Bsides Cairo is an information security conference which will host information security professionals, security researchers, academics, undergrads, graduate students, corporations and any person who wants to share knowledge and learn from others.
We look forward to bring together experts, researchers and students to share their thoughts, projects, experiences to face together the current information security challenges of our days and to come up with new ideas and collaborations.

Our mission is to create a more knowledge-based event regardless of age, academic title or industrial position, and to provide the egyptian community with an alternative event by removing the current common industrial and marketing-driven conferences barriers and providing a more technical approach regarding all the organization aspects of an information security conference, from the speakers, to the target audience.


Student Ticket


  • Talks attendance
  • Side discussions
  • 1 Coffee Breaks
  • Lunch
  • Swags

Submit your currently valid student ID to proof your title and get the discount.

Apply for the discount
Standard Ticket


  • Talks attendance
  • Side discussions
  • 1 Coffee Breaks
  • Lunch
  • Swags
PayMe Store
Local payment option

Call for Volunteers:
The Security BSides Cairo team is looking for volunteers who want to participate in organising the conference day.

Important Dates:
  • + Applications submissions due: Friday, November 16, 2018, 11:59 PM EET
  • + Early feedback notification: Sunday, November 25, 2018
  • + Applicants responses due: Friday, November 30, 2018
  • + Final volunteers list: Wednesday, December 5, 2018

Why BSides Cairo?

Get Inspired
Meet New People
Fresh Tech Insights
Networking Session
Global Event
Free Swags

The GrEEK Campus

171 Tahrir St., Bab El Louk, Ad Dawawin, Abdeen, Cairo Governorate 11513, EGYPT

February 2, 2019

08:00 AM – 08:00 PM

200 Available Seats

Hurryup! Few tickets are left

Lunch & Coffee

For free

Call for talks

Important Dates:
  • + Talks submissions due: Sunday, September 30, 2018, 11:59 p.m. EET
  • + Early feedback notification: Saturday, October 20, 2018
  • + Final authors confirmation due: Tuesday, November 20, 2018
  • + Program out to public due: Tuesday, January 1, 2019
  • + Conference: Saturday, February 2, 2019

Your hacker talk can be as one of the following formats:
  • + Short talk: 20 min + (5 to 10 min) for Q&As
  • + Long talk: 40 min + (5 to 10 min) for Q&As
You can surely propose a different format if you think that would help you in spreading the knowledge… ;)

Side discussions:
We loved the event format of BSides Zurich, where, after each talks session, speakers move to separate rooms where attendees who are interested in their talks can join them and engage in active discussions along with snacks and coffee.
So, we have setted up some side-discussion tables where speakers and attendees can continue chatting about the talk’s topic in a more easy way.

Topics of interest are (of course not limited to):
  • + Binary exploitation
  • + Vulnerability hunting
  • + Reverse engineering
  • + Hardware security
  • + Network security
  • + Web security
  • + Mobile security
  • + Digital forensics
  • + Applied cryptography
  • + Secure coding
  • + Fuzzing
  • + Social engineering
  • + Malware analysis
  • + Defensive and offensive strategies
  • + Wireless security
  • + Lockpicking
  • + Phishing
  • + Privacy

Review Process:
After the CfT deadline, our review board have 1 month to look over all submissions and give a score to each proposal. A rejection and an acceptance lists will be built based on the given scores.
The proposals with the highest score will move to the first batch of acceptance notice and strong rejections will be immediately sent out too.
In the next few weeks the board will start contacting the authors with the highest scores to confirm their proposals acceptance and start filling the conference program. If the accepted speaker doesn't respond, doesn't want to or can't attend anymore, the board will move on with the next highest scored proposals in the acceptance list.
Once the conference program is full, the board starts to provide feedback for the remaining submissions. We hope to manage notifying all the confirmed speakers at least 2 months before the conference date.
The final agenda and talks abstracts will be out by January 1, 2019!!!

If you have any doubt or question about the CfT, please reach out to us via email or Twitter


Welcome notes and conference presentation
Location: Auditorium

The mist is low over the ground. You walk past the rubble of ransom’d hard drives, manipulated PCBs, and broken systems. The air is heavy with disappointment from keys lost, and the silent betrayal of infected third party libraries. The power has been out for so long and you have lost track of time. But you see a path forward, and It fills you with determination.
This talk examines four examples of software supply chain attacks. Each example highlights different aspects of this class of attacks. I discuss method, motive, scale and impact. The examples which will be presented are: getcookies NPM backdoor; Linux mint distribution takeover; MEGA chrome extension hijacking; and NotPetya ransomware attack.

Location: Auditorium


Grace is a Security Engineer at Google working in Detection & Response. She is responsible for detection of malicious activity on Google’s networks and deep analysis of threats on their corporate, production, and acquisition environments. She works on engineering challenges that get Google closer to having fully automated detection and response systems. In her spare time she likes mentoring women in tech, playing video games, and painting watercolors.


