Ashwin Shenoi

Lead Security Engineer

CRED

India

Ashwin Shenoi is a Lead Security Engineer at CRED with an avid passion for application security. He is highly skilled in application penetration testing and automation. Ashwin is a core member of team bi0s, a top-ranked Capture The Flag (CTF) team according to CTFTime. In his role as head of the Web Security team at team bi0s, he also serves as the core challenge setter and organizer for various editions of InCTF and other CTFs organised by team bi0s. Ashwin is also a Security Trainer with 7ASecurity, and has presented talks and security trainings in various security conferences such as BlackHat Asia, BlackHat USA, BlackHat Europe, Nullcon, and ThreatCon. Ashwin has a strong background in identifying and exploiting vulnerabilities in open source applications, and he has been awarded multiple CVEs for his contributions to the security community.

Aswin M Guptha

Senior Security Engineer

Traboda CyberLabs

India

Aswin M Guptha is a Security Researcher at Traboda who has over 8 years of expertise in Web Application Security. He has extensively participated in various penetration testing activities on infrastructure ranging from CMSs to hospitals over the past few years. He is also involved in testing various mobile applications. He has also delivered talks and training for students, working professionals and government authorities on various advanced topics.

Divyanshu Shukla

Senior Security Engineer

Meesho

India

Senior security engineer with more than 5 years of experience in Cloud Security, DevSecops, Web Application Pentesting, Mobile Pentesting, Automation, and Secure Code Review. He has reported multiple vulnerabilities to companies like Airbnb, Google, Microsoft, AWS, Apple, Amazon, Samsung, Zomato, Xiaomi, Alibaba, Opera, Protonmail, Mobikwik, etc, and received CVE-2019-8727 CVE-2019-16918, CVE-2019-12278, CVE-2019-14962 for reporting issues. Author Burp-o-mation and very vulnerable serverless application. Also part of AWS Community Builder for security and Defcon Cloud Village crew member. He has also given training and seminars in events like Nullcon, Parsec IIT Dharwad, GirlScript Chandigarh University, and Null community.

Ravi Mishra

Lead Devops

Groww

India

7+ years of experience in DevSecops & DevOps. Currently working as Lead DevOps @ Groww Highly Skilled in IAC Security, AWS & GCP Security, SRE, Container Security, K8s (EKS & GKE) Security. Experienced In deploying EKS & GKE Cluster. Previously worked with DevOps Engineering Teams in OLX Group, Paytm Bank, and Opstree. He has also given training and seminars in events like Null Community & Bsides Bangalore

Abhinav Thakur

Security Researcher

Payatu Security Consulting Pvt. Ltd.

India

Abhinav Thakur is currently working as an IoT Security Researcher at Payatu. Having experience working with malicious software and binary analysis, he specializes in reverse engineering and breaking digital devices. Currently targeting IoT devices varying from simple bare-metal systems to complex OS-based systems. He spends most of the day understanding system internals and developing payload to achieve unintended behaviour on his targets.

Kartik Lalan

Sr. Security Engineer

PIC (Independent)

India

Product Security Engineer @ Security Centre of Excellence – Philips Innovation Campus. He is M.Tech. in CS with Specialization in Information & Network Security. He conducts frequent talks and workshops on Info Sec topics @ several places including C0C0N, Bsides Delhi & Bangalore Chapter, OWASP, Null A'bad & Bangalore Chapter, DroidCon-IN. Kartik loves to write technical Blogs in his leisure time

Aravind C Ajayan

Sr. Security Engineer

PIC (Independent)

India

Sr. Security Engineer with Philips and is part of the Security Centre of Excellence team. Aravind's primary areas of expertise are web/thick client application penetration testing, hardened system security, network security, and windows active directory security. He has helped to fix severe issues in IMS(Internet Management Software) solutions through responsible disclosures. Aravind pursued his master's in Cyber Security Systems and Networks from Amrita Vishwa Vidyapeetham, Coimbatore. He is an Offensive Security Certified Professional (OSCP) and has published several research papers on security in IEEE and Springer

Anant Shrivastava

Information Scurity Professional

India

Anant Shrivastava is an information security professional with 15+ yrs of corporate experience in Network, Mobile, Application and Linux Security. Anant is an avid opensource supporter and runs multiple opensource projects prominent of them being TamerPlatform and CodeVigilant.

