior Security Researcher at Siemens Healthineers focused on adversary evasion techniques and digital privacy; he leads Threat Intelligence, incident response investigations, and malware analysis. Currently also conducting research at the University of Newcastle, he investigates platform-level security gaps in modern operating systems. His research has been presented at multiple international security conferences including Nullcon Goa, HackRed-Con, MY Hack Malaysia, BSides Bloomington, BSides Sydney, BSides Connecticut, BSides Mumbai & Noida and VulnCon, Defcon Delhi. His work on "Unveiling Digital Identities: Mobile Device Fingerprinting" explores multi-layered user tracking mechanisms, while "Reinventing Access Control" proposes novel frameworks to prevent phishing-driven account takeover.
Alon Friedman
Weaponizing Autonomous AI for Logical Exploits and Financial
Alon Friedman is a Principal Security Architect at Microsoft Security, with extensive experience in application security and penetration testing. He focuses on defining application security standards and researching threat landscapes. His background includes leading secure software development at Salesforce and managing application vulnerabilities at PayPal. Alon is a recognized researcher, credited with CVE-2014-4246 and the creation of the SCIP OWASP ZAP extension. A frequent speaker at international conferences, Alon has presented at venues such as Ekoparty, DeepSec, and BSides. Additionally, he serves as a lecturer at universities and colleges, teaching information security curriculums in both English and Hebrew.
Bach Ngoc Hung &
Nguyen Anh Quynh
Browser Credentials Theft: Stealers' Journey from DPAPI to App-Bound Encryption
Bach Ngoc Hung is currently working as a Redteamer at VinSOC, focusing on malware analysis/development, OS internals, and offensive security research. Through his work at VinSOC, he contributes to building malware and exploitation payloads and to helping the organization understand its exposure to advanced threats.
Nguyen Anh Quynh is the author of Capstone, Unicorn, and Keystone frameworks.
Lei HUANG
From EDR Evasion to Detection Engineering: A Practical Red-Blue Methodology
Lei HUANG is a red teamer and offensive security enthusiast at Ansen, where he focuses on practical offensive security assessment and adversary simulation. He holds multiple advanced certifications, including OSCE3, OSCP, OSEP, OSWE, OSED, and OSWP, reflecting hands-on experience across exploitation, web security, endpoint tradecraft, and wireless assessment. His research focuses on endpoint evasion and adversary tradecraft, particularly within Windows environments, with close attention to how offensive techniques interact with modern defensive controls. He is especially interested in translating technical research into realistic operator methodology and actionable insights for defenders. Through his work, he aims to bridge the gap between public tooling, real-world intrusion tradecraft, and practical security testing in enterprise environments.
Lidor Ben Shitrit
Pre-auth RCE in Enterprise Java: When Middleware Becomes the Exploit
Lidor Ben Shitrit (@Thisis0xczar) is a Cloud Security Researcher and a Founding Team Vulnerability Researcher at Novee Security, focused on uncovering vulnerabilities across major cloud platforms, with a particular emphasis on Azure. Lidor is a Microsoft Most Valuable Researcher (MVR) for 2022 and 2023, recognized for his impactful contributions to cloud security research.
Yaoan Guan
Trojan hidden in the weight—A Chain of LLM Attacks
Yaoan Guan focuses on ML cybersecurity research and AI offense and defense. He ranked among the top 15% in the Attack Phase of Track 1 at the Alibaba Cloud-AI and Global Competition and achieved top 20% in the Tencent Cloud Hackathon Intelligent Penetration Testing Challenge. He was invited as a guest lecturer at the 2025 QI-ANXIN Butian Hacker Conference. He exploited IVI vulnerabilities at Pwn2own Automotive. His team won the "Excellent Red Team" title at the Shenzhen Autonomous Vehicle Cybersecurity Competition and has been granted numerous CVE vulnerability IDs. He is an active member of a hacking group, DEFCON DC86020.