#BSidesCAI

#BC_2Care

IN

BSides IN A NUTSHELL

Bsides Cairo is an information security conference which will host information security professionals, security researchers, academics, undergrads, graduate students, corporations and any person who wants to share knowledge and learn from others.
We look forward to bring together experts, researchers and students to share their thoughts, projects, experiences to face together the current information security challenges of our days and to come up with new ideas and collaborations.

Our mission is to create a more knowledge-based event regardless of age, academic title or industrial position, and to provide the egyptian community with an alternative event by removing the current common industrial and marketing-driven conferences barriers and providing a more technical approach regarding all the organization aspects of an information security conference, from the speakers, to the target audience.

Registration

Student Ticket

$13

EGP210
  • Talks attendance
  • Side discussions
  • 1 Coffee Breaks
  • Lunch
  • Swags

Submit your currently valid student ID to proof your title and get the discount.

Apply for the discount.
Standard Ticket

$40

EGP635
  • Talks attendance
  • Side discussions
  • 1 Coffee Breaks
  • Lunch
  • Swags

Local payment option



Registration for Hack The Box competition:
BSides Cairo team invite you to participate in the first Hack The Box competition in Egypt. Seats are so limited and based on FCFS [Frist Come First Serve], and individuals only [Not Teams]. Kindly read a competition policy in a form before applying, only Top 3 will get awesome gifts + Free Bsides Cairo 2020 access and supported by Pentester Lab, Hak5 and Binary Ninja...

Important Dates:
  • + HTB COMPETITION Registration: Monday, December 30, 2019
Students Ticket Policy:
The Security BSides Cairo team is trying to provide the lowest ticket price for students, so kindly read our policy before applying for a discount code.

Policy:
  • + Have a valid student ID (2018/2019 - 2019/2020)
  • + (Or) A proof from your university or high school [Technical, National and International] that you are a student from the current year in case you haven't Printed ID.
  • + ITI and NTI [Cybersecurity Track] can apply with Student ID or request paper for track management incase no printed ID
  • + Rejected Applications: Old ID [Not 2018-2019 or 2019-2020], National ID / Driver ID , Unclear [Study Year] university / high school proof papers , Fake Uni or school ID / Papers , Professionals who use old Uni ID

Why BSides Cairo?

Get Inspired
Meet New People
Fresh Tech Insights
Networking Session
Global Event
Free Swags

The Greek Campus

February 14 & 15, 2020

200 Available Seats

Lunch & Coffee

For free

Call for papers

Important Dates:
  • + Talks submissions||Mentor Sign-Up start: Saturday, September 21, 2019, 15:00 p.m. EET
  • + Talks submissions due: Wednesday, November 25, 2019, 11:59 p.m. EET
  • + Early feedback||Mentor Sign-Up close notification: Wednesday, November 30, 2019
  • + Final authors confirmation due: Thursday, December 5, 2019
  • + Program out to public due: Saturday, February 1, 2020
  • + Conference: Saturday, February 15, 2020

Your hacker talk can be as one of the following formats:
  • + light talk: 15 min
  • + Short talk: 30 min
  • + Long talk: 45 min


Stage discussions:
We loved the event format of BSides Zurich, where, after each talks session, speakers move to separate rooms where attendees who are interested in their talks can join them and engage in active discussions along with snacks and coffee. And this year we give all attendees chance to ask and engage with speakers as stage discussions at the same hall.
So, we have setted up some side-discussion tables where speakers and attendees can continue chatting about the talk’s topic in a more easy way.

Rookies & Mentors:
We appreciate BSides London success story for Rookie Track. The purpose of the "Rookie Track" is to give those who have not previously given a talk the opportunity to do so, whether you are a student still at university, someone who has recently made the conversion to security or someone who has been in the industry for years.
So,we have 'Rookie Track' to give you an opportunity to be speaker and mentors will be available to help during submission processes.

Topics of interest are (of course not limited to):
  • + Binary exploitation
  • + Vulnerability hunting
  • + Reverse engineering
  • + Hardware security
  • + Network security
  • + Web security
  • + Mobile security
  • + Digital forensics
  • + Applied cryptography
  • + Secure coding
  • + Fuzzing
  • + Social engineering
  • + Malware analysis
  • + Defensive and offensive strategies
  • + Wireless security
  • + Lockpicking
  • + Phishing
  • + Privacy

Review Process:
After the CfP deadline, our review board have 1 month to look over all submissions and give a score to each proposal. A rejection and an acceptance lists will be built based on the given scores.
The proposals with the highest score will move to the first batch of acceptance notice and strong rejections will be immediately sent out too.
In the next few weeks the board will start contacting the authors with the highest scores to confirm their proposals acceptance and start filling the conference program. If the accepted speaker doesn't respond, doesn't want to or can't attend anymore, the board will move on with the next highest scored proposals in the acceptance list.
Once the conference program is full, the board starts to provide feedback for the remaining submissions. We hope to manage notifying all the confirmed speakers at least 15 days before the conference date.
The final agenda and talks abstracts will be out by January 15, 2020!!!

