BSides Sofia

Security BSides Sofia 2022


Watch Event Recordings

Stay in the loop for future events. Join us on Discord  

About Security BSides


Security BSides is a community-driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! We are responsible for organizing an independent Security BSides-Approved event for Sofia, Bulgaria.

The idea

The idea behind the Security BSides events is to organise an open (and low cost) Information Security conference where professionals, experts, researcher, and InfoSec enthusiasts come together to discuss the next "big thing".

BSides is not restricted only to ethical hacking, but instead the conference is open to a wide range of subjects related to security such as incident response, IoT security, computer forensics, security standards and of course compliance.

Our Goal

To bring a well-known event to the InfoSec community in Bulgaria, where professionals, academics and researchers can participate for free and educate themselves on various InfoSec related disciplines.

The event will also provide an opportunity to students, rookies and security enthusiasts to get involved and be heard in a worldwide exposed event.

Who is organising this event?

The short answer to this is YOU. This is what makes these events so successful and a unique experience. Security BSides events are organized: the community, for the community

Our Partners, our volunteers, our community supporters, our speakers, our delegates and more importantly you. Support this initiative to have a Security BSides event in Sofia.

BSides Sofia 2022 Partners


BSides Sofia 2022 Speakers, Agenda and CTF winners

Click on the title to view video from the talk

After a tough competition with 28 participants, the winners are:

  1. Kernel Trailblazor (5 400 points)
  2. Anonymous Raspberry Pi (5 341 points)
  3. Registry Antivirus (5 100 points)


The internet is full with vulnerabilities. If more people are looking to identify and disclose them responsibly it will be a safer place. We are going to discuss the how can responsible disclosure help business and public sector to stay safe and bounty hunters out of trouble.



Embedding security into DevOps pipelines



During this talk, we will see that they suffer from typical "rush to market" problems that can potentially allow a remote attacker to control them.



Evolution of client-side applications, common security misconceptions, demonstrating impact, improvements and good practices.


This presentation will go over what admission controllers are, how they work and how OPA leverages this functionality to protect your Kubernetes cluster. We will also dive into Rego and writing our custom OPA policies.



Many ISPs in Bulgaria are offering IPTV to their customers in addition to internet services. Usually IPTV is delivered with a set-top box device (STB) which is connected to the ISP network and the user's TV.



Common misconfigurations and vulnerabilities making the cloud presense insecure



A walk-through over the Secure Software Development Life Cycle(SDLC) focusing on prevention and early adoption of security concepts and mechanisms in easy steps.



The Active Directory (AD) in an organization holds the keys to the kingdom. Although your vulnerability scanner shows no critical vulnerabilities at the OS and software level, could you say the same for your Active Directory configuration?



How and where can we find a Linux malware and how we use itfor "good" purposes.



Description of the differences between the blockchain consensus.

Unfortunately, there is no video avaliable from this presentation.