BSides Sofia
The idea
The idea behind the Security BSides events is to organise an open (and low cost) Information Security conference where professionals, experts, researcher, and InfoSec enthusiasts come together to discuss the next "big thing".
BSides is not restricted only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance.
Our Goal
To bring a well-known event to the InfoSec community in Bulgaria, where professionals, academics and researchers can participate for free and educate themselves on various InfoSec related disciplines.
The event will also provide an opportunity to students, rookies and security enthusiasts to get involved and be heard in a worldwide exposed event.
Who is organising this event?
The short answer to this is YOU. This is what makes these events so successful and a unique experience. Security BSides events are organized: ..by the community, for the community
Behind the scenes to drive the event are a number of people, professionals in the area of Information Security, who decided to take the first steps and bring this global event in Bulgaria.
BSides Sofia Archive
Keynote - Beyond the Endpoint: My Adventures in API Security Research
by Vangelis Stykas , lang: EN
see more +
Expanding Security Horizons: SIMD-Based Threats
by Andrii Mytroshyn , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/andriymytroshyn/
Lecture language: English
Abstract:
As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.
Description:
The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.
Agenda:
- 1. Short introduction of SIMD
- 2. Attack possibilities with Neon/SSE
- 3. Example of attack with GPU and CPU
Navigating the Modern Battlefront of JWT Security
by Viktor Mares , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/
Lecture language: English
Description:
JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, authorization, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of complexity. These have arguably led to severe vulnerabilities such as the well-known “alg”:“none” attack.
We will have a closer look at the JOSE standards and identify potential implementation mistakes that might result in vulnerabilities in JWT libraries if the RFCs are interpreted in certain ways. We will look at three modern classes of JWT attacks that affected very widely used libraries (Authlib, JWCrypto & JWX). Two of these attacks (“sign/encrypt confusion” and “polyglot token”) can allow complete token forgery, allowing authentication bypasses or privilege escalation in applications using an affected library and configuration. The third (“billion hashes”) attack can be leveraged for a denial-of-service attack against token-processing servers.
DOWNLOAD PRESENTATIONA Moving Target - Overview of Current Threat Landscape
by Gergana Karadzhova-Dangela , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/gergana-karadzhova/
Lecture language: English
Description:
In this session Gergana Karadzhova-Dangela, a Senior Incident Response Consultant with Cisco Talos, will give an overview of the major trends observed by the Talos Threat Intelligence team in 2023 and the first months of 2024. It will cover the topics of most often exploited vulnerabilities, advanced persistent groups (APTs) and ransomware-as-a-service. The session will focus on how those topics have changed in the past one year and what new challenges (and opportunities) confront the cybersecurity defenders.
DOWNLOAD PRESENTATIONThe Price of Privacy: Doxing and De-anonymization in the Digital Age
by Nikol Georgieva and Kaloyan Ivanov , lang: BG
see more +
Lecture language: Bulgarian
Description:
In our presentation, we'll expose how simple details like name and workplace can lead to doxing, using a real-world example to showcase the ease of personal data extraction from the deep web. We'll highlight the potential for misuse, including identity theft and fraud, emphasizing the urgency of digital hygiene. We will show strategies to safeguard your digital footprint against the hidden dangers of doxing and de-anonymization in the vast, unregulated expanse of the internet.
DOWNLOAD PRESENTATIONGhetto Superstar (Rootkiting the Linux)
by Petar Anastasov & Yordan Stoychev , lang: BG
see more +
Twitter: https://twitter.com/YordanStoychev
LinkedIn: https://www.linkedin.com/in/ptrnstsv/
Lecture language: Bulgarian
Description:
Jumping into ring 0 to stay invisible and become the system's superstar. We're going to talk about rootkiting the Linux kernel for the sake of patching 'Live Forensics' and 'Incident Response'.
DOWNLOAD PRESENTATIONMalware, Cats and Cryptography
by Zhassulan Zhussupov , lang: EN
see more +
Twitter: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/
LinkedIn: https://twitter.com/cocomelonckz
Lecture language: English
Abstract:
Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.
Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.
