Ahmed Hassan is an austrian cybersecurity engineer and penetration tester with over 7 years of experience in offensive security, recognized for speaking at major international conferences including Black Hat Saudi Arabia, Hack Red Con, and the Arab Security Conference. He has identified vulnerabilities for organizations such as United Nations, SAP, NASA, and multiple government institutions worldwide, while also earning 52 CVEs and numerous industry certifications including OSCP and CRTP.
- Defending Identity Infrastructure of the Active Directory with Deception Technologies
Mit über einem Jahrzehnt Erfahrung in Softwareentwicklung und Sicherheitslösungen unterstütze ich derzeit als selbständiger Software und Security Consultant Unternehmen dabei, innovative und sichere Softwarelösungen zu entwickeln.
Meine Arbeit als Senior Software Architect hat mir tiefe Einblicke in die Architektur komplexer Softwarelösungen ermöglicht. Aktuell bin ich als Ethical Hacker und Bounty Hunter speziell auf #Hackerone aktiv.
Seit Mai 2026 bin ich Hackerone Ambassador für Österreich.
https://h1.community/austria-hackerone-club/
- HackerOne Club Austria
Andreas Neuhold has 17+ years of experience building and operating core and security solutions for cable, fibre, and mobile internet access for leading international Tier-1 ISPs.
Current areas of activity include projects and R&D aimed at developing new technologies, standards, and integrations in the fields of Quantum Communication using both Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC).
- Quantum Secure Communication
My fascination about complex systems began early on - with hacking computer games. While studying computer science at the University of Innsbruck, I discovered the Austrian Cyber Security Challenge, a capture-the-flag competition that promotes IT security talents in Austria.
My successful participation in this competition opened my way into professional IT security at the end of 2017. Since then, I have been pursuing my passion as a penetration tester. I have specialized in the field of red teaming and attack simulations through numerous further education and training courses - a field that continues to fascinate me.
I am currently deepening my knowledge in the areas of internal infrastructures and malware development. This enables me not only to increase the precision of our penetration tests, but also to implement techniques such as lateral movement, local privilege escalation and full domain compromise in red team engagements even more effectively.
- NTLM-Relaying in Practice
I’m a caffeine-powered Red Teamer @ slashsec specializing in tearing apart Active Directory, conducting physical reconnaissance, and talking my way into places I shouldn't be. If I'm not dumping your credentials, I'm probably casing your facility or cloning your badge.
- Your Firewall Won’t Save You From a Crowbar: Introducing the PACT Framework
Cybersecurity Analyst focused on Offensive Security. I spend my time between terminals looking for the next challenge. That means that I have jumped between different topics on this huge Cyber Security world (Incident Response, Forensics, Threat Hunting, Pentesting & Red Teaming) but between us I like the feeling of getting a reverse shell ;). However this time I am comming up with:
- Offensive AI: Red Teaming Machine Learning Systems
Happy Hacking!
- Offensive AI: Red Teaming Machine Learning Systems
Florian Haselsteiner is a Security Consultant, Penetration Tester, and Red Teamer at SEC Consult, specializing in offensive security and advanced security assessments. With several years of experience in penetration testing, vulnerability management, and adversary simulation, he helps organizations identify and mitigate complex security risks across enterprise environments.
His primary area of expertise is macOS security, which was also the focus of his master's research in Information Security (Dipl.-Ing.). His work led to the discovery and responsible disclosure of nine CVEs affecting five different vendors, contributing to improvements in the security of the Apple ecosystem and related technologies.
He holds a BSc. in Information and Software Engineering and industry-recognized certifications including CWES, CPTS, OSCP, and COAE. His interests include macOS internals, offensive security research, red teaming, and vulnerability discovery.
- XPC Client Validation? Music to my ears!
Gerhard is a Principal Security Consultant at SEC Consult who specializes in embedded systems and critical infrastructure. He works in the SEC Consult Hardware Laboratory in Vienna. His main job is executing security assessments of embedded systems, IoT/OT devices and OT networks to uncover configuration issues and zero-day vulnerabilities. He is a holder of several IT security certificates, speaker at local conferences, and has published numerous security advisories and blog posts.
- Windows CE Memory Archaeology - Recovering Files from Windows CE 5.0 on NXP i.MX28 NAND Flash
Hello everyone, my name is Iryna. I was born in Ukraine, but I live in various parts of the world. I am a teacher, a senior specialist in IT security and GRC, and a lecturer in Media Philosophy, Media Sociology and Intercultural Communication.
