The Important People

Ben Gras

Ben is currently a security research intern with Cisco Systems and has been part of the systems security research group at the Vrije Universiteit Amsterdam since 2015 where he is pursuing a PhD in mischief. Recently publicized attack research has included a reliable Rowhammer attack presented at Blackhat Europe in 2016.

Previously, he was a scientific programmer working on the Minix operating system under Andy Tannenbaum for 10 years.


Mikhail Davidov

Mikhail Davidov is a Principal Security Researcher at Duo Labs specializing in vulnerability research and reverse engineering. After spending years in the consulting bug mines and developing crash dump analysis tools for DARPA, Mikhail now helps keep software and hardware vendors accountable for their security claims. His recent published research includes an in depth analysis of OEM updaters and an EMET bypass.


Dr. Ang Cui & Rick Housley

Dr. Ang Cui is the Founder and Chief Scientist of Red Balloon Security. Dr. Cui received his PhD from Columbia University in 2015. His doctoral dissertation, titled “Embedded System Security: A Software-based Approach”, focused exclusively on scientific inquiries concerning the exploitation and defense embedded systems. Ang has focused on developing new technologies to defend embedded systems against exploitation. During the course of his research, he has uncovered a number of serious vulnerabilities within ubiquitous embedded devices like Cisco routers, HP printers and Cisco IP phones. Dr. Cui is the creator of FRAK and the inventor of Software Symbiote technology. Ang has received various awards on his work on reverse engineering commercial embedded devices and was named a DARPA Riser in 2015.

Rick Housley, Research Scientist at Red Balloon Security, will be co-presenting along with Dr. Cui.

"We’d like to present badFET as an open, low-cost platform for conducting EMFI research. We believe electromagnetic fault injection is a fascinating sub-field of study. The cost of commercial EMFI equipment is prohibitively expensive for many researchers. We would like to democratize this area of research by sharing our low-cost open EMFI platform with the security research community."

Red Balloon Security was founded in 2011 by two of the world's leading cyber-security researchers. They are a Columbia Portfolio Company and a Microsoft Ventures Accelerator Company.

Red Balloon Security

Geoff Chappell

Geoff Chappell is the author of the Windows programming resource at, of some articles for Poc||GTFO, and long ago of the book "DOS Internals". He has been reverse engineering since before many attendees were born. He developed it to be a better programmer but he occasionally moonlights as a security researcher. Some years he does well from being a bit of both. Others he can't get work as either.

Sarah Zatko

Sarah Zatko is the Chief Scientist at the Cyber Independent Testing Lab (CITL), where she develops testing protocols to assess the security and risk profile of commercial software. She also works on developing automated reporting mechanisms to make such information understandable and accessible to a variety of software consumers. The CITL is a non-profit organization dedicated to empowering consumers to understand risk in software products. Sarah has degrees in Math and Computer Science from MIT and Boston University. Prior to her position at CITL, she worked as a computer security professional in the public and private sector.

@Cyber ITL

Sophia D'Antoine and Ryan Stortz

Sophia is a senior researcher at Trail of Bits and spends too much time going to noise concerts. Noise, or Noize, not music, found its roots in early electronic and industrial musics. A typical example today is some insane Japanese sound sculptor screaming and pounding sound through endless feedback loops of overdriven distortion pedals and short wave radios, producing waveforms in chaotic and unpredictable shapes. On the other hand you have ‘sounds of refrigerator.’ Sometimes it's work that comes with the following suggestion in its liner notes: LISTEN AT NIGHT WHILE SNOW FALLS SILENTLY UNDER STREET LIGHTS. The work is not cathartic.

Ryan is a principal researcher and tifosi at Trail of Bits.

@trailofbits    @withzombies

Marion Marschalek

Marion takes things apart, with a passion. She works as an independant researcher and focusses on targeted threats and incident response cases. Marion started her career within the anti-virus industry and also worked on advanced threat protection systems where she built a thorough understanding of how threats and protection systems work and where both fail, only occasionally. Also, Marion teaches malware analysis at University of Applied Sciences St. Pölten and frequently contributes to articles and papers. She has spoken at international conferences around the globe, among others Blackhat, ReCon, SyScan, and Troopers. Marion organizes an annual and free reverse engineering bootcamp for women named BlackHoodie.