BSides Sofia 2024 schedule announced. Browse here  

International Cybersecurity Community Event

March 23 - 24, 2024,
Aula Maxima, University of National and World Economy, Sofia

What is Security BSides?

Security BSides is an International Cybersecurity Event by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Sofia, Bulgaria.

BSides Sofia 2024

Date: March 23 - 24, 2024

Location: Aula Maxima, University of National and World Economy, Sofia (see map)

The idea

The idea behind the Security BSides events is to organise an open (and low cost) Information Security conference where professionals, experts, researcher, and InfoSec enthusiasts come together to discuss the next "big thing".

BSides is not restricted only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance.

Our Goal

To bring a well-known event to the InfoSec community in Bulgaria, where professionals, academics and researchers can participate for free and educate themselves on various InfoSec related disciplines.

The event will also provide an opportunity to students, rookies and security enthusiasts to get involved and be heard in a worldwide exposed event.

Who is organising this event?

The short answer to this is YOU. This is what makes these events so successful and a unique experience. Security BSides events are organized: ..by the community, for the community

Behind the scenes to drive the event are a number of people, professionals in the area of Information Security, who decided to take the first steps and bring this global event in Bulgaria.

BSides Sofia 2024 Agenda

Keynote - Beyond the Endpoint: My Adventures in API Security Research

by Vangelis Stykas , starts @ 09:40 , lang: EN

see more +

Twitter: https://twitter.com/evstykas

Lecture language: English

Expanding Security Horizons: SIMD-Based Threats

by Andrii Mytroshyn , starts @ 10:10 , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/andriymytroshyn/

Abstract:

As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.

Description:

The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.

Agenda:

  1. 1. Short introduction of SIMD
  2. 2. Attack possibilities with Neon/SSE
  3. 3. Example of attack with GPU and CPU

Lecture language: English

Navigating the Modern Battlefront of JWT Security

by Viktor Mares , starts @ 10:45 , lang: BG

see more +

LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/

Description:

JSON Web Tokens (JWTs) have become omnipresent tools for web authentication, authorization, session management and identity federation. However, some have criticized JWT and associated Javascript Object Signing and Encryption (JOSE) standards for cryptographic design flaws and dangerous levels of complexity. These have arguably led to severe vulnerabilities such as the well-known “alg”:“none” attack.

We will have a closer look at the JOSE standards and identify potential implementation mistakes that might result in vulnerabilities in JWT libraries if the RFCs are interpreted in certain ways. We will look at three modern classes of JWT attacks that affected very widely used libraries (Authlib, JWCrypto & JWX). Two of these attacks (“sign/encrypt confusion” and “polyglot token”) can allow complete token forgery, allowing authentication bypasses or privilege escalation in applications using an affected library and configuration. The third (“billion hashes”) attack can be leveraged for a denial-of-service attack against token-processing servers.

Lecture language: Bulgarian

A Moving Target - Overview of Current Threat Landscape

by Gergana Karadzhova-Dangela , starts @ 11:45 , lang: EN

see more +

LinkedIn: https://www.linkedin.com/in/gergana-karadzhova/

Description:

In this session Gergana Karadzhova-Dangela, a Senior Incident Response Consultant with Cisco Talos, will give an overview of the major trends observed by the Talos Threat Intelligence team in 2023 and the first months of 2024. It will cover the topics of most often exploited vulnerabilities, advanced persistent groups (APTs) and ransomware-as-a-service. The session will focus on how those topics have changed in the past one year and what new challenges (and opportunities) confront the cybersecurity defenders.

Lecture language: English

The Price of Privacy: Doxing and De-anonymization in the Digital Age

by Nikol Georgieva and Kaloyan Ivanov , starts @ 12:45 , lang: BG

see more +

Description:

In our presentation, we'll expose how simple details like name and workplace can lead to doxing, using a real-world example to showcase the ease of personal data extraction from the deep web. We'll highlight the potential for misuse, including identity theft and fraud, emphasizing the urgency of digital hygiene. We will show strategies to safeguard your digital footprint against the hidden dangers of doxing and de-anonymization in the vast, unregulated expanse of the internet.

Lecture language: Bulgarian

Ghetto Superstar (Rootkiting the Linux)

by Petar Anastasov & Yordan Stoychev , starts @ 14:30 , lang: BG

see more +

Twitter: https://twitter.com/YordanStoychev

LinkedIn: https://www.linkedin.com/in/ptrnstsv/

Description:

Jumping into ring 0 to stay invisible and become the system's superstar. We're going to talk about rootkiting the Linux kernel for the sake of patching 'Live Forensics' and 'Incident Response'.

Lecture language: Bulgarian

Malware, Cats and Cryptography

by Zhassulan Zhussupov , starts @ 15:30 , lang: EN

see more +

Twitter: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/

LinkedIn: https://twitter.com/cocomelonckz

Abstract:

Research in the field of reimplementation of ransomware and the role of cryptography in malware development. Application of classical cryptographic algorithms for payload and ransomware encryption. Practical research has been carried out: the results of using Skipjack, TEA, Madryga, RC5, A5/1, Z85, DES, mmb, Kuznechik, etc. encryption algorithms have been analysed. The application of cryptography based on elliptic curves is also being researched. How does all this affect the VirusTotal detection score and how applicable is it for bypassing AV solutions (AV bypass). In some researched practical cases, we get FUD malware. Bypass AV Kaspersky, Windows Defender. ESET NOD32 in some practical cases.

