Alex Useche

Alex is a lead security engineer at Trail of Bits. He has over 13 years of experience in the IT industry as a software developer, security engineer, and penetration tester. As a software developer, he has worked and architected mobile and web applications in various languages and frameworks, including .NET, Objective C, and Go. Alex specializes in Go security research and is actively developing static analysis tools for discovering Go vulnerabilities.

  • Fuzzers, analyzers, and other Gophers insecticides
  • Fuzzers, analyzers, and other Gophers insecticides (Demo Time)
Brian Hong

Brian Hong is a security consultant at NCC Group, a global information assurance specialist providing organizations with expert security consulting services. He specializes in hardware penetration testing, reverse engineering, and has performed security research related to embedded systems, firmware analysis, web application penetration testing, and Android security and malware analysis. Brian has a B. Eng. in Electrical Engineering and Computer Science from The Cooper Union.

  • Sleight of ARM: Demystifying Intel Houdini
Dan Tentler

Dan Tentler is the Executive Founder and CTO of Phobos Group, a boutique information security services and products company. Having been on both red and blue teams, Dan brings a wealth of both defensive and adversarial knowledge to the colorful and interesting problems the security landscape of today produces for us all. Dan has spent time at Twitter, British Telecom, Websense, Anonymizer, Intuit and Sempra Energy, to name a few and has a strong background in systems, networking, architecture and wireless networks, which translates to strengths in lateral movement, data exfiltration, hiding from the blue team, physical security and a variety of other redteam techniques. Outside of work, Dan enjoys spending time either in his kitchen, or inside the goggles of his FPV aircraft.

  • The isle of tortuga, but on the internet
Erin Browning

Erin Browning is a computer security researcher. She has worked at Latacora as a senior engineer and HCSC as a red team member. Currently, she works at Slack in product security. She teamed up with @fbz to create the cryptography scarf puzzle for Hushcon 2019.

  • Free as in Beer: Building a low cost static analysis program
  • Free as in Beer: Building a low cost static analysis program (Demo Time)
G. Mark Hardy

G. Mark Hardy is founder and President of National Security Corporation, and has provided cyber security expertise to government, military and commercial clients for over 30 years. A retired U.S. Navy Captain, Hardy is an internationally recognized expert who has spoken at over 250 events world-wide. He serves on the Advisory Board of CyberWATCH, an Information Assurance/Information Security Advanced Technology Education Center of the National Science Foundation. A graduate of Northwestern University, he holds a B.S. in Computer Science, a B.A. in Mathematics, a Masters in Business Administration, a Masters in Strategic Studies, and holds CISSP, CISM, GSLC and CISA certifications.

  • KEYNOTE: The Demise of the Cybersecurity Workforce (!?)
Gene Erik

Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene Erik is a hacker with many variety interests spanning the gamut of hacking topic, including wireless networking, software defined radio, embedded device hacking, phone phreaking, application security, social engineering, and much more. Gene's major passion is taking those hacking concepts, distilling them down, and weaponizing them through automation and tool creation. In the real world, Gene has had experience at companies big and small doing stuff all over the IT professional space: software development; technical support; desktop support; dev(sec)ops (system administration and hardening, orchestration, vulnerability management, cloud achitecture and migration, and the software development that goes with it); network engineering; data center and storage architecture; PBX design and management; AppSec; and much more. Gene is a long time toorcon attendee with a passion for breaking (and fixing) things.

  • Getting Down with Bringup
  • Getting Down with Bringup (Demo Time)
Jasper van Woudenberg

Jasper (@jzvw) currently is CTO for Riscure North America and half of the authors of the "Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks". He works with Riscure's San Francisco based team to improve embedded device security through innovation.

As CTO of Riscure North America, Jasper is principal security analyst and ultimately responsible for Riscure North America's technical and innovation activities.

Jasper's interest in security matters was first sparked in his mid-teens by reverse engineering software. During his studies for a master's degree in both CS and AI, he worked for a penetration testing firm, where he performed source code review, binary reverse engineering and tested application and network security.

At Riscure, Jasper's expertise has grown to include various aspects of hardware security; from design review and logical testing, to side channel analysis and perturbation attacks. He leads Riscure North America's pentesting teams and has a special interest in combining AI with security research.