English and German are not my native languages, but I take every opportunity in my daily life to speak, read and think in English (and German anyway).
If I were asked to write about my life, I would talk about growing up in a working-class family, religious discrimination, financial and social inequality, unequal access to education, the long and slow path to an academic degree, migration and integration.
I’m more of a jack-of-all-trades with a wide range of interests; I get hooked on new things quickly, and I happily give 200 per cent when something catches my interest.
In my spare time – if I have any – I go bouldering or sometimes work shifts for the emergency medical service :)
- Before There Was a Password — The Philosophy and Politics of Secrecy
themoep.at, security scholar at TU Wien, conjurer of pretty pixels, wiggles air into sound, he/him
- Back to the Binary: Revisiting Similarities of Android Apps
Jakob is a penetration tester and security professional from Austria. He is particularly passionate about offensive security, including network penetration testing and Windows malware development. By day he works in an internal penetration testing team, conducting and leading engagements, while at night he mostly works on Conquest, a malleable and modular C2 framework written in Nim.
- BOFs in the Background: Async object file execution in modern C2 frameworks
Originally from Germany, Jakob is a penetration tester and security consultant based in Vienna, currently completing a Master's in Information Security at the University of Applied Sciences St. Pölten. He spent over two years at SBA Research conducting penetration tests of web applications, fat clients, and corporate networks, alongside source-code audits and social engineering assessments. Most recently, he worked as a penetration tester at Raiffeisen Informatik, where his work spanned penetration testing, CERT activities, and security incident management. He holds the OSCP and BSCP certification. His current research, part of his Master's thesis, examines divergences and security-relevant behavior across CBOR parser implementations.
- Parsing CBOR is a Minefield: A Study of CBOR Parser behavior
Jonas has been working in Cyber security for more than 15 years, specializing in Incident Response and the defense against advanced persistent threats. His experience spans firewall security, endpoint security, and digital forensics, with a strong focus on supporting organizations during critical security incidents. In his work, Jonas helps customers investigate complex intrusions, contain active threats, and turn technical findings into actionable decisions for crisis management. He regularly works at the intersection of technical analysis, organizational response, external advisors, and law enforcement. He is particularly interested in identifying and disrupting APT actors by combining forensic evidence, endpoint and network telemetry, and threat intelligence to understand attacker behavior and improve defensive strategies.
- Zero Files, Zero Noise: Checkmate in Three.
I deal with IT law so you can take care of tech.
Mag. Katharina Bisset, MSc is an attorney in Lower Austria, co-founder of the legal tech companies NetzBeweis and Nerds of Law. Before that, she worked for several years in large IT companies. Her areas of expertise are IT, IP, AI-, and data protection law. In addition to her legal education, she holds a MSc in Business Process Management and Engineering. She is also member of the disciplinary council at the Lower Austria Bar Association and a university lecturer.
- It's Not You, It's Your Dependencies: A Nerdy Lawyer's Guide to the Software Supply Chain
Martin Herfurt is an Austrian IT‑security researcher, Bluetooth‑security expert, and founder of the Salzburg-based security company IT‑Wachdienst. He is best known internationally for uncovering vulnerabilities in Tesla’s Bluetooth PhoneKey system and for his long-standing work in wireless security.
- Project TEMPA: Getting Phon(e)key with Tesla Security Again
I studied at the 42 Vienna coding school, which is in Heiligenstadt, and work at RBI, which is also there. I am also doing MA in Philosophy at University of Szeged (Hungary).
- What is software?
Niels is a Red Teamer at Mantodea Security who is well-known for (accidentally) breaking things, even if he doesn't want to. His work is focused on red team operations and researching technology on a low level in the hopes of finding just one more bug.
- Hey Claude, find 0days - Using AI for Vulnerability Research & Red Teaming
I have been passionate about ethical hacking and cyber security for as long as I can remember.
I currently have more than eight years of experience in Red Teaming and Penetration Testing and am winner of multiple Austrian (and European) Cyber Security Challenge CTFs.
While I was still studying computer science at Graz University of Technology, I dedicated myself to Penetration Testing and have been working in this industry continuously since summer 2017.
I am proud to also be part of the Pentesting 101 Master's lecture at the ISEC Institute at TU Graz.
My current focus lies on cloud environments and infrastructure, improving Red Team engagements by leveraging cloud-native technologies and tools for initial access, lateral movement and data exfiltration.
- NTLM-Relaying in Practice
I am a security consultant at KPMG. I love breaking AI and using AI to break other stuff. When AI becomes too much hype and magic I go touch some grass and break into buildings.