Reverse engineering and code reconstruction with malware development tricks from ransomware and malware like Conti, Snowyamber, Paradise Ransomware, CopyKittens, Hello Kitty etc. Discovered new tricks from Russian APT29 related malware.

Description:

Previous research results have been presented at BlackHat and hack.lu conferences. But I got better results and considered new scenarios.

Lecture language: English

SCADAsploit: a Command & Control for OT. How to break an ICS system

by Omar Morando , starts @ 16:30 , lang: EN

see more +

Twitter: https://twitter.com/OmarMorando

LinkedIn: https://www.linkedin.com/in/omorando/

Description:

SCADAsploit is a C2 (Command & Control) framework, probably the only one at the moment, targeting OT systems. Its powerful arsenal of pre- and post-exploitation modules for SCADA/PLC systems makes it a unique tool in Adversary Simulation operations in the OT and IoT environment. Its modular client/server architecture, which can be controlled remotely with a super-secure connection, provides modules dedicated to penetration testing, vulnerability scanning, asset discovery, and pre- and post-exploitation.

During the presentation I will show a live demo of how to compromise an OT infrastructure consisting of a SCADA workstation, a PLC and an HMI system (all via VM on my local notebook). The attack involves bypassing the EDR system of the Windows/SCADA machine, scanning the OT network, attacking the PLC resulting in system DoS.

Additional notes:

The presentation is structured as follows:

  • • intro on cyber OT
  • • intro on OT/ICS systems
  • • attack surface of an ICS system
  • • intro on Command & Control and the importance of doing adversary simulation
  • • presentation of SCADAsploit C2.OT
  • • live practical demo (15 min)
  • • conclusions

Lecture language: English

From Pixels to Profit: Mastering NFT Evaluation Strategies

by Alejandra Ventura , starts @ 17:30 , lang: EN

see more +

Twitter: https://twitter.com/venturita

LinkedIn: https://www.linkedin.com/in/alejandra-venturac/

Description:

‘NFT Assessment Methodology’ offers an engaging exploration into the world of Non-Fungible Tokens. The presentation breaks down NFT basics, then delves into their vulnerabilities and risks. It features a specialized audit methodology for NFT evaluation. The session also includes real-life applications of NFTs and a hands-on segment on interacting with NFT smart contracts. This presentation is a must-see for anyone looking to stay ahead in the rapidly changing landscape of digital assets.

Lecture language: English

Workshop: Malware Development 101 - From Zero to Non-Hero

by Lachezar Uzunov & Zhassulan Zhussupov (Cocomelonc Twitter) , starts @ 10:00 , lang: EN/BG


REGISTER HERE

see more +

Lachezar Uzunov

Twitter: https://twitter.com/lsecqt

LinkedIn: https://www.linkedin.com/in/lachezar-uzunov-753460173/

Zhassulan Zhussupov

Twitter: https://twitter.com/cocomelonckz

LinkedIn: https://www.linkedin.com/in/zhassulan-zhussupov-5a347419b/

The main goal of the workshop is to give its participants a basic idea of what malware development is and why they might need to learn it in the future.

The workshop has theoretical part as well as a practical one. The participants will need to implement the theory into simple malware, which will be tested against Microsoft Windows Defender.

While participants are free to use a programming language of their own choice, the theory, examples, and demonstration will be carried out using the C/C++ language; thus, it is the recommended language for the workshop.

While the techniques can be implemented in various different environments, it is recommended to stick with the below mentioned specifications:

  • • Windows 10 / Windows 11
  • • Visual Studio 2017 or newer / VS Code
  • • C / C++ compiler ( Desktop development with C++ module from visual studio or GCC )
  • • Web browser
  • • A little bit of motivation

Lecture language: English/Bulgarian

Workshop: Hacking JWTs in modern APIs

by Viktor Mares , starts @ 13:30 , lang: BG


REGISTER HERE

see more +

LinkedIn: https://www.linkedin.com/in/viktor-mares-86989a204/

A 2-3 hour workshop, which will represent an API. It will allow anyone to authenticate, creating a unique JWT token (based on the username), but all users will be created as ‘NOTadmin’. The main goal will be to escalate privileges by forging a JWT token in order to become the ‘admin’ user of that API. The participants will need to derive the Public Key used for signing the JWTs and then use Burp Suite to sign their own forged JWTs.

Lecture language: Bulgarian

Workshop: Purple team assessments execution tips

by Iliyan Velikov , starts @ 15:30 , lang: EN


REGISTER HERE

see more +

LinkedIn: https://www.linkedin.com/in/iliyan-velikov-7a895253

This Purple Team assessment workshop will be in English.

The workshop participants will be part of a consulting firm that is to provide a purple team to a client.

There will be twists and turns as in such engagements.

At the end participants should have the knowledge what to look for and prepare before entering into a purple team engagement.

To make the most of this workshop, participants will have to bring their own machine with:

Lecture language: English

-->