He contributes to multiple Open communities like null and Garage4Hackers. He has also helped establishing local chapter in his hometown null Bhopal

He has been a speaker and a trainer at a multitude of conferences such as Black Hat -USA/ASIA/EU, Defcon, Nullcon, c0c0n, Rootconf and many more).

He also participates in various communities as a cfp reviewer. Notable of them being Blackhat EU, nullcon, Rootconf by Hasgeek, recon village @ Defcon , cloud village @ defcon, Adversary Village @ defcon

His code contributions can be found on Github. He is active on Twitter and Fediverse and his talks and presentations can be found here. He writes about his experiments at his blog.

Manish Gupta

CEO & Director

Cyberwarfare Labs

India

Manish Gupta is Director of CyberWarFare Labs having 6.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities on enterprise Environment. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc.

Yash Bharadwaj

Co-Founder & Technical architect

Cyberwarfare Labs

India

Yash Bharadwaj, Co-Founder & Technical architect at CyberWarFare Labs with over 4.5 Years of Experience as Technologist Highly attentive towards finding, learning and discovering new TTP's used during offensive engagements. His area of interest includes building Red / Blue team infrastructure, evading AVs & EDFts, Pwning Active Directory infrastructure, stealth enterprise networks & Multi cloud attacks. Previously he has delivered hands-on red / blue / purple team tninings / talks / workshops at Nullcon, X33fCon, NorthSec, BSIDES Chapters, OWASP, CISO Platform, YASCON.

David Baptiste

IT-Security Analyst & Researcher

ERNW - Ennor Rey Netzwerke GmbH

Germany

Dr. BapƟste David is an IT security specialist at ERNW, specialized in Windows operaƟng system. His research is mainly focused on malware analysis, reverse engineering, security of the Windows operaƟng system plaƞorm, kernel development and vulnerabiliƟes research. He also worked for couple of anƟvirus compagnies. He has given special courses and trainings in different universiƟes in Europe. Also, he gives regularly talks on different conferences including Black Hat USA, Defcon, Troopers, Zero Night, Cocon, EICAR, ECCWS…

