applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Security Masters Dojo

Instructors/Sensei

Ashfaq Ansari

Ashfaq Ansari is the founder of HackSys Team code named "Panthera". He is a Security Researcher with experience in various aspects of Information Security. He has authored "HackSys Extreme Vulnerable Driver" and "Shellcode of Death". He has also written and published various whitepapers on low level software exploitation. His core interest lies in "Low Level Exploitation", "Reverse Engineering", "Program Analysis" and "Hybrid Fuzzing". He is a fanboy of Artificial Intelligence and Machine Learning. He is the chapter lead for null (Pune).

John Bambenek

John Bambenek is the Manager of Threat Systems at Fidelis Cybersecurity, a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign, and a handler with the SANS Internet Storm Centre. He has over 18 years experience in Information Security and leads several International investigative efforts tracking cybercriminals - some of which have lead to high profile arrests and legal action. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He has produced some of the largest bodies of open-source intelligence, used by thousands of entities across the world.

Dawid Czagan

Dawid Czagan (@dawidczagan) is an Internationally recognized security researcher and trainer. He is a founder and CEO at Silesia Security Lab - a company which delivers specialized security testing and training services, and an author of online security courses at Pluralsight. He is listed among the Top 10 Hackers (HackerOne). Dawid has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, among others. Due to the severity of many bugs, he received numerous awards for his findings.

Dawid shares his security bug hunting experience in his hands-on trainings "Hacking Web Applications - Case Studies of Award-Winning Bugs in Google, Yahoo, Mozilla and More" and "Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation". He has delivered security training courses at key industry conferences such as Hack In The Box (Amsterdam), CanSecWest (Vancouver), 44CON (London), Hack In Paris (Paris), DeepSec (Vienna), HITB GSEC (Singapore), BruCON (Ghent), and for many corporate clients. His students include security specialists from Oracle, Adobe, ESET, ING, Red Hat, Trend Micro, Philips and government sector (recommendations: https://silesiasecuritylab.com/services/training/#opinions).

To find out about the latest in Dawid Czagan's work, you are invited to follow him on Twitter (@dawidczagan).

Stefan Esser

Stefan Esser, is a German security researcher. He developed Antid0te, an ASLR for jailbroken iPhones in fall 2010, but never released it, because iOS since 4.3 includes an implementation of ASLR. He developed an untethering exploit for iOS 4.3. He gave a version of the exploit that worked on iOS 4.3.1 to the iPhone Dev Team which updated redsn0w and PwnageTool to use it and released the new tools on 4 April 2011. sn0wbreeze was also updated to include his untether. As the vulnerability went unpatched in iOS 4.3.2 and 4.3.3, he updated his code later to support those firmwares. An iOS 4.3-compatible version was never released. His exploit was used in Pangu jailbreak.

Joseph FitzPatrick

Joe (@securelyfitz) is an Instructor, Consultant, and Researcher at SecuringHardware.com. Joe specializes in low-cost attacks, hardware tools, and hardware design for security. He has a special knack for expressing hardware security concepts to both software security experts with no hardware background, as well as to hardware experts with no security background. Joe holds a master's degree in Electrical Engineering with a focus on information security from Worcester Polytechnic Institute. Before starting SecuringHardware.com, he was a Security Researcher with Intel's Security Center of Excellence where he conducted hardware penetration testing of desktop and server microprocessors, as well as security validation training for functional validators worldwide.

Alex Ionescu

Alex Ionescu is the Vice President of EDR Strategy at CrowdStrike, Inc., where he started as its Chief Architect more than six years ago. Alex is a world-class security architect and consultant expert in low-level system software, kernel development, security training, and reverse engineering. He is coauthor of the last three editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities and design flaws, as well as over a few dozen nonsecurity bugs. Previously, Alex was the lead kernel developer for ReactOS, an open source Windows clone written from scratch, for which he wrote most of the Windows NT-based subsystems. During his studies in Computer Science, Alex worked at Apple on the iOS kernel, boot loader, and drivers on the original core platform team behind the iPhone, iPad and AppleTV. Alex is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.

Richard Johnson

Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently the Research Lead of Talos Group for Cisco, Richard offers 15 years of expertise and leadership in the software security industry. Current responsibilities include research and development of advanced fuzzing and crash analysis technologies facilitating the automation of the vulnerability triage and discovery process. Richard has presented annually at top-tier industry conferences worldwide for over a decade and was co-founder of the Uninformed Journal.