Capture the Flag (CTFs) are competitions and puzzles based on real world information security vulnerabilities and challenges that are played online or at security events and conferences. Individuals or teams race against the clock solving complex and fun exercises gathering ‘flags’ to earn points. It’s an opportunity for existing and new skills to meet and grow in a great environment, but many have no idea where to start or how to get involved. If you want to grab some flags this talk is for you!
Come play some common CTF games with me where I’ll answer frequently asked questions on how to play and where to find the resources you’ll need to be successful as you start to learn new skills, make new friends and happily pwn all the things no matter your skill level.

Location: Auditorium


Heidi is an Australian professional currently specialising in cyber security risk management, incident management and operations. She has worked in IT project management, system administration, telecommunications and compliance, before making the switch to cyber security, where she has had the opportunity to experience both government and enterprise environments. She has a strong interest in offensive and deceptive security projects and has recently been delving into malware analysis and cyber threat intel. While also being a self-declared perpetual n00b, Heidi spends her time giving back to the community by volunteering at conferences across the globe, organising meet ups and CTFs, and running popular community projects to educate young and old on the joys of the infosec.


With the recent advancements in technology, more people are aware of the importance of security. More companies started paying huge rewards to protect the sensitive information of their customers. Automated scanners won’t yield you bugs these days. Automated scanners can’t be used to scan every website you visit daily. You need a smart scanner while hunting for bugs.

Github link of the tool - https://github.com/rewanth1997/vuln-headers-extension

I found vulnerabilities in Bugcrowd, Hotstar, Medium, Signup.com, Chargify etc using this minimal browser extension. In this talk, we will be focusing on creating your own minimal smart scanner as browser(Firefox ESR) extension to detect header related vulnerabilities. This extension monitors the request and response headers passing through your browser and detects vulnerabilities in them. The browser extension is capable of detecting CORS misconfigurations, host header injections, and clickjacking vulnerabilities.
In the process, you will be learning about basic header vulnerabilities like CORS misconfiguration, host header injection, clickjacking and exploitation scenarios, detection methods and the biggest bounties earned through simplest detection techniques for each of the above vulnerabilities.

Location: Auditorium


Rewanth Cool is currently working as a security consultant at Payatu. He was a speaker at HITB Dubai, Null Pune and trainer at MIT Pune. He participates in numerous Capture-the-Flags (CTF) and enjoys participating in private bug bounty programs. He is a programmer and open source contributor. He collaborated with Daniel Miller a.k.a bonsaviking and added 17,000 lines of code to Nmap. Currently, he is focused on Machine Learning and vulnerability research.


Nobody cares about his smart-home security, and nobody seems to care about smart-city threats that affect billions people. However, what about threats in connected medicine that are able to change the life of a patient?
Patient-doctor confidentiality is a sacred bond. A time to share anxieties and concerns with an entrusted caretaker and no one else. So how do we account for that silent third-party watching the doctors?
Medical infrastructure is a highly sought after target for motivated cybercriminals. That ‘infrastructure’ is in reality a combination of unusual outdated devices coupled with unpatched forgotten machines. That combination is riddled with entry points into medical networks allowing threat actors to sit alongside doctors and administer their hostile brand of bedside manner.
The threat is far from theoretical. This year alone has been riddled with healthcare related headlines: “WannaCry Malware Caused Chaos for National Health Service”, “Two major Indonesian hospitals attacked in ‘ransomware’ storm”, “Hackers publish private photos from cosmetic surgery clinic”. But just how big is this threat?
The numbers are staggering. Our research will show that more than 70% of medical organizations have faced some kind of malware attack in the last six months. One in ten was the subject of an attempted ransomware attack. And that the healthcare industry alone accounts for 30% of recent data leaks. Is your anxiety peaking yet?
Well, pop a Xanax and join us for a therapy session on the dreadful state of medical infrastructure.
Based on research of various smart-city and connected medical devices, this session will offer a guide which will answer the following question: how to survive in the connected world?

Location: Auditorium


Denis has gained diverse experience while working in the information security area. On the defensive side, as a Security Architect, he is responsible for building a security architecture of distributed IT infrastructure across various international business units for a global Fortune 500 company.
As a security researcher with the Global Research and Analysis Team at Kaspersky Lab, he was focused on vulnerability research and security assessment of emerging technologies. Based on his offensive expertise, he's been a founder and leading expert in the development of a threat intelligence product.
Having graduated from the Information Security Faculty of the National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), he is continuing his research project related to methods of targeted attack detection as a Ph.D. candidate.
Denis has presented at many public international security conferences, including Defcon, RSA Conference, CARO, BSides, Infosecurity, as well as multiple closed-door invite-only security industry events.


