CERT EDF

This person is too lazy to leave anything.

Albert is a senior malware researcher at VMRay. Initially, Albert honed his skills as an IDS/IPS analyst, meticulously analysing security events, before transitioning to the role of an incident responder for a Fortune 50 company. Then he embarked on his next challenge: malware analysis and threat research at a respected AV/EDR company. He discovered that detection engineering and signature development came just like a second language for him, so he continued investing in this area. He is also a former conference speaker at AVAR, BSidesBUD, BSidesVienna, DisobeyFi, Hacktivity, SEC-T and Virus Bulletin.

Solid background in Penetration testing and modern malware analysis. His main research topics are threat intelligence and computer forensics. Nevertheless, he is passionate about binary exploitation, reverse engineering, and privilege escalation techniques. He now works as a principal malware analyst at Cleafy. He has spoken at Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, and Botconf 2025 as well as DEFCon 2025.

Alex Turing is a senior researcher at QI-ANXIN XLab, with deep expertise in kernel security and threat intelligence. He specializes in Linux platform threats, particularly the tracking of large-scale DDoS botnets. Over the years, he has led or contributed significantly to the discovery and in-depth analysis of several million-node botnets, including Mozi, Bigpanzi, Vo1d, and Kimwolf. His current research focuses on APTs, with a strong emphasis on uncovering campaigns and attack chains targeting Asia—especially China.

Alexey Bukhteyev is a security researcher at Check Point Software Technologies, driven by a long-standing interest in understanding how software systems work and how they fail under attack. With extensive experience in malware analysis and threat research, he focuses on uncovering new threats and developing effective defenses against malware and related attacks. His work spans malware analysis at scale, operating system security, and privacy-focused investigations, with a particular interest in applying generative AI to accelerate research workflows. Alexey has presented his work at security conferences including Virus Bulletin and BotConf.

Reverse Engineer at Orange Cyberdefense CERT. I work on malware analysis and complex intrusion investigations. With a background in digital forensics and pentesting, I combine reverse engineering with investigative methodologies to better understand attacker tradecraft. I also develop internal automation tools to support large-scale artifact analysis and configuration extraction.

Ana Rita is a Threat Researcher at Bitsight, supported by a background in Cyber Threat Intelligence, OSINT and Incident Response. Much of her work revolved around identifying and understanding emerging threats, and helping entities and teams prepare for or mitigate them.
This background is now applied to her malware research, using the same investigative approach to better understand how threats develop and operate.

I have been working for several years as a Senior Analyst in the Cyber Threat Intelligence (CTI) department at Deutsche Telekom Security. In this role I am deeply involved in analyzing attack methods and profiling threat actors. A particular focus of my work is the investigation of botnet structures—especially those associated with so called residential proxies, VPN providers, and ORB networks.

Bar Matalon is the Threat Intelligence Team Lead at Palo Alto Networks’ Cortex research department, and has over a decade of experience in cyber intelligence research. Bar has worked as a threat intelligence researcher in several international companies, including Novartis Pharmaceuticals and Intel Corporation.

Charlie is employed as a principal intelligence analyst with CrowdStrike’s Intelligence Analysis Cell and focuses on macOS malware, ransomware operators, and cryptocurrency analysis. He previously worked at TRM Labs, Dataminr, and AECOM and has presented at Fal.Con 2019 and 2020, BSides Atlanta 2020, BotConf 2022, and Disruption 2024. He is proficient in Arabic, Farsi, Russian, Spanish, and French.

Engineer

Malware Analyst at la poste group

Damien works as a Senior Malware Researcher at ESET, where he has specialized in targeted attack research. With a primary focus on APT, his main duties include hunting and reverse engineering of the latest threats. As a background, he holds an M.Sc. in Computer Science and previously worked in incident response, cyber threat intelligence, and malware analysis.

