Lectures and labs
Damien Couroussé, CEA LIST (France)
Damien Couroussé is a research engineer at CEA Grenoble since 2011. He conducts research on embedded software, compilation and runtime code generation for performance and cybersecurity, with a focus on countermeasures against side-channel attacks and fault injection attacks.
Mazlum Duman, SERMA Safety Security (France)
Mazlum Duman est ingénieur généraliste spécialisé dans la sécurité des systèmes embarqués. Son expérience professionnelle dans le monde des systèmes critiques embarqués pour des trains automatisés (CBTC – Communication Based Train Control) et son travail sur la conception des cartes électroniques « secure by design » lui ont permis d’appréhender les contraintes de la cybersécurité du monde industriel d’aujourd’hui. Il reprend le projet HardSploit en qualité de chef de projet. Mazlum Duman à travers son expérience d’auditeur des systèmes embarqués (IoT) a pu former de nombreuses entreprises à la sécurité électronique.
Mariano Graziano, Cisco Talos (Italy), @emd3l
Mariano Graziano is a technical leader for Cisco Talos. He got a Ph.D. from Eurecom (France) and he is currently mainly interested in automated malware analysis and memory forensics.
Benjamin Grégoire, Inria Sophia Antipolis-Méditerranée (France)
Benjamin Grégoire is a researcher at Inria Sophia Antipolis-Méditerranée. His main interests are proof assistants, compiler and program verification. He participated to the development of Coq, with the introduction of the Coq virtual machine. He is also one of the main implementors of the EasyCrypt proof assistant: a tool to perform concret security proofs of cryptographic algorithm. More recently, he has developed some technics to generate and verify the security of masked implementations protected against side-channel attacks.
Simon Moore, University of Cambridge (UK)
Simon Moore is a Professor of Computer Engineering at the University of Cambridge Computer Laboratory in England, where he conducts research and teaching in the general area of computer design with particular interests in secure and rigorously-engineered computer architecture.
Cristofaro Mune, Pulse Security (Malta), @pulsoid
Cristofaro Mune is a Product Security Consultant, providing support for: designing and developing secure products, testing security of devices and giving training on Trusted Execution Environments (TEE). He has more than 17 years of experience in SW & HW security assessments of complex ecosystems and hgihly secure products, across different stages of the production chain. Examples are: System-on-Chips, TEEs, IoT devices, critical infrastructures and payment systems, ranging from fully SW-based to purely HW-based implementations. He has presented at renowned security conferences, including, among others, Black Hat, Microsoft BlueHat, hardwear.io and HackInTheBox. Presented topics included escalating of privileges in Linux using Fault Injection, secure initialization of TEEs, White-Box cryptography attacks, IoT exploitation and mobile security. He is also co-author of academic papers on White-Box cryptography and Fault Injection attacks.
Yossi Oren, Ben-Gurion University (Israel), @yossioren
Dr. Yossi Oren is a senior lecturer (assistant professor) at the Department of Software and Information Systems Engineering in Ben Gurion University, and a member of BGU’s Cyber Security Research Center. Prior to joining BGU, Yossi was a post-doctoral research scientist in the Network Security Lab at Columbia University in New York and a member of the security lab at Samsung Research Israel. He holds a Ph.D. in Electrical Engineering from Tel-Aviv University, and an M.Sc. in Computer Science from the Weizmann Institute of Science.
His research interests include implementation security (power analysis and other hardware attacks and countermeasures; low-resource cryptographic constructions for lightweight computers) and cryptography in the real world (consumer and voter privacy in the digital era; web application security). He has co-authored over 30 conference papers, journal articles and patents. Dr. Oren co-developed the first cache-based side channel attack which ran completely within a web browser.
Kaveh Razavi, Vrije Universiteit Amsterdam (Netherlands), @kavehrazavi
Kaveh Razavi is an assistant professor of computer science at the VUSec group of Vrije Universiteit Amsterdam. His research interests are in the area of system security and more broadly, computer systems. He is currently looking at security problems of unreliable and leaky general-purpose computer hardware. He regularly publishes at top systems and security venues (e.g., S&P, USENIX Security, SOSP/OSDI, etc.) and his research has won multiple industry and academic awards including multiple Pwnies and best papers.
Jan Reineke, Saarland University (Germany)
Jan Reineke is a professor of computer science at Saarland University. His research centers around problems at the boundary between hardware and software. In the area of real-time systems, he is particularly interested in principles for the design of timing-predictable hardware and in precise and efficient timing-analysis techniques for multi-core architectures. Recent results include the design of the first provably timing-predictable pipelined processor design and the first exact analyses for LRU caches. Another focus of his work are security vulnerabilities of hardware-software systems. Recent results include the development of automatic techniques to detect information leaks introduced by speculative execution, techniques to quantify the information leakage through cache side channels, and automatic methods to obtain highly detailed performance models for modern micro-architectures. In 2012, he was selected as an Intel Early Career Faculty Honor Program awardee. He was the PC chair of EMSOFT 2014, the International Conference on Embedded Software, a Topic co-chair at DATE 2016 and the PC chair of WCET 2017, the International Workshop on Worst-Case Execution Time Analysis.
Albert Spruyt, Independent (Netherlands)
Albert Spruyt analyzed in his previous life SoCs, embedded systems and pure software solutions such as payment applications. He enjoys recovering keys. He has previously presented at conferences such as: Black Hat (Europe) and HITB Amsterdam.
Raoul Strackx, KU Leuven (Belgium), @raoul_strackx
Raoul Strackx is a postdoctoral researcher at the department of Computer Science at KU Leuven, Belgium. For almost a decade he has worked on “Protected-Module Architectures”, innovative security mechanisms for consumer devices and the cloud. Many of his work is published at top security conferences. Since 2015 closely related technology is available in almost every Intel processor. His latest work on the Foreshadow attack received worldwide attention.
Niek Timmers, Independent (Netherlands), @tieknimmers
Niek Timmers is a specialist in embedded device security. He loves getting his hands dirty breaking software-based and hardware-based security solutions. He has presented his research at various international security conferences (an overview can be found here: http://www.niektimmers.com/).
Yuval Yarom, University of Adelaide and Data61 (Australia), @yuvalyarom
Yuval Yarom is a senior lecturer in computer science at the University of Adelaide, where he heads the security domain in the Centre for Distributed and Intelligent Technologies. His research focuses on the security implications of the discrepancy between the nominal and the true behaviour of processors, with a focus on side channel and speculative execution attacks.
CTF Organization
Justin Chadwell, University of Birmingham (UK)
Justin is a Computer Science student at the University of Birmingham where he helps organise the Computer Science Society and Hacking Club. He enjoys security and penetration testing as well as systems programming and experimenting with new technologies. When not hacking, you can find him travelling across the UK, competing in various hackathons.
Andreea-Ina Radu, University of Birmingham (UK)
Andreea is currently pursuing a Ph.D. degree in computer security with the School of Computer Science, University of Birmingham. Her research interests include automotive security, embedded devices security and lightweight cryptography. She has been Chair of the Ethical Hacking Club AFiniteNumberOfMonkeys since 2014, encouraging students to learn and get involved in offensive security in a friendly, informal environment, and representing the University of Birmingham in both international on-line and UK-based on-site CTF competitions. Formerly, Andreea has worked as a Research Consultant with University of Birmingham and Huawei on the project Lightweight cryptography performance on resource-constrained devices and as a Research Associate on the project Robust Computational Models of Human Behaviour, in collaboration with Air Force Research Labs.
