Security BSides is an International Cybersecurity Event by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Sofia, Bulgaria.
Date: March 29-30, Interpred WTC Sofia (see map)
The idea behind the Security BSides events is to organise an open (and low cost) Information Security conference where professionals, experts, researcher, and InfoSec enthusiasts come together to discuss the next "big thing".
BSides is not restricted only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance.
To bring a well-known event to the InfoSec community in Bulgaria, where professionals, academics and researchers can participate for free and educate themselves on various InfoSec related disciplines.
The event will also provide an opportunity to students, rookies and security enthusiasts to get involved and be heard in a worldwide exposed event.
The short answer to this is YOU. This is what makes these events so successful and a unique experience. Security BSides events are organized: ..by the community, for the community.
Behind the scenes to drive the event are a number of people, professionals in the area of Information Security, who decided to take the first steps and bring this global event in Bulgaria.
March 29th , 2025
by Chris Kubecka , starts @ 9:30 - 9:45 , lang: EN
see more +
Twitter: https://x.com/SecEvangelism
LinkedIn: https://www.linkedin.com/in/chris-kubecka/
Website: https://www.hypasec.com
Lecture language: English
by Chris Kubecka , starts @ 9:45 - 10:30 , lang: EN
see more +
Twitter: https://x.com/SecEvangelism
LinkedIn: https://www.linkedin.com/in/chris-kubecka/
Website: https://www.hypasec.com
The fusion of generative AI and cybersecurity is reshaping the landscape of modern warfare. This talk delves into the dual-edged nature of AI in cyber operations, influence operations, election interference, zero-day generation, and highlighting both its potential for defense and its exploitation by adversaries.
Lecture language: English
by Asen Molov , starts @ 10:30 - 11:15 , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/asen-mm/
Nowadays I can't see many people to talk about how can we start in this world? Cybersecurity is not a entry-level field. That's why i want to talk what i have done, when nobody taught me what to do. The mentor that i wanted to have, when i don't know anything.
Lecture language: English
by Panagiotis Fiskilis , starts @ 11:45 - 12:30 , lang: EN
see more +
Twitter: https://twitter.com/Neuro_Z3RO
LinkedIn: https://www.linkedin.com/in/panagiotis-fiskilis-9740701b7/
In this talk we will learn about EDR evasion, in this quick and dirty workshop/overview from day2day Red Team exercises. We will unleash the power of C/C++ and the power of syscalls to evade commercial EDRs. Furthermore, we will learn all about how an EDR works.
Lecture language: English
by Petar Dangov , starts @ 13:30 - 14:15 , lang: BG
see more +
The basics of security use case design and detection engineering,
Lecture language: Bulgarian
by Luigi Gubello , starts @ 14:15 - 15:00 , lang: EN
see more +
PDFs - rise, decline, and revival: a journey across how we have changed our way of viewing and editing PDF files by moving from offline clients to online services, and how this is changing the role of PDF files as attack vectors.
A talk on how we have moved from desktop clients (Adobe, etc) to browsers and online services to render, view, edit, and sign PDF files, and how this has changed the role of PDFs in attacks and exploitations. From the false-positive vulnerabilities (CVE-2020-26505-, CVE-2023-0108, CVE-2023-5873, and other CVEs that were not vulnerabilities) to vulnerabilities in client-side PDF SDKs.
Lecture language: English
by Ilia Dafchev , starts @ 15:30 - 16:15 , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/iliya-dafchev/
Website: https://idafchev.github.io/blog
This session will delve into Operation WordDrone, a targeted cyber campaign against Taiwan’s aerospace sector. During this attack, a vulnerable MS Word executable was used to side-load a signed backdoor which consisted of multiple stages, implemented techniques to remain undetected, and supported a large set of commands and different communication protocols. The well-crafted custom backdoor, the use of a stolen code certificate from a semiconductor vendor, and the business nature of the victim paint a story of what seems to be an industrial espionage campaign in the APAC region.
We'll dissect the technical aspects of this attack, including the specific techniques used by the attackers and a deep analysis of the backdoor.
Attendees will gain insights not only into the malware’s inner workings, but to the process behind its discovery and the incident investigation as well.
This presentation is ideal for professionals with interest in malware analysis and threat research."
Lecture language: English
by Evgeni Dyulgerov , starts @ 16:15 - 17:00 , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/evgeni-dyulgerov/
Key Topics of the lecture:
Lecture language: English
by Juho Jauhiainen , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/jauhiainen/?originalSubdomain=fi
An analysis of one case, together with an analysis of other similar campaigns identified that use malicious advertisements to distribute weaponised open-source software. A walkthrough of one case from start to finish: how the malware was distributed, how the malware worked, what indicators were found by the malware analysis, and what was the motive of the threat actor?¸
Lecture language: English
March 30th , 2025
by Aldan Creo , starts @ 9:30 , lang: EN
see more +
In this workshop, we will explore how to circumvent mechanisms that protect large language models (LLMs) from malicious instructions using homoglyphs. As LLMs become increasingly capable of generating realistic content, the need for robust protection and detection methods increases. Homoglyphs are characters that appear visually identical but have different Unicode encodings. We will demonstrate how these characters can be used to manipulate the tokenization process, allowing for circumvention of standard security mechanisms in LLM systems.