Samarth Bhaskar Bhat

Technical Director

Reinfosec

India

▪ Security Architect
▪ Over six years of experience in Information Security, design and development of Application
▪ Software.
▪ Audited 50+ business Web-Applications in the areas of Banking, Finance, Insurance, Trading and eCommerce.
▪ Conducted security audit of Payment Gateway.
▪ Expertise in handling various Application security Assessments, Penetration Tests and Vulnerability Assessment
▪ Good work exposure on implementation of SOC (Security Operation Centre) and Data Loss Prevention
▪ Proficient in understanding application level vulnerabilities like XSS, SQL injection, response splitting attacks, session hijacking, authorization bypass, weak cryptography, authentication flaws & design level vulnerabilities along with the defence mechanisms.
▪ Expert in web security testing tools like Proxy Editors, Network Sniffing tools, Web Vulnerability scanners, flash de-compilers.
▪ Well versed with OWASP Top 10
▪ Proficiency in creating Threat profile for different types of applications
▪ Knowledge of different phases, methodologies, concepts and procedures involved in the PT/VA.
▪ Good understanding of vulnerability scanners like Nessus, QualysGuard, Rapid7 and Symantec CCSVM.
▪ Expertise in implementation and configuration disk encryption and email encryption (PGP)
▪ Sound knowledge on remediation process for the vulnerabilities identified during the assessment
▪ Proficient in Information security reporting for executive management
▪ Trained in secure code review of .NET applications.
▪ Trained in web services testing methodology.
▪ Sound knowledge of T-SQL, Crystal Reports, VBA, C# (Winforms), Visual Basic.NET
▪ Expertise in database programming
▪ Experienced with exposure and experience in understanding, reversing and
▪ fuzzing wireless protocols in the RF-Layer of systems.
▪ Experienced in reversing hardware protocols and implementing hardware attacks and threat-modelling of Wireless and Signals Systems. Have previous exposure and experience in Signal Design and Offensive Signal Tactics. Presently working on application of EW and SIGINT techniques in the Aerospace and Defence domain. Personal projects include machine learning and deep learning methods of recognition and deepfaking signals that can cause signal cant impact on the physical domain/layer of systems and OpenWRT for mesh networking.
▪ Signal Detection meta information extraction of signals using Commercially available SDR platforms.
▪ Protocol decomposition ofsignal of interest.
▪ Baseline formulation of minimum jamming requirements for RADAR and datalink.
▪ Utilization of SDR for SIGINT and ELINT in drones.
▪ Proof of Concept development of DRFM systems using commercially available SDR.
▪ Telecom signal (LTE) reconnaissance using commercially available SDR/
▪ Radio Direction Finding (RDF) and aggregation using commercially avaialble SDR.
▪ Establishment of CEMA guidelines for EW and Cross layer protocol research.
▪ Bechmarking of default DSP algorithms in GP-CPU's using python (adopted from BDTI guidelines).
▪ Network metrics computation of IQ data transfer metrics on mesh networks for SIGINT and ELINT operations.
▪ Wideband FHSS interception techniques using aliasing and FFT shot detection.
▪ Development of PoC of Automatic Modulation Recognition techniques using function models in python.
▪ 3D cyclostationary analysis ofsignalsfor operator visulalization.
▪ IQ signal generator and interference generator using SDR for RDF testing.
▪ Information security baseline for CEMA and ELINT operations

Abraham Aranguren

CEO, Security Trainer, Director of Penetration Testing

7ASecurity

Spain

After 15 years in itsec and 22 in IT Abraham is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. Former senior penetration tester / team lead at Cure53 and Version 1. Creator of “Practical Web Defense”, a hands-on eLearnSecurity attack / defense course, OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications

Anirudh Anand

Security Trainer@7ASecurity

Security Engineer at CRED

India

Anirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.

Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.

Ajit Hatti

Founder, Director - Pure ID

Ajit Hatti is a serial inventor and innovator and founder of PureID. He has been developing enterprise class security products over a decade and a half. Ajit regularly presents his research & tools at conferences like Black Hat, COCON & DEF CON. He is also the co-founder of Null - Open Security Community & is the founder of Blockchain Village which he organizes at DEF CON.

Arun Nair

Independent Security Researcher

India

Arun is a skilled Red Teamer with extensive malware development and evasion expertise. With a strong background in offensive security, Arun possesses a range of certifications, including the Offensive Security Certified Professional (OSCP), CodeMachine Malware Techniques, and Malware on Steroids. These certifications demonstrate Arun's deep understanding of advanced strategies and techniques involved in malware development. Arun has honed this knowledge through practical experience from working with renowned organizations such as Google and Mandiant. These engagements have provided Arun with invaluable insights into the tactics employed by real-world adversaries. With his comprehensive skill set and hands-on experience, Arun is well-equipped to tackle the most sophisticated cybersecurity and red teaming challenges.

Aravind Prakash

Red Team Operator

Resillion

India

Aravind is an experienced Red Teamer working in Resillion with a strong background in offensive security and a passion for malware development. With multiple certifications, including CRTP, CRTE and CRTO. Having conducted numerous engagements, Aravind has gained valuable insights into the tactics used by real-world adversaries. Their expertise allows them to simulate attacks and identify system and network vulnerabilities.