BSidesTLV 2023

Andy Ellis

Andy Ellis is the author of 1% Leadership. He’s a seasoned technology and business executive with deep expertise in security, managing risk, and leading an inclusive culture. He’s currently Advisory CISO at Orca Security, Operating Partner at YL Ventures, and was Akamai’s first Chief Security Officer. His career journey can be mapped in awards: Spirit of Disneyland Award, Wine Spectator Award of Excellence, Air Force Commendation Medal, CSO Hall of Fame. He’s an accomplished speaker and prolific writer, and is a co-host of the CISO Series podcast.

  • Hacking Harry Potter: The Untold Story of Fantastical Social Engineering
Ariel Szarf

Ariel Szarf works as a Senior Cloud Security Researcher at Mitiga. Prior to that, Ariel was a Cyber Security Specialist Officer in the IDF. In addition, Ariel has a Master’s degree in Computer Science. Today, Ariel researches potential attacks on cloud services and SaaS, and investigates incidents.

  • Google Workspace Forensics – Insights from Real-World Hunts & IR
Arik Nachmias

Arik Nachmias - CEO and co-founder at Codeseal

Having devoted two decades to the cybersecurity field, Arik Nachmias has concentrated his career on Incident Response and Computer Forensics. Through directly managing over hunderds incidents, he has significantly contributed to the recovery efforts of major companies across diverse sectors. An active participant in the industry, Arik also partners with several cybersecurity ventures, with a particular focus on the realms of incident response and forensics.

  • Sealing the Leaks: Incident Response Stories about Breaches Caused by Leaked Code
Aviad Carmel

As a senior security researcher at Salt Security, Aviad brings a wealth of knowledge and experience in the field of security research.
At the age of 15, he demonstrated his passion for security research by obtaining his first Root and CVE. Since then, he has continued to hone his skills and has become a recognized expert in the field.
In addition to his work in security research, Aviad is also passionate about teaching. He created, wrote and taught the Reverse Engineering and Vulnerabilities course at the Technion's computer science faculty for five years, all while he was a student himself.

  • Uh-OAuth! - Breaking (and fixing) OAuth Implementations

Break, a charismatic speaker, redefines the notion of pause by emphasizing its transformative power to foster human connection. With an infectious charm and warm presence, Break encourages individuals to stop, reflect, and embrace moments of social interaction. Through engaging storytelling and insightful anecdotes, this captivating speaker empowers audiences to rediscover the joy of slowing down, creating meaningful connections, and finding solace in the simple act of breaking from the hustle and bustle of everyday life.

  • Break #1
  • Break #2
Doron Karmi

Doron Karmi works as a senior Cloud Researcher at Mitiga. Prior to working at Mitiga, Doron worked as a malware analyst and threat hunter for large organizations.
Today, Doron researches potential attacks on cloud services and SaaS, and investigates incidents.

  • Google Workspace Forensics – Insights from Real-World Hunts & IR
Elad Ernst

Elad is a cyber security researcher with over a decade of experience in military and civil industries, both from the attackers and the defenders perspective. Over the years, he has specialized in organizational network security, IoT security, Web and Web3. He is currently working at dWallet Labs as a senior security researcher.

  • One Device to Rule Them All

Food, a captivating speaker, effortlessly communicates through the vibrant flavors and aromas that tantalize our senses. With an innate ability to tell stories through ingredients, Food captivates audiences with its ability to evoke memories, stir emotions, and bridge cultural divides. Its powerful voice unites people, fostering a deeper understanding and appreciation of diverse culinary traditions, while inspiring culinary adventures that nourish both body and soul.

  • Lunch
Georgios Karantzas
  • It's Duck Season: Forensic Detection of BadUsb Attacks
Ido Veltzman

I am an experienced security researcher, who has worked in various cybersecurity roles over the past 5 years. My main interests are OS internals, reverse engineering, kernel development and exploit development. In my free time, I am working on projects in the areas of evasion, persistence and injection methods for both kernel mode and user mode and releasing them under my GitHub account: Based on these projects I am publishing educational papers sharing my knowledge with the cyber community.

  • (Lady|)Lord Of The Ring0
John Fokker
  • How to take cookies from the Cookie Monster: Genesis Market Takedown
Keren Elazari

BSidesTLV Founder
Senior Researcher at Tel Aviv University Interdisciplinary Cyber Research Center, Israel

  • Opening words
  • Closing words
Ofir Balassiano

Ofir Balassiano is the head of security research at Dig security and a seasoned security researcher, specializing in low-level OS internals research and cloud security, with over 8 years of experience in the field. He is passionate about understanding how things work and enjoys applying his skills and knowledge to CTFs. During his time in the IDF intelligence unit, Ofir led a team of researchers working on critical technologies, honing his expertise in the security domain.

  • The dark side of cloud-based database engines
ofir shaty

Ofir Shaty is a Senior Security Researcher at Dig Security, bringing over 6 years of experience in Data Security and Web Application Security to the team. 
Prior to joining Dig, Ofir worked as a Senior Security Researcher at Imperva, where he specialized in researching database attacks. He has published groundbreaking research in the field of data security databases security attack techniques from both an offensive and defensive perspective.

  • The dark side of cloud-based database engines
Paz Hameiri

I started my professional life more than 30 years ago, hacking games and developing tools in my teen years.
Since then, I worked in several companies, developing both hardware and software.
I have six years of experience with telecommunication systems design and circuits.
For 14 years, I led multidisciplinary systems development as a systems engineer in the aerospace industry.

  • Barcode scanners are disguised windows to your Windows
Rotem Reiss

Rotem Reiss is a product security group manager at Playtika, a bug hunter, and a code addict who has contributed to many open-source projects such as OWASP, Metasploit, and Grafana.

His shift from the software development and DevOps world to AppSec was greatly influenced by his security research “Uncovering Drupalgeddon 2”. Since then, he has been credited with disclosing CVEs in well-known products such as ElasticSearch and Grafana.

Continuing his belief that organizations should be defended with an attacker's mindset, he co-organized the first Israeli bug bounty community meetups.

  • The Missing Piece: Adding Automated RBAC Checks for Authorization in Your Pipelines
Shaked Klein Orbach

Shaked is a co-founder and the CAO of Codeseal with over a decade of experience in the software industry. Coming from a background in software development, operations and application security (DevSecOps). In addition to his expertise in software development, Shaked is also an accomplished climber and holds the distinction of being the first hacker to participate in the Israeli Ninja Warrior TV show.

  • Sealing the Leaks: Incident Response Stories about Breaches Caused by Leaked Code
Tomer Fichman

Security Researcher @Cymotive doing Embedded Vulnerability Research.
With expereince in Reverse Engineering, Malware Analysis and Vulnerability Research.

  • (In)secure Boot - finding and exploiting vulnerabilities in Renesas's boot implementation
Tomer Zait
  • CTF Summary
Wendy Nather

Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS) and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security. She is also a Senior Fellow at the Atlantic Council's Cyber Statecraft Initiative

  • Opening keynote - Fighting Stupidity and Malice in the Wild, Wild Web
Yuval Adam

Yuval is an independent technologist and consultant with two decades of experience in software development and systems architecture.

  • Decoding the Black Magic of Radio Waves