During the workshop we will conduct practical demonstrations of:
Who it's for: Cybersecurity professionals, AI researchers, and programmers with an interest in the security of AI systems
Lecture language: English
by Presian Yankulov, Lachezar Uzunov , starts @ 13:00 , lang: BG
see more +
Are you ready to put your defensive security skills to the test? Join our hands-on "Game of Controls²" workshop designed specifically for blue team practitioners looking to sharpen their detection and response capabilities in a realistic environment.
In this immersive workshop, you'll defend against sophisticated attack scenarios where an adversary using Mythic, Sliver, and Havoc frameworks attempts to compromise a Windows 11 environment with a 2022 Domain Controller through VPN connections.
Lecture language: Bulgarian
by Vangelis Stykas , lang: EN
see more +
Twitter: https://twitter.com/evstykas
Lecture language: English
by Andrii Mytroshyn , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/andriymytroshyn/
Abstract:
As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.
Description:
The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.
Agenda:
Lecture language: English
by Viktor Mares , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/
Description:
JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, authorization, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of complexity. These have arguably led to severe vulnerabilities such as the well-known “alg”:“none” attack.
We will have a closer look at the JOSE standards and identify potential implementation mistakes that might result in vulnerabilities in JWT libraries if the RFCs are interpreted in certain ways. We will look at three modern classes of JWT attacks that affected very widely used libraries (Authlib, JWCrypto & JWX). Two of these attacks (“sign/encrypt confusion” and “polyglot token”) can allow complete token forgery, allowing authentication bypasses or privilege escalation in applications using an affected library and configuration. The third (“billion hashes”) attack can be leveraged for a denial-of-service attack against token-processing servers.
Lecture language: English
by Gergana Karadzhova-Dangela , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/gergana-karadzhova/
Description:
In this session Gergana Karadzhova-Dangela, a Senior Incident Response Consultant with Cisco Talos, will give an overview of the major trends observed by the Talos Threat Intelligence team in 2023 and the first months of 2024. It will cover the topics of most often exploited vulnerabilities, advanced persistent groups (APTs) and ransomware-as-a-service. The session will focus on how those topics have changed in the past one year and what new challenges (and opportunities) confront the cybersecurity defenders.
Lecture language: English
by Nikol Georgieva and Kaloyan Ivanov , lang: BG
see more +
Description:
In our presentation, we'll expose how simple details like name and workplace can lead to doxing, using a real-world example to showcase the ease of personal data extraction from the deep web. We'll highlight the potential for misuse, including identity theft and fraud, emphasizing the urgency of digital hygiene. We will show strategies to safeguard your digital footprint against the hidden dangers of doxing and de-anonymization in the vast, unregulated expanse of the internet.
Lecture language: Bulgarian
by Petar Anastasov & Yordan Stoychev , lang: BG
see more +
Twitter: https://twitter.com/YordanStoychev
LinkedIn: https://www.linkedin.com/in/ptrnstsv/
Description:
Jumping into ring 0 to stay invisible and become the system's superstar. We're going to talk about rootkiting the Linux kernel for the sake of patching 'Live Forensics' and 'Incident Response'.
Lecture language: Bulgarian
by Zhassulan Zhussupov , lang: EN
see more +
Twitter: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/
LinkedIn: https://twitter.com/cocomelonckz
Abstract:
Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.
Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.
Description:
Previous research results have been presented at BlackHat and hack.lu conferences. But I got better results and considered new scenarios.
Lecture language: English
by Omar Morando , lang: EN
see more +
Twitter: https://twitter.com/OmarMorando
LinkedIn: https://www.linkedin.com/in/omorando/
Description:
SCADAsploit is a C2 (Command & Control) framework, probably the only one at the moment, targeting OT systems. Its powerful arsenal of pre- and post-exploitation modules for SCADA/PLC systems makes it a unique tool in Adversary Simulation operations in the OT and IoT environment. Its modular client/server architecture, which can be controlled remotely with a super-secure connection, provides modules dedicated to penetration testing, vulnerability scanning, asset discovery, and pre- and post-exploitation.
During the presentation I will show a live demo of how to compromise an OT infrastructure consisting of a SCADA workstation, a PLC and an HMI system (all via VM on my local notebook). The attack involves bypassing the EDR system of the Windows/SCADA machine, scanning the OT network, attacking the PLC resulting in system DoS.