Dario is a threat researcher at Proofpoint, where he focuses mostly on cloud-based threats.
Prior to moving to the industry, he pushed the boundaries of automated, evasion-(aware|resistant) malware analysis as an academic researcher.
His research output is featured in a number of academic (RAID, NDSS, AsiaCCS, EuroS&P) and industry (BlackHat EU) conferences.

Eric Howard is a new team member of the ESET Research team in Montreal, Canada. Growing up, computers and technology have always been his passion that he shared with his brother, leading him to pursue Software Development. After a few years as a developer in the financial sector working within the fraud and financial crime team, his love for cybersecurity was realized, beginning the long journey of independent study. Eventually, Eric became part of a Cyber Threat Intelligence team within the telecom sector where he spent four years building on his skills. Now, Eric spends time on his interests, tracking China-aligned APT groups, reversing malware, and working with Rust.

Fabian is a Threat Intelligence Analyst at Deutsche Telekom Security with a focus on Cybercrime. He has multiple years of experience in tracking threat actors, malware analysis, threat hunting and similar activities. He has spoken at multiple international Cybersecurity conferences and has a strong background in computer networks and IT security research due to his former role as a researcher at the University of Bonn. He enjoys exchanging ideas with other analysts and is constantly striving to expand his network in order to better respond to cyber threats.

Federico is passionate about technology in general, with a deep interest in cybersecurity, particularly Penetration Testing, Malware Analysis, and Social Engineering. He's currently leading the Threat Intelligence Team and Incident Response at Cleafy. He oversees all activities related to monitoring and uncovering new threats and attack patterns used by malicious actors. He has spoken at HackInBO 2022, Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, Botconf 2025, DEFCON33 and other private events managed by CertFIN in the Italian territory.

French Police cybercrime engineer.

Grégoire Clermont is a Security Engineer at Sekoia.io. Over the past two years, he has researched the Adversary-in-the-Middle phishing ecosystem, developing detection strategies with a focus on Microsoft Entra ID environments, and tracking PhaaS infrastructure. He has contributed to several Sekoia publications on AitM phishing kits, including Sneaky 2FA and Mamba 2FA.

Hello !
I am studying at Eurecom in Cyber security engineering and currently doing a 6 month internship at the malware department of La Poste. You can find me on LinkedIn : https://www.linkedin.com/in/gwendal-saloum-8689a2237

Hanno Heinrichs is a security researcher at CrowdStrike's Counter Adversary Operation team. His main task is to collect information on APT and eCrime activities. Previously, he has worked in the pentesting and adversary simulation industry.

FURUKAWA Hideyuki is a malware analyst in the Analysis Team at the Cybersecurity Research Laboratory of National Institute of Information and Communications Technology (NICT) with 18 years of experience in binary code analysis for microcontrollers at a leading semiconductor company. His expertise spans reverse engineering and embedded systems software.

Hiroshi Takeuchi is a security researcher with over 10 years of experience in the industry. His main responsibilities are reverse engineering and incident response within MACNICA, a security service company for the Asia Pacific and Middle East regions. In between his day job, he has developed internal tools such as an intelligence platform, honey network, and Python scripts to support analysis. He writes blog posts and private & public technical reports, and has spoken at a number of security conferences including Virus Bulletin, CONFidence, HITCON and JSAC.

Jared has been operating in Cybersecurity for over 15 years and is currently working as a Senior threat researcher at Proofpoint focusing on LATAM threats.

Joao Santos is a distinguished lead investigator at Human Security on the Satori team. With over a decade of specialized experience in security, he has mastered roles from reverse engineering to penetration testing and sysadmin. His impressive track record extends to conducting threat research and audits for prominent enterprises and government entities in vital areas like passports and citizen IDs. Driven by his dedication to cybersecurity, Joao tirelessly shields individuals and organizations from potential cyber threats. A recognized voice in the community, he frequently shares his insights at information security conferences, championing a safer digital landscape for all.

