Skip to main content

Security Conference Speaker Recognition

Microsoft partners with the security community to protect our users. This security community inside and outside Microsoft also contributes to community knowledge by presenting at conferences around the world.

To show our appreciation, we’ve launched this acknowledgement page to recognize individuals and companies for practicing Coordinated Vulnerability Disclosure and reporting vulnerability information to defend@microsoft.com and secure@microsoft.com before presenting it in a public forum. We will highlight your talk here, with your name, company, the name of the talk, the conference you’re speaking at, and the location.

Each name listed represents an individual or company who has contributed to Microsoft security by privately disclosing research content before presenting it.

If you recently gave a talk and we didn’t list it here, feel free to send the details to defend@microsoft.com

In short: How do you get acknowledged on this page?

  • Coordinated Vulnerability Disclosure: Inform Microsoft prior to the public disclosure of the vulnerability. If the bug is unpatched, then submit the vulnerability details to secure@microsoft.com and work with us to ensure it is fixed before presenting or demoing the attack.

  • Collaborate: Share your research and vulnerability information with us.

  • Content: We’ll include any public presentations on security vulnerabilities, tools and attack vectors on Microsoft code or open source code used in Microsoft products

  • (Protect) Customers: Protect the community by never publishing any exploit code (including functioning exploits or chains).

Notice: By clicking the ‘Conference Presentation’ links you are going to a website that is not operated by Microsoft. We are not responsible for the content or availability of linked sites.

Quarter 3 – 2016 (July, August and September)

Sorted by Name

NameConference
Presentation
CompanyLocationConferenceMonth - Year
Alex
Ionescu
The Linux
Kernel Hidden
Inside
Windows 10
Crowdstrike,
Inc.
Las
Vegas,
Nevada
Black hat
USA 2016
August 2016
Amanda
Craig
Cyber Safety
and Public
Safety
MicrosoftLas
Vegas,
Nevada
BSidesLV 2016August 2016
Chaim
Hoch;
Tal Be’ery
The remote
malicious
butler did it
MicrosoftLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Cody Pierce;
Matt Spisak;
Kenneth Fitch
Capturing 0day
Exploits with
Perfectly Placed
Hardware Traps
EndgameLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
David Weston;
Matt
Miller
Windows 10
Mitigation
Improvements
MicrosoftLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Eric Chen;
Patrick Tague;
Robert Kotcher;
Shuo Chen;
Yuan Tian;
Yutong Pei
1000 Ways to
Die in Mobile OAuth
Carnegie Mellon
University
Gridspace
Uber
Microsoft
Expii 
Las
Vegas,
Nevada
Black hat
USA 2016
August 2016
Itzik Kotler
Amit Klein
Crippling
HTTPS with
Unholy PAC
SafebreachLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Joseph
Sharkey
Breaking hardware
enforced security
with hypervisors
Siege technologiesLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Marco
Ortisi
Recover a RSA
Private Key from
a TLS Session with
Perfect Forward Secrecy
EncsLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Mark
Vincent
Yason
Windows 10
Segment Heap
Internals
IBMLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Nethanel
Gelernter
Timing Attacks
Have Never
Been So
Practical: Advanced
Cross – Site
Search Attacks
CyberpionLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Nikhil
Mittal
AMSI: How Windows
10 Plans to Stop
Script-Based Attacks and
How Well it Does It
InfosecLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Nikolay Ermishkin;
Maxim
Andreev
Viral Video -
Exploiting SSRF
in Video Converters
Mail.ru
Group
Las
Vegas,
Nevada
Black hat
USA 2016
August 2016
Paul
Sabanal
Intro The Core -
In-Depth Exploration
of Windows 10
IoT Core
IBMLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Rafal
Wojtczuk
Analysis of the Attack
Surface of Windows
10 Virtualization-
Based Security
BromiumLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Ralf
Hund
The Beast Within
Evading Dynamic Malware
Analysis Using
Microsoft COM
VMRayLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Rordrigo Rubira
Branco;
Rohit Mothe
DPTrace: Dual
Purpose Trace for
Exploitability Analysis
of Program Crashes
IntelLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Sebastiano Mariani;
Lorenzo
Fontana
Pindemonium: A DBI -
Based Generic
Unpacker for
Windows Executable
PolimiLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Tom Van
Coethem;
Mathy Vanhoef
Heist: HTTP
Encrypted Information
Can Be Stolen
Through TCP-Windows
Ku LeuvenLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Udi Yavo;
Tomer
Bitton
Captain Hook:
Pirating Avs
to Bypass
Exploit Mitigations
enSiloLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Vincent Tan Bad for
Enterprise: Attacking
BYOD Enterprise
Mobile
Security
Solutions
Vantage
point
security
Las
Vegas,
Nevada
Black hat
USA 2016
August 2016
Yang Yu Badtunnel:
How do I get
big brother
power?
TencentLas
Vegas,
Nevada
Black hat
USA 2016
August 2016
Yeongjin Jang;
Sangho Lee;
Taesoo Kim
Breaking Kernel
Address Space
Layout Randomization
(KASLR) with
Intel TSX
Georgia
Institute of
Technology
Las
Vegas,
Nevada
Black hat
USA 2016
August 2016

MSRC Blog

SRD Blog