Twitter: https://twitter.com/evstykas

Lecture language: English

LinkedIn: https://www.linkedin.com/in/andriymytroshyn/

Lecture language: English

Abstract:

As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.

Description:

The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.

Agenda:

1. 1. Short introduction of SIMD
2. 2. Attack possibilities with Neon/SSE
3. 3. Example of attack with GPU and CPU

LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/

Lecture language: English

Description:

JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, authorization, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of complexity. These have arguably led to severe vulnerabilities such as the well-known “alg”:“none” attack.

We will have a closer look at the JOSE standards and identify potential implementation mistakes that might result in vulnerabilities in JWT libraries if the RFCs are interpreted in certain ways. We will look at three modern classes of JWT attacks that affected very widely used libraries (Authlib, JWCrypto & JWX). Two of these attacks (“sign/encrypt confusion” and “polyglot token”) can allow complete token forgery, allowing authentication bypasses or privilege escalation in applications using an affected library and configuration. The third (“billion hashes”) attack can be leveraged for a denial-of-service attack against token-processing servers.

LinkedIn: https://www.linkedin.com/in/gergana-karadzhova/

Lecture language: English

Description:

In this session Gergana Karadzhova-Dangela, a Senior Incident Response Consultant with Cisco Talos, will give an overview of the major trends observed by the Talos Threat Intelligence team in 2023 and the first months of 2024. It will cover the topics of most often exploited vulnerabilities, advanced persistent groups (APTs) and ransomware-as-a-service. The session will focus on how those topics have changed in the past one year and what new challenges (and opportunities) confront the cybersecurity defenders.

Lecture language: Bulgarian

Description:

In our presentation, we'll expose how simple details like name and workplace can lead to doxing, using a real-world example to showcase the ease of personal data extraction from the deep web. We'll highlight the potential for misuse, including identity theft and fraud, emphasizing the urgency of digital hygiene. We will show strategies to safeguard your digital footprint against the hidden dangers of doxing and de-anonymization in the vast, unregulated expanse of the internet.

Twitter: https://twitter.com/YordanStoychev

LinkedIn: https://www.linkedin.com/in/ptrnstsv/

Lecture language: Bulgarian

Description:

Jumping into ring 0 to stay invisible and become the system's superstar. We're going to talk about rootkiting the Linux kernel for the sake of patching 'Live Forensics' and 'Incident Response'.

Twitter: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/

LinkedIn: https://twitter.com/cocomelonckz

Lecture language: English

Abstract:

Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.

Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.

Description:

Previous research results have been presented at BlackHat and hack.lu conferences. But I got better results and considered new scenarios.

Twitter: https://twitter.com/OmarMorando

LinkedIn: https://www.linkedin.com/in/omorando/

Lecture language: English

Description:

SCADAsploit is a C2 (Command & Control) framework, probably the only one at the moment, targeting OT systems. Its powerful arsenal of pre- and post-exploitation modules for SCADA/PLC systems makes it a unique tool in Adversary Simulation operations in the OT and IoT environment. Its modular client/server architecture, which can be controlled remotely with a super-secure connection, provides modules dedicated to penetration testing, vulnerability scanning, asset discovery, and pre- and post-exploitation.

During the presentation I will show a live demo of how to compromise an OT infrastructure consisting of a SCADA workstation, a PLC and an HMI system (all via VM on my local notebook). The attack involves bypassing the EDR system of the Windows/SCADA machine, scanning the OT network, attacking the PLC resulting in system DoS.