João is a Security Researcher with over 10 years of experience in the cyber field, a B.Sc. in Computer Science and a M.Sc. in Cybersecurity and Intelligent Systems. He currently integrates the Thought Leadership team at Bitsight, researching new and emerging threats, with a focus on sharing findings with the community.

Jérôme is a security researcher at Nokia Deepfield, where he tracks DDoS botnets and proxy networks that threaten telecom and cloud providers.

Kyle Cucci is a malware analyst and detection engineer with Proofpoint’s Threat Research team. Previously, he led the forensic investigations and malware research teams at a large global bank. Kyle is the author of the book “Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats” and is a regular speaker at conferences worldwide, speaking on topics like malware analysis, offensive security, and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling, research, and blogging.

Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. She is the author of the book Dissecting the Dark Web, to be published by No Starch Press in February 2026. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

After obtaining his MSc degree in January of 2025, Maarten continues his research into DDoS botnets in a PhD position in the Cyber Security group at the Delft University of Technology. The research covers several topics, including malware analysis, monitoring live botnet activity, analyzing attack targets and investigating used attack tactics. The research is performed under the supervision of Prof. Dr. Georgios Smaragdakis and Dr. Harm Griffioen.

Maarten is a published author at USENIX and presented his work at several conferences, including Botconf and OneConference.

Maddie graduated from Tufts University with Bachelor's degrees in International Relations and Spanish. She previously worked for CrowdStrike's Intelligence Analysis Cell's Latin America mission and conducted research in Spanish and Portuguese.

Currently, Maddie is employed as a senior intelligence analyst with CrowdStrike's Global Threat Analysis Cell where she focuses on enabling and commodity eCrime threats. She previously presented at Fal.Con, OBTS, and SleuthCon on the macOS information stealer ecosystem.

Manuel is a security researcher driven by a passion to make threat actors’ lives harder. He works as a Cyber Security Analyst at dmTECH and also takes on freelance projects. When he’s off the clock, Manuel solves CTF challenges, writes blog posts for mboll.eu, and relaxes with a beer at the pub while philosophizing about the latest malware.

CTI researcher at Orange Cyberdefense CERT since 2022. In her role, she has co-authored publicly-available analyses on various cyber threats, spanning cybercrime and cyberespionage. She also worked on mapping threat ecosystems including ransomware rebrands since 2014.

Max Kersten is a senior malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. He then worked at Trellix in the Advanced Research Center, where he dove into APT malware and campaigns. Currently, Max works as an analyst at Politie (Dutch law enforcement). Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.

Mayeul is submitting this talk late and won't spend time to write a bio.

Cybersecurity professional with experience in malware analysis and threat intelligence. I’m specialized in reverse engineering Windows and Android malware, gaining deep insights into malicious operations and behaviors. Currently, I am a Malware Analyst at Cleafy, focusing on analyzing and mitigating emerging mobile cyber threats.

Nicolas Collery has been in the security field for over 20 years, focusing on fighting cybercrime.
Passionate about forensics, malware analysis, and now simulating attacks focusing on
real-adversaries’ tactics, techniques and procedure to assess the capability to prevent, detect
and respond.
He has presented at multiple conferences and security events in Singapore featuring various
applications of remote forensic toolkits, including bypass of proprietary full disk encryption, cloud
forensics and more.Nicolas now leads the active defence services at DBS Bank headquartered Singapore which
comprises the threat intelligence, penetration testing, vulnerability assessment and red & purple
teaming practices. He is a primary incident responder for DBS Computer Emergency Response
Team (DBSCERT).
Nicolas also leads application security in DBS to maintain the high standards expected by its
customers. The focus of his team is to empower the bank to release applications at a fast pace
and using modern technologies, while ensuring security.