- MCP - Most Concerning Protocol
Dr. Ronke Babajide is Manager Systems Engineering at Fortinet Austria, where she leads a technical team advising organizations on securing hybrid IT/OT environments.
With a PhD in Theoretical Chemistry from the University of Vienna, she started her IT career during the commercialization of the internet — progressing from web development and systems engineering into network performance, application delivery, and security.
Over 15+ years in technical presales and advisory roles at Riverbed, Radware, VMware, and Fortinet, she has built deep expertise across the full infrastructure stack. This background gives her a practical, grounded perspective on how AI is transforming cybersecurity on both sides of the equation.
At Fortinet, she sees this shift firsthand: AI-driven threat detection and automated response are now core to the security platform, while adversaries increasingly use generative AI to scale phishing, develop malware, and accelerate attacks.
Her daily work involves helping customers navigate this new reality — where AI is both the tool and the threat, and where traditional security models no longer hold up against the speed and sophistication of modern attacks.
- When Machines Hack Back: How AI Rewrote the Threat Landscape in 12 Months
Incident responder by trade coffee addict by choice. knows that in Incident Response, "unprecedented" is just another Tuesday. With a career dedicated to mitigating high-stakes digital and physical threats.
- The sky is no longer the limit
Sven is a co-founder of Bai7 GmbH in Austria, which is specialized in trainings and advisory. He has expertise in cloud security, offensive security engagements (Penetration Testing) and Application Security, notably in guiding software development teams across Mobile and Web Applications throughout the Software Development Life Cycle (SDLC) to integrate robust security measures in from the start.
Besides his day job, Sven is involved with the Open Worldwide Application Security Project (OWASP) since 2016. As a co-project leader and author, he has significantly contributed to the OWASP Mobile Application Security Testing Guide (MASTG), Mobile Application Security Weakness Enumeration (MASWE) and the OWASP Mobile Application Security Verification Standard (MASVS).
- Hacking Mobile Apps in a Structured Way
I started picking locks in 2024 and have been a member of the Lock Picker's United (better known as LPU) online community for 2 years. Picking locks for me is more of a leisure activity, which I do out of curiosity and for the feeling of accomplishment. There's nothing better than tackling a hard lock and finally getting it to open.
- Locks opened keyless the hard way
- Try to open a lock keyless
Slava is a security researcher with 15 years of experience in information security. He has found more than 60 zero-day security vulnerabilities in IoT devices, Windows, and Linux applications. Currently working in the automotive field, his greatest interests are embedded systems and Linux internals.
- Net Shredder: Coverage-Guided Network Fuzzing for the Linux Kernel
Wolfgang Ettlinger is heavily interested in the technical aspects of IT security, in particular application security. In the past decade he has gathered experience with a broad range of languages, technologies and frameworks in e.g. penetration testing, source code review and secure software development projects. He is responsible for the identification of dozens of CVEs affecting products from Citrix, Oracle, Symantec, Sophos, Trend Micro, etc. He currently serves as the Head of Research and Director for Application Security at Certitude Consulting.
- "The Human Factor. Cybersecurity's weakest link or most adaptive defense?"
Wolfgang Hotwagner is a Research-Engineer at the Security Research Team of the Austrian Institute of Technology(AIT), where he works on various topics like "Log File Anomaly Detection", "Bug Hunting" and "Cyberrange". He is a Linux enthusiast with a focus on IT security.
- Attackbed: A Damn Vulnerable Network for Profit and Fun
Yvonne Bauer humanist with many years of expertise in human resources, recruiting, and diversity. After studying psychology and knowledge management, she worked for two consulting firms that focused on comprehensive HR consulting for IT companies. For several years now, she has been working in the cybersecurity industry, where her primary concern is to get more women excited about this field and encourage them to pursue and advance their careers in information security by volunteering as board member and national coordinator at Women4Cyber Austria.
- "The Human Factor. Cybersecurity's weakest link or most adaptive defense?"
There is nothing to tell about my past year.
There are totally different, but mostly follow the same principle.
Details i do not write public.
You can ask me!
My world are layer 1 to layer 8.
I do anything in the IT from hardware to frontend and beyond the keyboard.
You can challenge me.
I do not stand on the side of the attackers, i'm on the side will be attacked.
I do not want, that you are smiling, that you broke my system.
So I talk, listen and laugh to/with the attackers, that I know, what they do.
For the others I'm the guy, who made the backups for them. Or not.
You can trust me!
And I'm a lock picker since 2018.
You can try it!
- Locks opened keyless the hard way
- Try to open a lock keyless