Jasper's eagerness to share knowledge is reflected by regular speaking appearances, specialized client training sessions, student supervision and academic publications.

Jasper has spoken at many security conferences including BlackHat briefings and trainings, Intel Security Conference, RWC, RSA, EDSC, BSides SF, Shakacon, ICMC, Infiltrate, has presented scientific research at SAC, WISSEC, CT-RSA, FDTC, ESC Design {West,East}, ARM TechCon, has reviewed papers for CHES and JC(rypto)EN, and has given invited talks at Stanford, NPS, GMU and the University of Amsterdam.

Specialties: embedded security, side channel analysis, fault injection, binary code analysis, security evaluations of {mobile phones, smart cards, set-top-boxes}, network penetration testing, code reviews.

  • KEYNOTE: On Hardware Hacking and Turtles
John D Dunlap

John Dunlap (MrSynAckster) is a NYC based reverse engineer, exploit developer, and security engineer. He has presented at numerous conferences such as Bsides DC, Hope Conference, Ruxcon, and the Defcon villages. His research focuses on binary exploitation of low level software, but has also reached into the realms of machine learning based exploit tools and DNA based Biohacking. He has also done research on hacker history and lore, uncovering the hidden history of the team “Script Kiddy” in his 2018 Hope Conference presentation. John has worked with top NYC security firms Gotham Digital Science, Trail of Bits, and now works with Seatle based Leviathan Security.

  • Making Mischief with Machine Specific Register Based Exploits
Karl Koscher

Karl Koscher is a research scientist working at the University of Washington where he specializes in wireless and embedded systems security. Previously, he was a postdoctoral scholar working with Stefan Savage at UC San Diego. He received his Ph.D. from the University of Washington in 2014, where he was advised by Tadayoshi Kohno.

  • The Unauthorized Guide to the LUNA USB Multitool
  • The Unauthorized Guide to the LUNA USB Multitool (Demo Time)
Keith Myers

I wear shoes and pants. Sometimes I don't wear pants. I love house music, race cars, and throwing extremely last minute parties at ToorCon events.

  • Party!
Kevin Choi

Kevin Choi is always on the lookout for his next adventure. Whether trekking past remote glaciers, exploring abandoned hospitals, accessing rooftops, spelunking down subnets, or reconnoitering web applications, Kevin finds that new horizons open creative solutions for existing problems. Kevin is currently working on the problem of self-sovereign identity and smart contract vulnerabilities. No matter where Kevin is in the world or the internet, Kevin will always consider two places home-- the University of California, Irvine, and the Security Innovation VPN.

  • House of Heap Exploitation (Workshop)
Maxwell (Strikeout) Dulin

Maxwell Dulin (Strikeout) is a security consultant at Security Innovation hacking all things under the sun, from robots to web applications. Maxwell has published many articles/papers for a plethora of heap exploitation techniques, assorted web application hacking exploits, machine learning and IoT device vulnerability hunting. He has previously spoken at DEF CON 27 IoT Village and DEF CON workshops. In his free time, he plays with RF toys, hikes to fire lookouts and catches everything at dodgeball.

  • House of Heap Exploitation (Workshop)
Richard Johnson

Richard Johnson is a computer security specialist with a focus on software vulnerability analysis. Currently Principal Security Researcher at Fuzzing IO, a research and development company offering professional training and consulting services, Richard offers over 18 years of professional expertise and leadership in the information security industry including past positions as Director of Security Research at Oracle Cloud Infrastructure and Research Lead roles at Cisco Talos and Microsoft. Richard has been speaking at Toorcon since 2004 and has taken the stage for talks and training at many other premier conferences including Black Hat, RECON, and Hack in the Box.

  • Extra Better Program Finagling (eBPF) for Attack and Defense
  • Nerf Modding 101 (Workshop)
Somerset Recon


  • Wakeboarding and Wakesurfing
Tim Faraci

Staff security engineer at slack. Years of experience working on SAST, IAST, and implementing application security programs. In a previous life did infrastructure prod support and development testing.

  • Free as in Beer: Building a low cost static analysis program