International Cybersecurity Community Event

2025 Dates Announced: March 29-30

What is Security BSides?

Security BSides is an International Cybersecurity Event by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Sofia, Bulgaria.

BSides Sofia

The idea

The idea behind the Security BSides events is to organise an open (and low cost) Information Security conference where professionals, experts, researcher, and InfoSec enthusiasts come together to discuss the next "big thing".

BSides is not restricted only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance.

Our Goal

To bring a well-known event to the InfoSec community in Bulgaria, where professionals, academics and researchers can participate for free and educate themselves on various InfoSec related disciplines.

The event will also provide an opportunity to students, rookies and security enthusiasts to get involved and be heard in a worldwide exposed event.

Who is organising this event?

The short answer to this is YOU. This is what makes these events so successful and a unique experience. Security BSides events are organized: ..by the community, for the community

Behind the scenes to drive the event are a number of people, professionals in the area of Information Security, who decided to take the first steps and bring this global event in Bulgaria.

BSides Sofia Archive

Keynote - Beyond the Endpoint: My Adventures in API Security Research

by Vangelis Stykas , lang: EN

see more +

Twitter: https://twitter.com/evstykas

Lecture language: English

DOWNLOAD PRESENTATION

Expanding Security Horizons: SIMD-Based Threats

by Andrii Mytroshyn , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/andriymytroshyn/

Lecture language: English

Abstract:

As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.

Description:

The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.

Agenda:

  1. 1. Short introduction of SIMD
  2. 2. Attack possibilities with Neon/SSE
  3. 3. Example of attack with GPU and CPU
DOWNLOAD PRESENTATION

Navigating the Modern Battlefront of JWT Security

by Viktor Mares , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/

Lecture language: English

Description:

JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, authorization, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of complexity. These have arguably led to severe vulnerabilities such as the well-known “alg”:“none” attack.

We will have a closer look at the JOSE standards and identify potential implementation mistakes that might result in vulnerabilities in JWT libraries if the RFCs are interpreted in certain ways. We will look at three modern classes of JWT attacks that affected very widely used libraries (Authlib, JWCrypto & JWX). Two of these attacks (“sign/encrypt confusion” and “polyglot token”) can allow complete token forgery, allowing authentication bypasses or privilege escalation in applications using an affected library and configuration. The third (“billion hashes”) attack can be leveraged for a denial-of-service attack against token-processing servers.

DOWNLOAD PRESENTATION

A Moving Target - Overview of Current Threat Landscape

by Gergana Karadzhova-Dangela , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/gergana-karadzhova/

Lecture language: English

Description:

In this session Gergana Karadzhova-Dangela, a Senior Incident Response Consultant with Cisco Talos, will give an overview of the major trends observed by the Talos Threat Intelligence team in 2023 and the first months of 2024. It will cover the topics of most often exploited vulnerabilities, advanced persistent groups (APTs) and ransomware-as-a-service. The session will focus on how those topics have changed in the past one year and what new challenges (and opportunities) confront the cybersecurity defenders.

DOWNLOAD PRESENTATION

The Price of Privacy: Doxing and De-anonymization in the Digital Age

by Nikol Georgieva and Kaloyan Ivanov , lang: BG

see more +

Lecture language: Bulgarian

Description:

In our presentation, we'll expose how simple details like name and workplace can lead to doxing, using a real-world example to showcase the ease of personal data extraction from the deep web. We'll highlight the potential for misuse, including identity theft and fraud, emphasizing the urgency of digital hygiene. We will show strategies to safeguard your digital footprint against the hidden dangers of doxing and de-anonymization in the vast, unregulated expanse of the internet.

DOWNLOAD PRESENTATION

Ghetto Superstar (Rootkiting the Linux)

by Petar Anastasov & Yordan Stoychev , lang: BG

see more +

Twitter: https://twitter.com/YordanStoychev

LinkedIn: https://www.linkedin.com/in/ptrnstsv/

Lecture language: Bulgarian

Description:

Jumping into ring 0 to stay invisible and become the system's superstar. We're going to talk about rootkiting the Linux kernel for the sake of patching 'Live Forensics' and 'Incident Response'.

