BSides Sofia 2026

09:00

Registration & Coffee

09:30

Opening Keynote

09:45

Digital Predator Toolkit

Chris Kubecka

Marketing technology already knows more about us than we'd like to admit. But what happens when predators, not advertisers, use the same digital tools against children and teens? Across the internet, young people are silently profiled, categorised and targeted based on their vulnerabilities. These techniques are being exploited not only for sexual grooming, but also to recruit teens into cybercrime, influence operations and even nation-state sabotage. This emerging threat, what we call the "Yellow Digital Predator Toolkit", sorts children into high-risk groups without their knowledge, turning ordinary online spaces into recruitment zones for exploitation, manipulation and harm. From self-harm communities to criminal networks, the danger isn't at the doorstep anymore. It's already inside your kid's bedroom

10:30

Slithering Through the Noise: Deep Dive into the VIPERTUNNEL Python Backdoor

Evgen Blohm

Malware development is a process of continuous refinement. In this session, we analyze the evolution of VIPERTUNNEL, a Python-based backdoor used by the UNC2165 (EvilCorp) activity cluster for stealthy persistence and network pivoting. The core of this talk focuses on the "evolutionary leap" in the malware's code logic and defensive posture. We will walk through three distinct stages of its development:
1. The Public Phase: Early variants that relied on well-documented, open-source obfuscators (like pyobfuscate), which are easily defeated by standard tools.
2. The Prototype: The emergence of a custom-built loader that, while still exhibiting "noisy" cleartext strings and linear execution, signaled a shift toward a private, proprietary framework.
3. The Production Variant: The current "gold standard" used in DragonForce engagements. This version is a multi-layered beast featuring ChaCha20 encryption, BLAKE3 integrity checks, and control-flow flattening to force analysts into a grueling, non-linear reversing process. We will also explore the "Shared DNA" between VIPERTUNNEL and other tools like the ShadowCoil credential stealer. By analyzing a privately maintained, multi-stage packer common to both, we uncovered unexpected Linux-specific anti-debugging checks buried within Windows-targeted payloads -- a clear indicator of modular, cross-platform ambitions by the developers.

11:00

Coffee Break

11:30

Unmasking Coordinated Threats: Analyzing Node.js Malware on GitHub

George Gerontakis

Our study highlights how public platforms, trust in open collaboration, and the rapid dissemination of software can be exploited to distribute misinformation or conduct covert operations. We explored the Node.js code on GitHub and we revealed a coordinated online deception involving fake companies. What started as an inquiry into potential malware evolved into a broader examination of how open-source ecosystems can be manipulated for geopolitical or criminal purposes. By tracing digital footprints, analyzing behavioral patterns, and connecting disparate online identities, the investigation uncovered a network of fabricated corporate entities designed to project legitimacy and obscure malicious intent. Beyond the specific case, it raises questions about the intersection of cybersecurity, transparency, and global digital ethics. The findings emphasize the need for stronger verification practices, responsible reporting, and collective vigilance within developer and research communities to preserve the integrity of open digital spaces.

12:00

Bot vs. Bash: How Modern Threat Actors are Actually Using AI

Daniel Kapellmann Zafra

Generative AI is fundamentally transforming our society and the way in which we work. This massive technological shift offers unparalleled opportunities for innovation, yet it simultaneously introduces a new set of complex challenges. Given the increasing relevance of AI today and its defining role in our near future, it is critical to look beyond the noise and examine the reality of the current threat landscape. This session provides real-world observations from the front lines of threat intelligence to demonstrate exactly how these tools are being utilized by adversaries.

Drawing on recent research, we will explore how both state-sponsored APTs and financially motivated actors are currently integrating Large Language Models (LLMs) into their workflows. Our observations reveal that attackers are rarely using AI to create "super-malware." Instead, they are leveraging it to dramatically increase the efficiency and quality of their existing operations. We will dive into specific use cases, including redefining social engineering, accelerating reconnaissance, and generating malicious code snippets.

The mission of this talk is to provide visibility into the current landscape and raise awareness across the InfoSec community. By sharing the threats we find in the wild, we aim to equip defenders with the context needed to identify AI-augmented threats within their own environments. While the technology is evolving, staying informed is our best defense in ensuring the secure adoption of AI.

12:45

Lunch

14:00

Bro, Do You Even Supply Chain?

Plamen Petkov

The software supply chain security market is exploding. Vendors are raising hundreds of millions of dollars to sell dashboards, agents, and continuous scanning.

But here's the uncomfortable truth: almost none of these tools solve the core problem.

Despite massive investment, most organizations still cannot answer a basic question:

Can my customers independently prove that this binary came from the source code I claim it came from?

This talk addresses the elephant in the room that the industry largely avoids. We'll cut through vendor hype and show how to implement real, end-to-end software supply chain security using 100% free and open source tools.

We'll walk through how to use SLSA and in-toto to generate and verify attestations at every stage of the pipeline, from source commit, through build, to customer delivery.

The focus is on verifiable provenance, not marketing claims: no subscriptions, no lock-in, and no reliance on vendor-controlled platforms.

Attendees will see a complete, practical workflow for producing artifacts that customers can independently verify, using open standards and tools that are available today.

14:40

Satellite Hacking for Dummies

Emil Raychev

Satellites contribute to our daily lives more than we can imagine. From GPS to internet access to even giving us critical data about our weather. Yet, we seem totally oblivious as to how easy it is for this vital infrastructure to be misused by malicious actors. What happens when the weakest link in your security system is 500 km above Earth?

15:15

Coffee Break

15:45

Next Generation Penetration Testing

Lachezar Uzunov

In my talk, I will walk through the classical penetration test approach, where and why it fails, and how to make the penetration testing more fun, effective and realistic.

16:15

Hijacking AI Agents with Special Token Injection (STI)

Armend Gashi

Agents based on Large Language Models (LLMs) are increasingly susceptible to vulnerabilities reminiscent of early-2000s software bugs. One such emerging technique is Special Token Injection (STI), which targets the model's tokenizer. By injecting sequences of reserved tokens that are interpreted as privileged control-flow instructions rather than normal text, an attacker can hijack the model to perform arbitrary instructions. These manipulations can include the use of unintended special tokens such as role separators, function or tool calls, and beginning- or end-of-sequence tokens within structured prompts, allowing attackers to hijack the agent's functionality.

When successfully exploited, Special Token Injection can lead to a range of security failures, including:

- Context poisoning
- Agent instruction (system prompt) manipulation
- Function/Tool call misuse and unauthorized invocation
- Cross-turn state corruption for multi-step agents
- Multi-agent workflow corruption
- Unbounded token consumption

In this talk, we'll demystify STI: what it is, how we found it, where it lurks, and why it matters. We'll walk through real-world examples and explore its broader implications in AI security from a pentester's perspective.

17:00

Cybersecurity Team Meetup: National Team Qualification Orientation

Petar Anastasov

Members of the Bulgarian cybersecurity community and people involved with the national team selection process will be available for an informal meetup. This short orientation is intended for students and young professionals who are curious about cybersecurity competitions, training opportunities, and the qualification process for the national team. We will briefly explain how the selection works, what skills are expected, and how you can start preparing. If you are interested in CTFs, offensive security, reverse engineering, or simply want to meet others who share the same passion, feel free to join us after the conference. No registration is required — just come by and say hello.

17:30