Description:
Previous research results have been presented at BlackHat and hack.lu conferences. But I got better results and considered new scenarios.
DOWNLOAD PRESENTATIONSCADAsploit: a Command & Control for OT. How to break an ICS system
by Omar Morando , lang: EN
see more +
Twitter: https://twitter.com/OmarMorando
LinkedIn: https://www.linkedin.com/in/omorando/
Lecture language: English
Description:
SCADAsploit is a C2 (Command & Control) framework, probably the only one at the moment, targeting OT systems. Its powerful arsenal of pre- and post-exploitation modules for SCADA/PLC systems makes it a unique tool in Adversary Simulation operations in the OT and IoT environment. Its modular client/server architecture, which can be controlled remotely with a super-secure connection, provides modules dedicated to penetration testing, vulnerability scanning, asset discovery, and pre- and post-exploitation.
During the presentation I will show a live demo of how to compromise an OT infrastructure consisting of a SCADA workstation, a PLC and an HMI system (all via VM on my local notebook). The attack involves bypassing the EDR system of the Windows/SCADA machine, scanning the OT network, attacking the PLC resulting in system DoS.
Additional notes:
The presentation is structured as follows:
- • intro on cyber OT
- • intro on OT/ICS systems
- • attack surface of an ICS system
- • intro on Command & Control and the importance of doing adversary simulation
- • presentation of SCADAsploit C2.OT
- • live practical demo (15 min)
- • conclusions
From Pixels to Profit: Mastering NFT Evaluation Strategies
by Alejandra Ventura , lang: EN
see more +
Twitter: https://twitter.com/venturita
LinkedIn: https://www.linkedin.com/in/alejandra-venturac/
Lecture language: English
Description:
‘NFT Assessment Methodology’ offers an engaging exploration into the world of Non-Fungible Tokens. The presentation breaks down NFT basics, then delves into their vulnerabilities and risks. It features a specialized audit methodology for NFT evaluation. The session also includes real-life applications of NFTs and a hands-on segment on interacting with NFT smart contracts. This presentation is a must-see for anyone looking to stay ahead in the rapidly changing landscape of digital assets.
DOWNLOAD PRESENTATIONBSides Sofia 2023 - Keynote
by Peter Kirkov, e-Government , lang: BG
see more +
Hacking Attacks against Government Institutions
by Vasil Velichkov , lang: BG
see more +
Advanced Enterprise Vulnerability
by Evgeni Sabev , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/evgeni-sabev-it-security/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONHunting unsigned DLLs to find APT
by Daniela Shalev , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/danielashalev/
Lecture language: English
DOWNLOAD PRESENTATIONStalking the Stalkers
by Vangelis Stykas, Felipe Solferini , lang: EN
see more +
LinkedIn: Vangelis Stykas:https://www.linkedin.com/in/vangelis-stykas/, Felipe Solferini:https://www.linkedin.com/in/felipe-solferini-63331b1b/
Lecture language: English
DOWNLOAD PRESENTATIONHyundai head unit hacking
by Radoslav Gerganov , lang: BG
see more +
Twitter: https://twitter.com/rgerganov
LinkedIn: https://www.linkedin.com/in/rgerganov/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONLinux ELF Binary obfuscation
by Sergei Kostov , lang: BG
see more +
Twitter: https://github.com/bat-serjo/tintirimintiri
LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONBypassing Anti Virus using badUSB
by Cristian Cornea , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/cristian-cornea-b37005178/
Lecture language: English
DOWNLOAD PRESENTATIONNothing is secure
by Bojidar Bojanov , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/bozhidar-bozhanov/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONCommit to memory making the best of your notes
by Plamen Kalchev , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/plamenkalchev/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONUnencrypted malware, the invisible threat
by Alexander Nedelchev , lang: BG
see more +
Twitter: https://twitter.com/sys7em1
Lecture language: Bulgarian
Keytap acoustic keyboard eavesdropping
by Georgi Gerganov , lang: BG
see more +
Twitter: https://twitter.com/ggerganov
LinkedIn: https://www.linkedin.com/in/georgi-gerganov-b230ab24/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONGhetto Forensic, command line Linux investigation
by Peter Dangov , lang: BG
see more +
Secure distroless OCI images via YAML
by Victor Bonev , lang: EN
see more +
The secure software supply chain Function S3C
by Alexandar Andonov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/aleksandar-venelinov-andonov/
Lecture language: English
DOWNLOAD PRESENTATIONPurple Team assessment
by Iliyan Velikov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/iliyan-velikov-7a895253/
Lecture language: English
DOWNLOAD PRESENTATIONBSides Sofia 2022 - Keynote
by Bozhidar Bozhanov, Minister of e-Government , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/bozhidar-bozhanov/
Lecture language: Bulgarian
Vulnerabiltiy Full Disclosure
by Stoyan Kolev, Lyubomir Vanyov (CEO shkolo.bg) and Vladimir Dimitrov from Cybercrime unit , lang: BG
see more +
Lecture language: Bulgarian
The internet is full with vulnerabilities. If more people are looking to identify and disclose them responsibly it will be a safer place. We are going to discuss the how can responsible disclosure help business and public sector to stay safe and bounty hunters out of trouble.