Maria "Azeria" Markst


As an independent security researcher and founder of Azeria Labs, Maria is focused on advancing ARM security and defense beyond its current constraints - pushing the boundaries of what is thought possible with ARM security. She is also the author of the widely appreciated ARM Basics, Shellcode and Exploitation tutorials featured at https://azeria-labs.com/ and at @Fox0x01.

Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and security enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post-exploitation research. He has 9+ years of experience in Penetration Testing for his clients, who include many global corporate giants. He is a member of Red teams of selected clients, and specializes in assessing security risks at secure environments that require novel attack vectors and an "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation.

He is creator of Kautilya - a toolkit that makes it easy to use HIDs in penetration tests, and Nishang - a post exploitation framework in PowerShell. In his spare time, Nikhil researches new attack methodologies to update his tools and frameworks.

Nikhil has held training sessions and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences. He has spoken and trained at conferences like Defcon, BlackHat, CanSecWest, Shakacon, BruCon, Troopers, DeepSec, PHDays, Hackfest and more. He blogs at http://www.labofapenetrationtester.com/

Vikram Salunke

Vikram is the Information Security Researcher, Consultant and Founder at Vmaskers. Vmaskers provide network, wireless, web, Android and iOS applications penetration testing services and training for corporates. His main responsibilities are to look after application security, lead security automation and provide training. He has also developed several internal security tools for the organization to handle the security issues. Vmaskers provide training for organisation's internal team that includes developers and penetration testers to improve quality of the applications.

He has also discovered serious web application security flaws in many unique product giants all over the world. He enjoys finding and exploiting software vulnerabilities via reverse engineering, source code auditing, fuzzing. He researches primarily focused Web App, Android, iOS App Pentesting. He is responsible for Pentesting, Code Review and Security Certification of Hybrid Mobile Applications. Responsible for breaking and fixing business critical Web Applications, Web Services, and client facing applications built with HTML5 and JS. He has previously trained in CHCon and will be training in OWASP Morocco.

Marc Schoenefeld

Marc Schoenefeld came first into contact with computers by exposure to a C64. Since then he is infected by bits and bytes. He studied Business Informatics and joined GAD, a banking data center, in 1997, where he worked daytime as Software Security Architect, after work hunting for new CVEs. In 2007 he joined the Red Hat Security Response Team. Early 2010 he graduated with a Dr. rer. nat. degree in computer science (comparable to PhD). He spoke about Java Bytecode Security at Blackhat 2002, since then he also presented and gave trainings about various topics at major conferences like Blackhat, RSA, CanSecWest, HITB, PacSec, XCon, Confidence, HITB and Java One. In 2009 he released undx, a tool to convert android binaries back to Java classes. In 2011 he first released a book about JVM security, showing defense and attack techniques on Java software and then joined the Oracle Java Vulnerability Team. In his free time he enjoys a walk with his dogs.

Saumil Shah

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

Blessen Thomas

Blessen Thomas is an Independent Security Researcher & Senior Security Consultant working in Big Four, where he delivers web application, smart watch wearable application, and mobile (iOS, Android, Windows) penetration testing, vulnerability assessment and network penetration testing for several Enterprise companies and financial institutions. He has a BTech in IT from Anna University, and holds industry certifications such as CREST CRT (PEN), CREST CPSA, OSCP, C|EH - EC-COUNCIL, and C|HFI.

Blessen has been listed and acknowledged in various "HALL OF FAMES" for companies such as Oracle, Sony, Kayako, Appcelerator, Hotgloo, Meldium, Splunk. He is a Synack Red Team Inc. Security Researcher, and an active contributor for the OWASP Mobile Testing Guide Project, Android Tamer.

His research training and talks have been accepted into various security conferences such as CanSecWest 2017, OWASP Appsec Europe 2016, RootCon 2016, OWASP PH 2016, Infosec SouthWest 2016, and FSec 2016.

Guillaume Valadon

Guillaume is security engineer and researcher at the French Network and Information and Security Agency. He obtained his Ph.D. on optimizations of the Mobile IPv6 protocol. From fall 2004 to fall 2006, he was doing research at the University of Tokyo where he worked on the security of the Mobile IPv6 protocol, and co-authored the IPv6 extension for Scapy. He gave technical presentations, classes and live demonstrations, and wrote research papers for conferences and magazines.