BSides Sofia 2026

BSides Sofia 2026 • TechArena @ Technical University, Sofia • 5th Anniversary Edition • 21-22 March 2026 • BSides Sofia 2026 • TechArena @ Technical University, Sofia • 5th Anniversary Edition • 21-22 March 2026 • BSides Sofia 2026 • TechArena @ Technical University, Sofia • 5th Anniversary Edition • 21-22 March 2026 • BSides Sofia 2026 • TechArena @ Technical University, Sofia • 5th Anniversary Edition • 21-22 March 2026 •

Five years of building
Bulgaria's infosec community.

Security BSides Sofia is an international cybersecurity conference organized by and for the information security community. Since 2022 we have brought together researchers, practitioners, and enthusiasts for talks, workshops, and hands-on learning - covering ethical hacking, incident response, IoT security, forensics, compliance, AI security, and everything in between. For our 5th anniversary we are moving to the Technical University of Sofia with 500+ attendees, two tracks of content, and a full day of cybersecurity. No corporate agenda - just community, knowledge sharing, and real experience with real tools.

Watch past talks

09:00

Registration

09:30

When Policy Fails: Turning Kubernetes OPA/Gatekeeper Violations into Detections

Jorge Calleja

This workshop walks through building, end to end, a Policy-as-Detection pipeline for Kubernetes.

Everything that is traditionally treated as compliance or policy enforcement (OPA / Gatekeeper) is transformed into actionable detection signals: alerts, dashboards, and tickets -- all managed using GitOps and Terraform, just like the rest of modern infrastructure.

Instead of policies silently blocking workloads or producing YAMLs nobody reviews, violations become measurable, observable, and operational security signals.

Hands-on

12:30

Break

13:00

MacOS Investigation Workshop

Evgen Blohm

The goal of this workshop is to equip participants with the essential knowledge and practical skills needed to perform forensic analysis of macOS systems in the context of modern threats.

Although macOS devices still represent a smaller share of enterprise environments compared to Windows, they are increasingly targeted by threat actors. As a result, macOS security and forensic analysis remain less mature and underrepresented in many organizations' defensive strategies. Recent industry reports -- including findings from Red Canary showing a 400% increase in macOS-related threats between 2023 and 2024 -- highlight the urgent need for improved visibility and expertise in this area.

This workshop will guide participants through the fundamental steps of conducting macOS forensic investigations, including:

- Creating logical and triage images of macOS devices
- Identifying and interpreting key system artifacts
- Investigating artifacts for evidence of threat actor activity
- Utilizing common forensic tools to support analysis
- Understanding the evolving macOS threat landscape

By the end of this workshop, participants will be able to independently conduct forensic investigations on macOS systems and will receive additional resources to support continued learning and future casework.

Hands-on

15:30

Closing

All talks and workshops are selected by an independent programme committee of industry professionals with deep expertise in offensive security, incident response, threat intelligence, and applied research.