CERT La Poste Malware Analyst in Internship

Paul is a long-time security professional with over two decades of experience in the cybersecurity field in Luxembourg. He has built extensive consulting expertise across multiple industries, covering activities from offensive security assessments to incident response and digital forensics. Prior to joining the Computer Incident Response Center Luxembourg (CIRCL), he served as Senior Security Architect in the Managed Network Security department of the European Commission, where he led the technical direction of major security projects. He later joined Excellium Services (acquired by Thales Group in 2022), where he founded and led TCS-CERT, a multi-country CSIRT dedicated to intrusion response. Paul regularly speaks at international conferences such as FIRST, Virus Bulletin, Botconf, and Hack.lu, and has published articles on DDoS, botnets, and incident response. He is a native French speaker and fluent in English.

Pedro Falé is a Threat Researcher at Bitsight, specializing in tracking botnets and researching malware tactics & Techniques. Pedro currently is looking to leverage adversary understanding to improve his role. Before joining Bitsight Pedro worked with some of the best CSIRT's in Portugal, providing xSOAR, EDR and Threat Intelligence knowledge.
He mostly enjoys finding flaws in threat actor operations and studying edge-cases.

Peter Manev is member of the executive team at Open Network Security Foundation (OISF) and Suricata Project Evangelist. Peter has over 20 years of experience in the IT Security industry, including enterprise-level practice. He is a passionate user, developer, and explorer of innovative open-source security software. He is responsible for training as well as quality assurance and testing on the development team of Suricata – the open-source threat detection engine. Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead.

Peter is the co-founder and chief strategy officer (CSO) of Stamus Networks, a company providing commercial and open-source network detection and response solutions based on Suricata.

Peter is also one of the lead maintainers of ClearNDR Community (former SELKS), the popular turnkey open-source based implementation of Suricata IDS/IPS/NSM.

Peter Manev is a co-author of The Security Analyst’s Guide to Suricata book written with Eric Leblond.
Peter Manev is a co-author of SEPTun I and SEPTun II Suricata Extreme Performance Tuning series.

Peter is a prolific writer, content creator and open source contributor about Network Cyber Security and has authored over 150 blogs , 400 visualizations and dashboards for Kibana/Elasticsearch and OpenSearch , written over 2000 detection rules, developed over 140 hunting trigger routines.

Peter has authored scientific papers on Cyber Security Strategy and Defense and also has developed and delivered over 100 hands on Cyber Security trainings and workshops for different government, public, private and defense organizations in US and Europe like the US Space command, US Missile command, NATO Counter Cyber Operations units.

Peter often engages in private or public training events in the area of advanced deployment and threat hunting at conferences, workshops or live-fire cyber exercises such as Crossed Swords, Locked Shields, DeepSec, FOSDEM, Troopers, BotConf, BSides, DefCon, Suricon, SharkFest, RSA, Flocon, MIT Lincoln Lab and others.

Threat researcher at HarfangLab.

DFIR analyst at EDF's CERT. My work focuses primarily on digital forensics and OSINT, although I also occasionally handle basic software and hardware reverse engineering.

Quentin Bourgue is a senior threat researcher in the Threat Detection & Research (TDR) at Sekoia.io. He co-leads the Cyber Threat Intelligence (CTI) team, which investigates financially motivated threats. His responsibilities include researching emerging cyber threats, tracking adversary infrastructure, analysing malware distribution campaigns, and writing and presenting technical reports.

Rachael is a anti-virus analyst at Fortinet, specializing in threat intelligence and malware analysis, with a focus on identifying phishing campaigns and analyzing attacker infrastructure.

I am a Senior Security Engineer at GMO Cybersecurity by IERAE, Inc. in Japan.​
I specialize in SIEM development, designing next-generation AI-driven security defenses.​
In addition, I developed cybersecurity training content that has been delivered in over 10 countries by our team.

Souhail Hammou is a reverse engineer and vulnerability researcher with a background in software engineering. Currently serving as a principal reverse engineer with the Intel 471 Malware Intelligence team, he specializes in analyzing emerging threats, maintaining malware tracking systems and conducting in-depth research. Souhail presented research on malware reversing and tracking at previous editions of Botconf as well as in other international conferences.