Additional notes:
The presentation is structured as follows:
Lecture language: English
by Alejandra Ventura , lang: EN
see more +
Twitter: https://twitter.com/venturita
LinkedIn: https://www.linkedin.com/in/alejandra-venturac/
Description:
‘NFT Assessment Methodology’ offers an engaging exploration into the world of Non-Fungible Tokens. The presentation breaks down NFT basics, then delves into their vulnerabilities and risks. It features a specialized audit methodology for NFT evaluation. The session also includes real-life applications of NFTs and a hands-on segment on interacting with NFT smart contracts. This presentation is a must-see for anyone looking to stay ahead in the rapidly changing landscape of digital assets.
Lecture language: English
by Peter Kirkov, e-Government , lang: BG
see more +
by Vasil Velichkov , lang: BG
see more +
by Evgeni Sabev , lang: BG
see more +
by Daniela Shalev , lang: EN
see more +
by Vangelis Stykas, Felipe Solferini , lang: EN
see more +
LinkedIn: Vangelis Stykas:https://www.linkedin.com/in/vangelis-stykas/, Felipe Solferini: https://www.linkedin.com/in/felipe-solferini-63331b1b/
Lecture language: English
by Radoslav Gerganov , lang: BG
see more +
Twitter: https://twitter.com/rgerganov
LinkedIn: https://www.linkedin.com/in/rgerganov/
Lecture language: Bulgarian
by Sergei Kostov , lang: BG
see more +
Twitter: https://github.com/bat-serjo/tintirimintiri
LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/
Lecture language: Bulgarian
by Cristian Cornea , lang: EN
see more +
by Bojidar Bojanov , lang: BG
see more +
by Plamen Kalchev , lang: BG
see more +
by Alexander Nedelchev , lang: BG
see more +
by Georgi Gerganov , lang: BG
see more +
Twitter: https://twitter.com/ggerganov
LinkedIn: https://www.linkedin.com/in/georgi-gerganov-b230ab24/
Lecture language: Bulgarian
by Peter Dangov , lang: BG
see more +
by Victor Bonev , lang: EN
see more +
by Alexandar Andonov , lang: EN
see more +
by Iliyan Velikov , lang: EN
see more +
by Bozhidar Bozhanov, Minister of e-Government , lang: BG
see more +
by Stoyan Kolev, Lyubomir Vanyov (CEO shkolo.bg) and Vladimir Dimitrov from Cybercrime unit , lang: BG
see more +
The internet is full with vulnerabilities. If more people are looking to identify and disclose them responsibly it will be a safer place. We are going to discuss the how can responsible disclosure help business and public sector to stay safe and bounty hunters out of trouble.
Lecture language: Bulgarian
by Svetlomir Balevski , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/svetlomir-balevski-a366767/
Embedding security into DevOps pipelines
Lecture language: Bulgarian
by Vangelis Stykas , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/vangelis-stykas/
During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them.
Lecture language: English
by Martin Stoynov and Spas Genov , lang: BG
see more +
Evolution of client-side applications, common security misconceptions, demonstrating impact, improvements and good practices.
Lecture language: Bulgarian
by Anton Sankov , lang: BG
see more +
Twitter: https://twitter.com/a_sankov
This presentation will go over what admission controllers are, how they work and how OPA leverages this functionality to protect your Kubernetes cluster. We will also dive into Rego and writing our custom OPA policies.
Lecture language: Bulgarian
by Radoslav Gerganov , lang: BG
see more +
Twitter: https://twitter.com/rgerganov
Many ISPs in Bulgaria are offering IPTV to their customers in addition to internet services. Usually IPTV is delivered with a set-top box device (STB) which is connected to the ISP network and the user's TV.
Lecture language: Bulgarian
by Daniel Rankov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/danielrankov/
Common misconfigurations and vulnerabilities making the cloud presense insecure
Lecture language: English
by Bojidar Bojanov , lang: BG
see more +
Lecture language: Bulgarian
by Plamen Kalchev , lang: BG
see more +
by Radostina Kondakova, Jordan Popov , lang: BG
see more +
A walk-through over the Secure Software Development Life Cycle(SDLC) focusing on prevention and early adoption of security concepts and mechanisms in easy steps.
Lecture language: Bulgarian
by Kristian Mladenov, Tsvyatko Bikov , lang: BG
see more +
The Active Directory (AD) in an organization holds the keys to the kingdom. Although your vulnerability scanner shows no critical vulnerabilities at the OS and software level, could you say the same for your Active Directory configuration?
Lecture language: Bulgarian
by Sergey Kostov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/
How and where can we find a Linux malware and how we use it for "good" purposes.
Lecture language: English