DOWNLOAD PRESENTATION

Malware, Cats and Cryptography

by Zhassulan Zhussupov , lang: EN

see more +

Twitter: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/

LinkedIn: https://twitter.com/cocomelonckz

Lecture language: English

Abstract:

Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.

Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.

Description:

Previous research results have been presented at BlackHat and hack.lu conferences. But I got better results and considered new scenarios.

DOWNLOAD PRESENTATION

SCADAsploit: a Command & Control for OT. How to break an ICS system

by Omar Morando , lang: EN

see more +

Twitter: https://twitter.com/OmarMorando

LinkedIn: https://www.linkedin.com/in/omorando/

Lecture language: English

Description:

SCADAsploit is a C2 (Command & Control) framework, probably the only one at the moment, targeting OT systems. Its powerful arsenal of pre- and post-exploitation modules for SCADA/PLC systems makes it a unique tool in Adversary Simulation operations in the OT and IoT environment. Its modular client/server architecture, which can be controlled remotely with a super-secure connection, provides modules dedicated to penetration testing, vulnerability scanning, asset discovery, and pre- and post-exploitation.

During the presentation I will show a live demo of how to compromise an OT infrastructure consisting of a SCADA workstation, a PLC and an HMI system (all via VM on my local notebook). The attack involves bypassing the EDR system of the Windows/SCADA machine, scanning the OT network, attacking the PLC resulting in system DoS.

Additional notes:

The presentation is structured as follows:

  • • intro on cyber OT
  • • intro on OT/ICS systems
  • • attack surface of an ICS system
  • • intro on Command & Control and the importance of doing adversary simulation
  • • presentation of SCADAsploit C2.OT
  • • live practical demo (15 min)
  • • conclusions
DOWNLOAD PRESENTATION

From Pixels to Profit: Mastering NFT Evaluation Strategies

by Alejandra Ventura , lang: EN

see more +

Twitter: https://twitter.com/venturita

LinkedIn: https://www.linkedin.com/in/alejandra-venturac/

Lecture language: English

Description:

‘NFT Assessment Methodology’ offers an engaging exploration into the world of Non-Fungible Tokens. The presentation breaks down NFT basics, then delves into their vulnerabilities and risks. It features a specialized audit methodology for NFT evaluation. The session also includes real-life applications of NFTs and a hands-on segment on interacting with NFT smart contracts. This presentation is a must-see for anyone looking to stay ahead in the rapidly changing landscape of digital assets.

