BSidesVienna 0x7e8

Aaron Kaplan

Background: Computer Science TU Vienna and Mathematics Univ. of Vienna.

Currently working for DIGIT-S.2 where he focuses on how AI can help IT security and Cyber Threat Intelligence Analysis.

Prior to joining DIGIT-S.2, Aaron was employee #4 of CERT.at, the national CERT of Austria from 2008-2020.

At CERT.at, he co-developed and founded the IntelMQ Incident Response automation framework (intelmq.org).
During his time at CERT.at he held multiple additional roles. Amongst others, he was member of the board of directors of the global Forum for Incident Response and Security Teams (FIRST.org) between 2014-2018.

He is a frequent speaker at (IT security) conferences such as Blackhat, hack.lu, FIRST or Falling Walls, amongst others.

He is the founder of the FunkFeuer (http://www.funkfeuer.at) free wireless mesh community ISP in Austria. Funkfeuer, received international attention as a role model for bottom-up networking. Amongst others an article in Scientific American [1]

Aaron likes to come up with ideas which have a strong positive benefit for (digital) society as a whole and which scale up.

Alex has nearly a decade of experience in penetration testing and currently works as the Director of Consulting at TrustFoundry, a U.S.-based cybersecurity firm. With a strong focus on web application security, Alex combines deep technical expertise with strategic leadership, guiding teams to identify and mitigate complex security vulnerabilities. He prides himself upon his ability to explain technical concepts to non-technical people.

Clemens, member of the hackspace Metalab.at, is an embedded linux and network engineer with a background in community wireless networks, electrical engineering and "enterprise" system archeology.

Security Engineer, RedTeamOps @Freshworks - OSWE, EJPT, Rastalabs HTB, CTF Player @TamilCTF

I am Giriraj R., presently serving as a Security Engineer at RedTeamer at Freshworks. In my current role, I specialize in implementing automated solutions at an enterprise-wide level, as well as Purple Teamer. I have garnered substantial recognition through my active participation and victories in numerous Capture The Flag (CTF) competitions, adopting the moniker 'Cipherlover' and collaborating with the distinguished CTF team 'TamilCTF.' My profound insights extend to Purple Teaming, cloud security, and the operational aspects of the Security Operations Center (SOC). With a passion for cybersecurity, I'm committed to fortifying digital landscapes and continuously expanding my knowledge.

Hetti is an IT Security Expert based in Vienna and part of the finest Viennese Hackspace Metalab.

During day he is breaking IT infrastructure for a living and at night he works on fun hacking projects and deals with state-of-the-art legacy infrastructure.

He enjoys traveling to community based IT (Security) Conferences and Camps.
You can also find him at the Chaos Computer Club Vienna (C3W) where he is mainly involved with Chaos Macht Schule (CmS).
On some weekends he is hunting flags with the successful academic CTF Team We_0wn_Y0u.

themoep.at, security scholar at TU Wien, conjurer of pretty pixels, wiggles air into sound, he/him

Julian-Ferdinand Vögele is a senior threat researcher at Recorded Future’s Insikt Group. With extensive experience in malware research, he specializes in tracking infrastructure linked to both cyberespionage and cybercriminal operations. Prior to joining Recorded Future, Julian-Ferdinand worked in offensive security and studied computer science at UCL in London. He is a fellow of the European Cyber Conflict Research Initiative (ECCRI).

Jürgen Brandl is a senior cyber security analyst and has 10 years of experience working in incident response, protecting both governmental and critical infrastructure from cyber attacks. In his current role, he is researching and advocating for the need to use AI to face the emerging threat landscape.

I have been working in cybersecurity for over 10 years. Currently, I am part of the IT security team in the game development industry. In my free time, I design cyber ranges for my side project, Defbox.

Cyber Security Analyst & Researcher

Manuel Kern is a researcher and security consultant who started his career as a server admin and soon shifted his focus solely to IT security. During his time as a professional pentester at the Austrian Institute of Technology, he explored ways to improve detection methods and decided to write his Master’s thesis on efficiently detecting adversaries in computer networks. This research led him to continue his academic path, currently working on his PhD in threat detection. In his free time he is NIS and ISO27001 auditor, amateur DJ and enjoys scuba diving.

Martin was a long-time developer, before one of his websites got hacked. This way, he realized you can earn money (officially, of course, and always with a permission to attack) doing something he now considers the best job there is. Nowadays he's mostly doing Application Security in the form of black-box web-app penetration tests and source code reviews via his company Adversary GmbH.

Other than that, he tries to communicate his fascination with the industry to not-so-technical folk by producing the "Hacks of the Week" and sometimes does talks.

Graduated in mathematics
Holistic perspective on computers: former developer, sysadmin, security officer, university teacher and even computer salesman
Now a security consultant specializing in application security
Open source lover

Paul loves all things cybersecurity and hacking. He loves to work in the areas of OSINT, Recon, Red Teaming and CTI for offensive purposes as well as AI security. He is an IT security analyst at NSIDE ATTACK LOGIC. He enjoys learning from others and sharing his knowledge. Outside the infosec world, he has an interest in sports, watch repair, and adding to his pile of unfinished projects, languages, and skills he tried to learn or build.

Roei Sherman is the Field CTO at Mitiga, a leading Cloud Incident Response company, where he leverages his extensive expertise in cybersecurity to drive innovation and guide strategic initiatives. With over a decade of experience in adversarial cybersecurity roles, Roei specializes in Red Team operations, utilizing an adversarial mindset and guerrilla tactics to enhance defensive strategies across various security engagements, including training, lectures, and consulting.
Roei's career began in the Field Intelligence unit of the IDF, where he continues to serve in the Reserves. He has held significant positions at AB InBev as Global Director of Offensive Services and as an information security consultant and Red Team leader for EY Israel. His technical acumen encompasses red team engagements, cloud security, social engineering, physical security, deception, and incident response.
Roei is known for his ability to think like an attacker, providing invaluable insights and strategies for robust cybersecurity defenses. His contributions to the field have made him a sought-after speaker and consultant, helping organizations strengthen their security posture against evolving threats.

Sarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area.​

She possesses a Master's degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies.​

In addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at international industry conferences.​

Stuart is a Lead Engineer on the Offensive Security team at Klarna, where he focuses on Red Teaming, Unix, and general Swiss Army knifery. He's been on the offensive side of public and private sector security for seven years, during which time he's been an operator and trainer and developed a small arsenal of public and private offensive tools.

Tamir Ishay Sharbat is a software engineer with a passion for security and in particular AI security. His current focus is identifying vulnerabilities in enterprise AI products such as Microsoft Copilot and Copilot Studio, crafting prompt injections and elaborate attacks, and implementing effective security measures to protect these systems. With previous experience as a startup founder and CTO, Tamir is also a Techstars Tel Aviv alumni

Timo Longin (also known as Login) is a senior security consultant at SEC Consult at day and a security researcher at night. Aside from everyday security assessments, he publishes blog posts and security tools, holds talks at conferences and universities, and has a passion for CTFs. His main focus is on web applications; yet, infrastructure and hardware are not safe from him either. For example, in his prior research, Timo discovered DNS vulnerabilities in web applications, hosting providers and even entire countries. However, most people know him for discovering SMTP smuggling. As a well-rounded offensive security researcher, he tries to find forgotten and new exploitation techniques that make the unthinkable possible!