Additional notes:

The presentation is structured as follows:

• • intro on cyber OT
• • intro on OT/ICS systems
• • attack surface of an ICS system
• • intro on Command & Control and the importance of doing adversary simulation
• • presentation of SCADAsploit C2.OT
• • live practical demo (15 min)
• • conclusions

Twitter: https://twitter.com/venturita

LinkedIn: https://www.linkedin.com/in/alejandra-venturac/

Lecture language: English

Description:

‘NFT Assessment Methodology’ offers an engaging exploration into the world of Non-Fungible Tokens. The presentation breaks down NFT basics, then delves into their vulnerabilities and risks. It features a specialized audit methodology for NFT evaluation. The session also includes real-life applications of NFTs and a hands-on segment on interacting with NFT smart contracts. This presentation is a must-see for anyone looking to stay ahead in the rapidly changing landscape of digital assets.

LinkedIn: https://www.linkedin.com/in/pkirkov/

Lecture language: Bulgarian

LinkedIn: https://twitter.com/vassiltt

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/evgeni-sabev-it-security/

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/danielashalev/

Lecture language: English

LinkedIn: Vangelis Stykas:https://www.linkedin.com/in/vangelis-stykas/, Felipe Solferini:https://www.linkedin.com/in/felipe-solferini-63331b1b/

Lecture language: English

Twitter: https://twitter.com/rgerganov

LinkedIn: https://www.linkedin.com/in/rgerganov/

Lecture language: Bulgarian

Twitter: https://github.com/bat-serjo/tintirimintiri

LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/cristian-cornea-b37005178/

Lecture language: English

LinkedIn: https://www.linkedin.com/in/bozhidar-bozhanov/

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/plamenkalchev/

Lecture language: Bulgarian

Twitter: https://twitter.com/sys7em1

Lecture language: Bulgarian

Twitter: https://twitter.com/ggerganov

LinkedIn: https://www.linkedin.com/in/georgi-gerganov-b230ab24/

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/pdangov/

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/vpbonev/

Lecture language: English

LinkedIn: https://www.linkedin.com/in/aleksandar-venelinov-andonov/

Lecture language: English

LinkedIn: https://www.linkedin.com/in/iliyan-velikov-7a895253/

Lecture language: English

LinkedIn: https://www.linkedin.com/in/bozhidar-bozhanov/

Lecture language: Bulgarian

Lecture language: Bulgarian

The internet is full with vulnerabilities. If more people are looking to identify and disclose them responsibly it will be a safer place. We are going to discuss the how can responsible disclosure help business and public sector to stay safe and bounty hunters out of trouble.

LinkedIn: https://www.linkedin.com/in/svetlomir-balevski-a366767/

Lecture language: Bulgarian

Embedding security into DevOps pipelines

LinkedIn: https://www.linkedin.com/in/vangelis-stykas/

Lecture language: English

During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them.

Evolution of client-side applications, common security misconceptions, demonstrating impact, improvements and good practices.

Lecture language: Bulgarian

Twitter: https://twitter.com/a_sankov

Lecture language: Bulgarian

This presentation will go over what admission controllers are, how they work and how OPA leverages this functionality to protect your Kubernetes cluster. We will also dive into Rego and writing our custom OPA policies.

Twitter: https://twitter.com/rgerganov

Lecture language: Bulgarian

Many ISPs in Bulgaria are offering IPTV to their customers in addition to internet services. Usually IPTV is delivered with a set-top box device (STB) which is connected to the ISP network and the user's TV.

LinkedIn: https://www.linkedin.com/in/danielrankov/

Lecture language: English

Common misconfigurations and vulnerabilities making the cloud presense insecure

Lecture language: Bulgarian

LinkedIn: https://www.linkedin.com/in/plamenkalchev/

Lecture language: Bulgarian

Lecture language: Bulgarian

A walk-through over the Secure Software Development Life Cycle(SDLC) focusing on prevention and early adoption of security concepts and mechanisms in easy steps.

Lecture language: Bulgarian

The Active Directory (AD) in an organization holds the keys to the kingdom. Although your vulnerability scanner shows no critical vulnerabilities at the OS and software level, could you say the same for your Active Directory configuration?

LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/

Lecture language: English

How and where can we find a Linux malware and how we use it for "good" purposes.