DOWNLOAD PRESENTATION

BSides Sofia 2023 - Keynote

by Peter Kirkov, e-Government , lang: BG

see more +

LinkedIn: https://www.linkedin.com/in/pkirkov/

Lecture language: Bulgarian

DOWNLOAD PRESENTATION

Hacking Attacks against Government Institutions

by Vasil Velichkov , lang: BG

see more +

LinkedIn: https://twitter.com/vassiltt

Lecture language: Bulgarian

DOWNLOAD PRESENTATION

Advanced Enterprise Vulnerability

by Evgeni Sabev , lang: BG

see more +

Hunting unsigned DLLs to find APT

by Daniela Shalev , lang: EN

see more +

Stalking the Stalkers

by Vangelis Stykas, Felipe Solferini , lang: EN

see more +

Hyundai head unit hacking

by Radoslav Gerganov , lang: BG

see more +

Linux ELF Binary obfuscation

by Sergei Kostov , lang: BG

see more +

Bypassing Anti Virus using badUSB

by Cristian Cornea , lang: EN

see more +

Nothing is secure

by Bojidar Bojanov , lang: BG

see more +

Commit to memory making the best of your notes

by Plamen Kalchev , lang: BG

see more +

Unencrypted malware, the invisible threat

by Alexander Nedelchev , lang: BG

see more +

Twitter: https://twitter.com/sys7em1

Lecture language: Bulgarian

Keytap acoustic keyboard eavesdropping

by Georgi Gerganov , lang: BG

see more +

Ghetto Forensic, command line Linux investigation

by Peter Dangov , lang: BG

see more +

LinkedIn: https://www.linkedin.com/in/pdangov/

Lecture language: Bulgarian

DOWNLOAD PRESENTATION

Secure distroless OCI images via YAML

by Victor Bonev , lang: EN

see more +

The secure software supply chain Function S3C

by Alexandar Andonov , lang: EN

see more +

Purple Team assessment

by Iliyan Velikov , lang: EN

see more +

BSides Sofia 2022 - Keynote

by Bozhidar Bozhanov, Minister of e-Government , lang: BG

see more +

LinkedIn: https://www.linkedin.com/in/bozhidar-bozhanov/

Lecture language: Bulgarian

Vulnerabiltiy Full Disclosure

by Stoyan Kolev, Lyubomir Vanyov (CEO shkolo.bg) and Vladimir Dimitrov from Cybercrime unit , lang: BG

see more +

Lecture language: Bulgarian

The internet is full with vulnerabilities. If more people are looking to identify and disclose them responsibly it will be a safer place. We are going to discuss the how can responsible disclosure help business and public sector to stay safe and bounty hunters out of trouble.

DOWNLOAD PRESENTATION

Application security into DevOps

by Svetlomir Balevski , lang: BG

see more +

LinkedIn: https://www.linkedin.com/in/svetlomir-balevski-a366767/

Lecture language: Bulgarian

Embedding security into DevOps pipelines

DOWNLOAD PRESENTATION

Charge my car for free forever

by Vangelis Stykas , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/vangelis-stykas/

Lecture language: English

During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them.

DOWNLOAD PRESENTATION

Front end Security

by Martin Stoynov and Spas Genov , lang: BG

see more +

Evolution of client-side applications, common security misconceptions, demonstrating impact, improvements and good practices.

Lecture language: Bulgarian

DOWNLOAD PRESENTATION

Securing Kubernetes with Open Policy Agent

by Anton Sankov , lang: BG

see more +

Twitter: https://twitter.com/a_sankov

Lecture language: Bulgarian

This presentation will go over what admission controllers are, how they work and how OPA leverages this functionality to protect your Kubernetes cluster. We will also dive into Rego and writing our custom OPA policies.

DOWNLOAD PRESENTATION

Decrypting IPTV

by Radoslav Gerganov , lang: BG

see more +

Twitter: https://twitter.com/rgerganov

Lecture language: Bulgarian

Many ISPs in Bulgaria are offering IPTV to their customers in addition to internet services. Usually IPTV is delivered with a set-top box device (STB) which is connected to the ISP network and the user's TV.

DOWNLOAD PRESENTATION

Common security pitfalls in AWS Public cloud for highly regulated industries

by Daniel Rankov , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/danielrankov/

Lecture language: English

Common misconfigurations and vulnerabilities making the cloud presense insecure

DOWNLOAD PRESENTATION

Where and how to implement Security in Software Development

by Bojidar Bojanov , lang: BG

see more +

Lecture language: Bulgarian

DOWNLOAD PRESENTATION

Commit to memory making the best of your notes

by Plamen Kalchev , lang: BG

see more +

Unencrypted malware, the invisible threat

by Radostina Kondakova, Jordan Popov , lang: BG

see more +

Lecture language: Bulgarian

A walk-through over the Secure Software Development Life Cycle(SDLC) focusing on prevention and early adoption of security concepts and mechanisms in easy steps.

DOWNLOAD PRESENTATION

AD Reconnaissance Red Team Exercise in Finding Hidden AD Relationships

by Kristian Mladenov, Tsvyatko Bikov , lang: BG

see more +

Lecture language: Bulgarian

The Active Directory (AD) in an organization holds the keys to the kingdom. Although your vulnerability scanner shows no critical vulnerabilities at the OS and software level, could you say the same for your Active Directory configuration?

DOWNLOAD PRESENTATION

How to collect linux Malware

by Sergey Kostov , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/

Lecture language: English

How and where can we find a Linux malware and how we use it for "good" purposes.

DOWNLOAD PRESENTATION