Social Engineering has many different faces from using open source intelligence (OSINT), phishing,vishing, smishing and all the other '-ishings',dropping weaponized USB flash drives to eventually getting right in middle of your target's own office and pwn all things! As there are many tools and described ways of all the -ishings and almost all of them do not require any interaction with target because it does not require to leave your warm chair in front of your machine at home. But everyone wants to break into buildings like a pirate queen, am I right? To do that , we will have to interact with our target directly and that requires certain knowledge of techniques and skills.
I will describe techniques using knowledge of facial expressions, body language, psychology behind influence and persuasion and how to manipulate targets into believing my pretext and comply with my (evil) plans. I will step over to the defensive side as well and explain how to defend against the attack techniques I use.

Location: Auditorium


Grace O’Malley is pirate queen from 16th century that breaks into buildings, exfiltrates sensitive data and gets to places where she shouldn’t be, manipulates people to comply with her demands…oh and Sharka is the nice one, she has been in IT for over 10 years and has rich experience in blue team environment having worked in and managed SOC that guards national British infrastructure in past. Currently she works as penetration tester for SureCloud where she tests everything from infrastructure, web apps to payment systems and specializes in social engineering. In her free time, she researches mainly around radio frequency technologies.


MuddyWater is a threat actor likely based in Middle East, with known activities since at least the middle of 2017. It targets various individuals, government organizations and industries in many countries all across the Middle East and Central Asia, with the highest intensity of targets in Turkey, Pakistan, Afghanistan and Jordan.
Starting with spear phishing emails and macro-powered attachments sent to carefully selected high profile targets, the threat actor attempts to deliver and install various backdoors written in different programming languages to the victims' computers – all with the purpose of performing cyber espionage. One of these backdoors has interesting capabilities, such as disk wiping, anti-analysis and numerous false flags. To increase stealthiness, C&C communication is forwarded via PHP proxies hosted on hacked websites, creating an asynchronous communication channel. We took advantage of this configuration to monitor the activity of this actor, discovering the identities of some of the victims as well as some commands which attackers attempted to execute on victims’ machines.
In this presentation, we will show the most recent evolution of the tools, tactics and procedures of this threat actor. We will present some examples of targeted documents and the multiple layers of obfuscation added to their payloads. We will also detail the different tools this threat actor uses, and we will propose some ideas on how to prevent and hunt for these threats.

Location: Auditorium

Jaromir's Biography:

Jaromir Horejsi is a threat researcher at Trend Micro. He specializes in hunting and reverse-engineering threats that target Windows and Linux. He has researched many types of threats over the course of his career, covering threats such as APTs, DDoS botnets, banking Trojans, click fraud and ransomware. He has successfully presented his research at RSAC, Virus Bulletin, FIRST, AVAR, Botconf and CARO.

Daniel's Biography:

Daniel Lunghi is a threat researcher at Trend Micro. He has been hunting malware and performing incident response investigation for years, sometimes in IT infrastructures involving thousands of hosts.


Security detection often feels like being stuck in an endless cycle. Acquire new data, sift through the data, get overloaded, drive new automation initiatives to get us out of our backlog, and then we break stuff all over again. What if detection at scale wasn’t this at all? What if our job wasn’t to process logs at all?
The Google Detection & Response team would like to show you how we are reframing our perspective of what security engineers should be experts in. Stepping back from the day to day analysis of endless log sources. Instead, we research new detection ideas and codify those into a framework supported by end to end testing. Examples of how real Google security engineers approach this idea included.

Location: Auditorium


Kris Hunt is the manager of the Australian arm of the Google Detection & Response team. He has focused on the detection side of security for the past 15 years and today, his role is to lead teams of security engineers who innovate and evolve Alphabet's detection systems to match the ever increasing sophistication of attackers.


Amgad Magdy
Hany Ragab
Alexandro Calò
Simone Bossi
Ramy Sherif
Khaled Mansour


Bronze Sponsors
Custom Sponsors
Community Partners


Cairo’s first technology and innovation park in the heart of Egypt.
171 Tahrir St., Bab El Louk, Ad Dawawin, Abdeen, Cairo Governorate 11513, EGYPT

Code of Conduct

BSides Cairo is dedicated to providing a harassment-free, constructive, inclusive and pleasant atmosphere for everyone. We do not tolerate harassment or discrimination of conference participants in any form.
Conference participants violating these rules may be sanctioned or expelled from the conference without a refund.
We expect participants to follow these rules at all event venues and event-related social activities. We think people should follow these rules outside event activities too!

If someone makes you or anyone else feel unsafe or unwelcome, please report it as soon as possible.
Harassment and other code of conduct violations reduce the value of our event for everyone. We want all participants to be happy at our event.
Contact a conference volunteer, identified by a volunteer shirt/lanyard, the volunteer will get one of the organisers to take your report, or you can contact an organiser directly, identified by an organiser shirt/lanyard.

Shoot Us A Message

bsidescairo [at] gmail [dot] com