DOWNLOAD PRESENTATIONApplication security into DevOps
by Svetlomir Balevski , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/svetlomir-balevski-a366767/
Lecture language: Bulgarian
Embedding security into DevOps pipelines
DOWNLOAD PRESENTATIONCharge my car for free forever
by Vangelis Stykas , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/vangelis-stykas/
Lecture language: English
During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them.
DOWNLOAD PRESENTATIONFront end Security
by Martin Stoynov and Spas Genov , lang: BG
see more +
Evolution of client-side applications, common security misconceptions, demonstrating impact, improvements and good practices.
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONSecuring Kubernetes with Open Policy Agent
by Anton Sankov , lang: BG
see more +
Twitter: https://twitter.com/a_sankov
Lecture language: Bulgarian
This presentation will go over what admission controllers are, how they work and how OPA leverages this functionality to protect your Kubernetes cluster. We will also dive into Rego and writing our custom OPA policies.
DOWNLOAD PRESENTATIONDecrypting IPTV
by Radoslav Gerganov , lang: BG
see more +
Twitter: https://twitter.com/rgerganov
Lecture language: Bulgarian
Many ISPs in Bulgaria are offering IPTV to their customers in addition to internet services. Usually IPTV is delivered with a set-top box device (STB) which is connected to the ISP network and the user's TV.
DOWNLOAD PRESENTATIONCommon security pitfalls in AWS Public cloud for highly regulated industries
by Daniel Rankov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/danielrankov/
Lecture language: English
Common misconfigurations and vulnerabilities making the cloud presense insecure
DOWNLOAD PRESENTATIONWhere and how to implement Security in Software Development
by Bojidar Bojanov , lang: BG
see more +
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONCommit to memory making the best of your notes
by Plamen Kalchev , lang: BG
see more +
LinkedIn: https://www.linkedin.com/in/plamenkalchev/
Lecture language: Bulgarian
DOWNLOAD PRESENTATIONUnencrypted malware, the invisible threat
by Radostina Kondakova, Jordan Popov , lang: BG
see more +
Lecture language: Bulgarian
A walk-through over the Secure Software Development Life Cycle(SDLC) focusing on prevention and early adoption of security concepts and mechanisms in easy steps.
DOWNLOAD PRESENTATIONAD Reconnaissance Red Team Exercise in Finding Hidden AD Relationships
by Kristian Mladenov, Tsvyatko Bikov , lang: BG
see more +
Lecture language: Bulgarian
The Active Directory (AD) in an organization holds the keys to the kingdom. Although your vulnerability scanner shows no critical vulnerabilities at the OS and software level, could you say the same for your Active Directory configuration?
DOWNLOAD PRESENTATIONHow to collect linux Malware
by Sergey Kostov , lang: EN
see more +
LinkedIn: https://www.linkedin.com/in/sergey-kostov-7a605a13/
Lecture language: English
How and where can we find a Linux malware and how we use it for "good" purposes.
DOWNLOAD PRESENTATION