Stephan Berger has over a decade of experience in cybersecurity. Currently working with the Swiss-based company InfoGuard, Stephan investigates breaches and hacked networks as Head of Investigation of the Incident Response team.

An avid Twitter user under the handle @malmoeb, he actively shares insights on cybersecurity trends and developments. Stephan also authors the blog DFIR.ch, where he provides in-depth analysis and commentary on digital forensics and incident response.

Stephan has spoken at numerous conferences, sharing his expertise with audiences worldwide.

Sven Rath researches the cybercrime ecosystem at Check Point Research. In his spare time, he works on topics such as reverse engineering, malware and windows kernel rootkits and blogs about them at https://eversinc33.com

Tammy Harper is a Senior Threat Intelligence Researcher at Flare focused on ransomware infrastructure, affiliate ecosystems, and the structural evolution of adversary tradecraft. Her work examines how criminal operations adapt hosting models, operational workflows, and emerging technologies to increase resilience. She is a frequent conference speaker analyzing the intersection of decentralized platforms and cybercriminal innovation.

I am a Security Engineer at GMO Cybersecurity by Ierae, Inc. in Japan, specializing in malware analysis and research, as well as software development for our security products.

I joined GMO Ierae in February 2025. Prior to that, I founded and built a tech startup, graduated from university in Japan, and started self-studying infosec in 2023. I am particularly interested in reverse engineering, system internals, and low-level programming. I gave a lightning talk at JSAC 2026, and I occasionally share C-related projects on my GitHub.

CSIRT Analyst at Orange Cyberdefense

CTI & CERT analyst @ Hermès

Vikas P is a Staff Investigator at HUMAN Security, specializing in ad fraud research, botnet analysis, and large-scale threat mitigation. With more than a decade of experience in the field, he has led the discovery of major botnet operations including VASTFLUX, BADBOX, and PEACHPIT. Formerly a Vulnerability Researcher at iSIGHT Partners, Vikas now focuses on developing advanced investigation platforms and detection signatures to automate the identification of emerging cyber risks and fraudulent automated traffic.

Vitaly Kamluk is a cybersecurity researcher based in Singapore with over 20 years of
experience. Previously, as a Principal Security Researcher, he used to lead a cyber threat
intelligence unit focusing on targeted attack investigations. In 2014-2016, Vitaly worked at
INTERPOL Digital Forensics Lab as a cybersecurity expert. Vitaly participates in infosec
mentorship initiatives, volunteers to deliver free talks for the next generation of researchers, he
is one of Black Hat speaker coaches. Over the years, he conducted research on various
subjects and presented at many conferences including events such as Black Hat, DEF CON,
Hitcon, BSides, Ruxcon, Sincon, FIRST, Botconf.
Vitaly runs TitanHex, a cybersecurity startup in Singapore. He also is an advisor to TLPBLACK
and a researcher with SentinelLABS. He is passionate about a broad set of cybersecurity topics
including reverse engineering, malware analysis, cyberthreat intelligence, computer forensics,
cryptography, privacy, hardware hacking.

Manager AntiVirus Anlysis, Fortinet FortiGuard Labs

Eric Leblond is a cybersecurity professional and open-source developer focused on network threat detection. He is the co-founder and Chief Technology Officer (CTO) of Stamus Networks, a company that provides Network Detection and Response (NDR) solutions.

In the open-source security space, Eric Leblond is a core developer of Suricata, an intrusion detection and prevention system (IDS/IPS). His work on the project centers around network visibility and alert context. He also serves on the board of directors for the Open Information Security Foundation (OISF), the non-profit organization behind Suricata.

Additionally, Eric Leblond is an emeritus member of the Netfilter Core Team, where his work involved kernel and user-space interactions. Over the course of his career, he has authored technical articles, co-created the SELKS security distribution, and presented on threat detection methodologies at industry conferences.