The Cybersecurity
Community Conference

Keynote address to kick off the 5th anniversary edition of BSides Sofia.

Marketing technology already knows more about us than we’d like to admit. But what happens when predators, not advertisers, use the same digital tools against children and teens? Across the internet, young people are silently profiled, categorised and targeted based on their vulnerabilities. These techniques are being exploited not only for sexual grooming, but also to recruit teens into cybercrime, influence operations and even nation-state sabotage. This emerging threat, what we call the “Yellow Digital Predator Toolkit”, sorts children into high-risk groups without their knowledge, turning ordinary online spaces into recruitment zones for exploitation, manipulation and harm. From self-harm communities to criminal networks, the danger isn’t at the doorstep anymore. It’s already inside your kid's bedroom

Malware development is a process of continuous refinement. In this session, we analyze the evolution of VIPERTUNNEL, a Python-based backdoor used by the UNC2165 (EvilCorp) activity cluster for stealthy persistence and network pivoting. The core of this talk focuses on the "evolutionary leap" in the malware's code logic and defensive posture. We will walk through three distinct stages of its development:
1. The Public Phase: Early variants that relied on well-documented, open-source obfuscators (like pyobfuscate), which are easily defeated by standard tools.
2. The Prototype: The emergence of a custom-built loader that, while still exhibiting "noisy" cleartext strings and linear execution, signaled a shift toward a private, proprietary framework.
3. The Production Variant: The current "gold standard" used in DragonForce engagements. This version is a multi-layered beast featuring ChaCha20 encryption, BLAKE3 integrity checks, and control-flow flattening to force analysts into a grueling, non-linear reversing process. We will also explore the "Shared DNA" between VIPERTUNNEL and other tools like the ShadowCoil credential stealer. By analyzing a privately maintained, multi-stage packer common to both, we uncovered unexpected Linux-specific anti-debugging checks buried within Windows-targeted payloads—a clear indicator of modular, cross-platform ambitions by the developers.

Our study highlights how public platforms, trust in open collaboration, and the rapid dissemination of software can be exploited to distribute misinformation or conduct covert operations. We explored the Node.js code on GitHub and we revealed a coordinated online deception involving fake companies. What started as an inquiry into potential malware evolved into a broader examination of how open-source ecosystems can be manipulated for geopolitical or criminal purposes. By tracing digital footprints, analyzing behavioral patterns, and connecting disparate online identities, the investigation uncovered a network of fabricated corporate entities designed to project legitimacy and obscure malicious intent. Beyond the specific case, it raises questions about the intersection of cybersecurity, transparency, and global digital ethics. The findings emphasize the need for stronger verification practices, responsible reporting, and collective vigilance within developer and research communities to preserve the integrity of open digital spaces.

Generative AI is fundamentally transforming our society and the way in which we work. This massive technological shift offers unparalleled opportunities for innovation, yet it simultaneously introduces a new set of complex challenges. Given the increasing relevance of AI today and its defining role in our near future, it is critical to look beyond the noise and examine the reality of the current threat landscape. This session provides real-world observations from the front lines of threat intelligence to demonstrate exactly how these tools are being utilized by adversaries.

Drawing on recent research, we will explore how both state-sponsored APTs and financially motivated actors are currently integrating Large Language Models (LLMs) into their workflows. Our observations reveal that attackers are rarely using AI to create "super-malware." Instead, they are leveraging it to dramatically increase the efficiency and quality of their existing operations. We will dive into specific use cases, including redefining social engineering, accelerating reconnaissance, and generating malicious code snippets.

The mission of this talk is to provide visibility into the current landscape and raise awareness across the InfoSec community. By sharing the threats we find in the wild, we aim to equip defenders with the context needed to identify AI-augmented threats within their own environments. While the technology is evolving, staying informed is our best defense in ensuring the secure adoption of AI.

The software supply chain security market is exploding. Vendors are raising hundreds of millions of dollars to sell dashboards, agents, and continuous scanning.

But here’s the uncomfortable truth: almost none of these tools solve the core problem.

Despite massive investment, most organizations still cannot answer a basic question:

Can my customers independently prove that this binary came from the source code I claim it came from?

This talk addresses the elephant in the room that the industry largely avoids. We’ll cut through vendor hype and show how to implement real, end-to-end software supply chain security using 100% free and open source tools.

We’ll walk through how to use SLSA and in-toto to generate and verify attestations at every stage of the pipeline, from source commit, through build, to customer delivery.

The focus is on verifiable provenance, not marketing claims: no subscriptions, no lock-in, and no reliance on vendor-controlled platforms.

Attendees will see a complete, practical workflow for producing artifacts that customers can independently verify, using open standards and tools that are available today.

Satellites contribute to our daily lives more than we can imagine. From GPS to internet access to even giving us critical data about our weather. Yet, we seem totally oblivious as to how easy it is for this vital infrastructure to be misused by malicious actors. What happens when the weakest link in your security system is 500 km above Earth?

In my talk, I will walk through the classical penetration test approach, where and why it fails, and how to make the penetration testing more fun, effective and realistic.

Agents based on Large Language Models (LLMs) are increasingly susceptible to vulnerabilities reminiscent of early-2000s software bugs. One such emerging technique is Special Token Injection (STI), which targets the model’s tokenizer. By injecting sequences of reserved tokens that are interpreted as privileged control-flow instructions rather than normal text, an attacker can hijack the model to perform arbitrary instructions. These manipulations can include the use of unintended special tokens such as role separators, function or tool calls, and beginning- or end-of-sequence tokens within structured prompts, allowing attackers to hijack the agent’s functionality.

When successfully exploited, Special Token Injection can lead to a range of security failures, including:

- Context poisoning
- Agent instruction (system prompt) manipulation
- Function/Tool call misuse and unauthorized invocation
- Cross-turn state corruption for multi-step agents
- Multi-agent workflow corruption
- Unbounded token consumption

In this talk, we’ll demystify STI: what it is, how we found it, where it lurks, and why it matters. We’ll walk through real-world examples and explore its broader implications in AI security from a pentester’s perspective.

This workshop walks through building, end to end, a Policy-as-Detection pipeline for Kubernetes.

Everything that is traditionally treated as compliance or policy enforcement (OPA / Gatekeeper) is transformed into actionable detection signals: alerts, dashboards, and tickets — all managed using GitOps and Terraform, just like the rest of modern infrastructure.

Instead of policies silently blocking workloads or producing YAMLs nobody reviews, violations become measurable, observable, and operational security signals.

The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.

Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations’ defensive strategies. Recent industry reports — including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 — highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

- Creating logical and triage images of macOS devices
- Identifying and interpreting key system artifacts
- Investigating artifacts for evidence of threat actor activity
- Utilizing common forensic tools to support analysis
- Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.