SyScan'09 Conference 19-20 May Hong Kong

About Speaker

Thomas Lim

Thomas Lim is the Founder and CEO of COSEINC and SyScan. Previously as the head of IT Security in one of the largest IT services companies in Singapore, he was highly disappointed with the so-called Security seminars organised by the various vendors to be nothing but a sales and marketing pitch. In 2004, he founded SyScan, a true-blue technical-based and vendor neutral IT security conference with a strong emphasis on cutting edge security research. Today, in its 6th year, SyScan is one of the most recognised security conference in the security community. As for COSEINC, this is the only privately based and funded security research company in Singapore, which became highly prominent in the security community after the publication of “BluePill” – the first hardware based VM rootkit back in 2006.

Cédric Blancher

Cédric has been working for 7 years in network security field,
performing audits and penetration tests. In 2004, he joined EADS Innovation Works and now runs the Computer Security Research Lab in Suresnes, France. His research focuses on network security, wireless links and protocols security, Wi-Fi in particular. He is an active member of Rstack team and French Honeynet Project with studies on
honeynet containment, honeypot farms and network traffic analysis. He had delivered technical resentations and trainings worldwide, written papers and articles on network security and wrote Wi-Fi traffic injection tool Wifitap. Cédric's website: http://sid.rstack.org/

Frank Fan 范渊

Frank Yuan Fan CISSP, CISA, GCIH, GCIA
Vice President of OWASP China Mainland,
President of DBAPPSecurity Ltd.

Speaker of US Blackhat 2005, 2006. He has been in network and application security area for over 10 years. Hands on “Web application and Database attack and defense” experience. He holds Master of Science (Computer engineering) degree from University of California.

范渊 CISSP, CISA, GCIH, GCIA OWASP中国区付主席, 杭州安恒信息技术有限公司技术总监

美国黑帽子大会2005年2006年演讲者, 10多年的网络和Web应用安全和数据库安全实践攻防经验. 毕业于美国加州大学计算机科学系.

Kostya Kortchinsky

Kostya (Miami, FL) joined the team from EADS France in 2006. Kostya is an industry-recognized security researcher. He has published numerous vulnerabilities and is an expert exploit developer, reverse engineer and web application assessment specialist. Kostya is consistently responsible for being first to develop exploits for Microsoft vulnerabilities when they are announced. He has spoken at most of the major industry conferences and teaches Immunity vulnerability analysis classes.

Ben Nagy

Ben Nagy is a security researcher with COSEINC, currently working out of Kuala Lumpur. For the past few months he has been working full time in the guts of the Word 2007 Binary Format and integrating the results into Metafuzz, his ruby-based fuzzing framework. Previously working on liver destruction with eEye in Geneva and Bangkok, Ben has written whitepapers on a number of subjects and presented at several conferences in Europe (Infosecurity in London) and Asia (Ruxcon). These papers include:

"SEH security changes in XPSP2"
"Generic Anti-Exploitation Technology for Windows"

Shreeraj Shah

B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank and IBM in security space. He is also the author of popular books like Web 2.0 Security (Thomson 07), Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

David Thiel

David Thiel is a Principal Security Consultant with iSEC Partners, Inc. David has over 12 years of computer security experience, auditing and designing security infrastructure in the electronic commerce, government, aerospace and online wagering industries. His areas of expertise are web application penetration testing, network protocols, fuzzing, UNIX, and MacOS X. Research interests include mobile and embedded device exploitation, media software vulnerabilities, and attack vectors in emerging web application technologies and network protocols. He has presented research and security topics at Black Hat USA, BlackHat EU, DEFCON, and PacSec.