applied security conferences and training: CanSecWest | PacSec |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Security Masters Dojo


Ashfaq Ansari

Ashfaq Ansari is the founder of HackSys Team code named "Panthera". He is a Security Researcher with experience in various aspects of Information Security. He has authored "HackSys Extreme Vulnerable Driver" and "Shellcode of Death". He has also written and published various whitepapers on low level software exploitation. His core interest lies in "Low Level Exploitation", "Reverse Engineering", "Program Analysis" and "Hybrid Fuzzing". He is a fanboy of Artificial Intelligence and Machine Learning. He is the chapter lead for null (Pune).

John Bambenek

John Bambenek is VP of Security Research and Intelligence at ThreatSTOP, a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign, and a handler with the SANS Internet Storm Centre. He has over 18 years experience in Information Security and leads several International investigative efforts tracking cybercriminals - some of which have lead to high profile arrests and legal action. He currently tracks neonazi fundraising via cryptocurrency and publishes that online to twitter and has other monitoring solutions for cryptocurrency activity. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He has produced some of the largest bodies of open-source intelligence, used by thousands of entities across the world.

Dawid Czagan

Dawid Czagan (@dawidczagan) is an internationally recognized security researcher, trainer, and author of online security courses. He is listed among Top 10 Hackers (HackerOne). Dawid Czagan has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter and other companies. Due to the severity of many bugs, he received numerous awards for his findings. Dawid Czagan shares his security bug hunting experience in his hands-on trainings "Hacking Web Applications - Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More" and "Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation". He delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent) and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: Dawid Czagan is a founder and CEO at Silesia Security Lab - a company which delivers specialized security testing and training services. He is also an author of online security courses. To find out about the latest in Dawid Czagan's work, you are invited to subscribe to his newsletter and follow him on Twitter (@dawidczagan).

Stefan Esser

Stefan Esser, is a German security researcher. He developed Antid0te, an ASLR for jailbroken iPhones in fall 2010, but never released it, because iOS since 4.3 includes an implementation of ASLR. He developed an untethering exploit for iOS 4.3. He gave a version of the exploit that worked on iOS 4.3.1 to the iPhone Dev Team which updated redsn0w and PwnageTool to use it and released the new tools on 4 April 2011. sn0wbreeze was also updated to include his untether. As the vulnerability went unpatched in iOS 4.3.2 and 4.3.3, he updated his code later to support those firmwares. An iOS 4.3-compatible version was never released. His exploit was used in Pangu jailbreak.

Joseph FitzPatrick

Joe (@securelyfitz) is an Instructor, Consultant, and Researcher at Joe specializes in low-cost attacks, hardware tools, and hardware design for security. He has a special knack for expressing hardware security concepts to both software security experts with no hardware background, as well as to hardware experts with no security background. Joe holds a master's degree in Electrical Engineering with a focus on information security from Worcester Polytechnic Institute. Before starting, he was a Security Researcher with Intel's Security Center of Excellence where he conducted hardware penetration testing of desktop and server microprocessors, as well as security validation training for functional validators worldwide.

Alex Ionescu

Alex Ionescu is the Vice President of EDR Strategy at CrowdStrike, Inc., where he started as its Chief Architect more than six years ago. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is coauthor of the last three editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities and design flaws, as well as over a few dozen nonsecurity bugs. Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad and AppleTV. Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.

Richard Johnson

Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently the Research Lead of Talos Group for Cisco, Richard offers 15 years of expertise and leadership in the software security industry. Current responsibilities include research and development of advanced fuzzing and crash analysis technologies facilitating the automation of the vulnerability triage and discovery process. Richard has presented annually at top-tier industry conferences worldwide for over a decade and was co-founder of the Uninformed Journal.

Maria "Azeria" Markst

As an independent security researcher and founder of Azeria Labs, Maria is focused on advancing ARM security and defense beyond its current constraints - pushing the boundaries of what is thought possible with ARM security. She is also the author of the widely appreciated ARM Basics, Shellcode and Exploitation tutorials featured at and at @Fox0x01.

Jesse Michael

Jesse Michael is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has presented at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland. He has also taught classes on firmware security at RECon Montreal and Ringzer0.

Mickey Shkatov

Mickey Shkatov, a principal researcher at Eclypsium, has been performing security research and product security validation since 2010, He spends most of his time probing and hacking hardware, firmware and sometimes software.

Rick Altherr

Rick Altherr has a career ranging from ASICs to UX with a focus on the intersection of hardware and software. During his 9 years in Google's server development group, he was responsible for key components of the infrastructure that monitored machine health across Google's datacenters, led the unification of OpenBMC as a project under Linux Foundation, and publicly explained how Titan is used to provide a root of trust for measurement. As Principal Engineer at Eclypsium, Rick is both a security researcher focused on vulnerability detection and mitigation in firmware as well as a software engineer integrating the findings of that research into Eclypsium's products. In his free time, he reverses engineers FPGA bitstream formats and ECU (engine control unit) programming protocols, tunes drag race car engines and he restores classic cars.

Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and security enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post-exploitation research. He has 9+ years of experience in Penetration Testing for his clients, who include many global corporate giants. He is a member of Red teams of selected clients, and specializes in assessing security risks at secure environments that require novel attack vectors and an "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation.

He is creator of Kautilya - a toolkit that makes it easy to use HIDs in penetration tests, and Nishang - a post exploitation framework in PowerShell. In his spare time, Nikhil researches new attack methodologies to update his tools and frameworks.

Nikhil has held training sessions and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. He has spoken and trained at conferences like Defcon, BlackHat, CanSecWest, Shakacon, BruCon, Troopers, DeepSec, PHDays, Hackfest and more. He blogs at

Vikram Salunke

Vikram is the Information Security Researcher, Consultant and Founder at Vmaskers. Vmaskers provide network, wireless, web, Android and iOS applications penetration testing services and training for corporates. His main responsibilities are to look after application security, lead security automation and provide training. He has also developed several internal security tools for the organization to handle the security issues. Vmaskers provide training for organisation's internal team that includes developers and penetration testers to improve quality of the applications.

He has also discovered serious web application security flaws in many unique product giants all over the world. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Web App, Android, iOS App Pentesting. He is responsible for Pentesting, Code Review and Security Certification of Hybrid Mobile Applications. Responsible for breaking and fixing business critical Web Applications, Web Services, and client facing applications built with HTML5 and JS. He has previously trained in CHCon and will be training in OWASP Morocco.

Marc Schoenefeld

Marc Schoenefeld came first into contact with computers by exposure to a C64. Since then he is infected by bits and bytes. He studied Business Informatics and joined GAD, a banking data center, in 1997, where he worked daytime as Software Security Architect, after work hunting for new CVEs. In 2007 he joined the Red Hat Security Response Team. Early 2010 he graduated with a Dr. rer. nat. degree in computer science (comparable to PhD). He spoke about Java Bytecode Security at Blackhat 2002, since then he also presented and gave trainings about various topics at major conferences like Blackhat, RSA, CanSecWest, HITB, PacSec, XCon, Confidence, HITB and Java One. In 2009 he released undx, a tool to convert android binaries back to Java classes. In 2011 he first released a book about JVM security, showing defense and attack techniques on Java software and then joined the Oracle Java Vulnerability Team. In his free time he enjoys a walk with his dogs.

Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest,, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Blessen Thomas

Blessen Thomas is an Independent Security Researcher & Senior Security Consultant working in Big Four, where he delivers web application, smart watch wearable application, and mobile (iOS, Android, Windows) penetration testing, vulnerability assessment and network penetration testing for several Enterprise companies and financial institutions. He has a BTech in IT from Anna University, and holds industry certifications such as CREST CRT (PEN), CREST CPSA, OSCP, C|EH - EC-COUNCIL, and C|HFI.

Blessen has been listed and acknowledged in various "HALL OF FAMES" for companies such as Oracle, Sony, Kayako, Appcelerator, Hotgloo, Meldium, Splunk. He is a Synack Red Team Inc. Security Researcher, and an active contributor for the OWASP Mobile Testing Guide Project, Android Tamer.

His research training and talks have been accepted into various security conferences such as CanSecWest 2017, OWASP Appsec Europe 2016, RootCon 2016, OWASP PH 2016, Infosec SouthWest 2016, and FSec 2016.

Krassimir Tzvetanov

Krassimir Tzvetanov is a graduate student at Purdue University focusing on Threat Intelligence, Operational Security and Counter-intelligence techniques (in the cyber domain).
In the recent past, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research.
Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security.
Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650.
Krassimir holds Bachelors in Electrical Engineering (Communications) and Masters in Digital Forensics and Investigations.

Guillaume Valadon

Guillaume is security engineer and researcher at the French Network and Information and Security Agency. He obtained his Ph.D. on optimizations of the Mobile IPv6 protocol. From fall 2004 to fall 2006, he was doing research at the University of Tokyo where he worked on the security of the Mobile IPv6 protocol, and co-authored the IPv6 extension for Scapy. He gave technical presentations, classes and live demonstrations, and wrote research papers for conferences and magazines.

Josh Watson

Josh Watson is a Senior Security Engineer with Trail of Bits. An acknowledged Binary Ninja expert, he has published numerous articles about reverse engineering with the Binary Ninja APIs which remain some of the most detailed documentation available on the internet and released several related open-source plugins and tools. Additionally, he has both presented talks and delivered trainings on automating software analysis with Binary Ninja. In his spare time, he hosts a Twitch stream in which he writes program analysis tools and reverse engineers binaries with Binary Ninja for a live audience.