If you have any doubt or question about the CfP, please reach out to us via email or Twitter

Program

Welcome notes and conference presentation
Location: Library Hall
Abstract:

In 2017 Egypt was one of the top countries affected by the WannaCry Ransomware, and, unfortunately, things have not gotten better. According to Trend Micro, Egypt accounts for more than a third of all ransomware attacks in North Africa. Egypt is an attractive target for ransomware cybercriminals because there are so many new business starting up, but they have limited budget for security.
This talk will review the ransomware threats, and discuss ways you can help defend your organization from ransomware, even on a tight budget. It will also provide an overview of resources you can use to better understand the threat and where to focus your limited security budget.


Location: Library Hall

Biography:

Allan Liska is an intelligence analyst at Recorded Future. Allan has more than 15 years’ experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. Allan is also one of the organizers of Bsides Bordeaux and has presented at security conferences around the world. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion.

Abstract:

The ability to block advanced threats improves each year, but we face adversaries who are determined and creative, and their techniques evolve just as quickly. This raises a few questions: When prevention fails, what do we have left to protect our organizations? How can we discover gaps as fast as possible? Having techniques in play to detect and respond to ongoing attacks quickly is as important as prevention.
Threat hunting is a critical discipline that more organizations are using to disrupt stealthy attacks before they become mega breaches. It is the active search for “unknown unknowns,” which describes new and novel attack behaviors that aren’t detected by current automated methods of prevention and detection. It is, by nature, a “hands-on-keyboard activity,” driven by humans. Just like hunting in nature, anyone can do it, but the right experience and tools can make you much more effective.


Location: Library Hall

Biography:

Mohamed Sadat is an Information Security Expert with over 10 years of experiences in financial and IT corporations. He started his career path as a red teamer engaged in many penetration test and security assessments. Then he decided to switch to blue team side continue his career path in incident handling, forensic investigation and threat hunting. His areas of experience also include risk assessment, Business constitute, Threat Modeling, designing and implementing secure infrastructure and Governance, risk and compliance (GRC).

Abstract:

Deception is an evolving effective tool that will improve detection and defense capabilities of an enterprise netwrok. It can be integrated into existing defenses to provide more visibility into the enterprise, share threat intelligence data and feed SIEM with high probability alerts.

It is highly accurate and can provide deep insight into enterprise network to detect zero days and advanced APTs.

talk will be an overview of deception technology will be presented in this talk and we will learn how to plan, build and deploy a basic deception framework using free and open source tools.


Location: Library Hall

Biography:

Abdulrahman Al-Nimari is a self motivated renowned cyber security expert and a frequent conference speaker. Al-Nimari spend his time breaking, fixing, teaching, consulting and architecting security stuff. He has more than 25 years experience, with 15 of them in cyber security concentration. He played many roles in different IT and Cyber Security fields in both public and private sectors. His specialties and areas of interests include DFIR, Penetration Testing, Cyber Security consulting and Architecting. Awarded the Arab Cyber Security Social Networks Influencer for 2019.

Abstract:

AI is the simulation of human intelligence processes by machines, especially computer systems. These processes include learning, reasoning, and self-correction. Integrating it with cyber security is beneficial because it improves how security experts analyze, study, and understand cyber-crime.
In this talk, we will discuss & explain AI and how to integrate it with cyber security to detect many types of attacks. The talk will cover many applications in cyber security in which we can apply AI to improve those applications. Finally, we will present a demo on how to build your development environment with some scripting examples.


Location: Library Hall

Biography:

Mohammad Khreesha is a cybersecurity consultant from Jordan with 13+ years of experince. Mohammad deliver workshops, talks, and trainings on cybersecurity in Jordan, UAE, Egypt, Kosovo and other countries. His research interests in digital forensics, malware analysis, web & network security and their integration with AI.
He acts as a leader for OWASP Amman chapter and he is the founder of JISCTF which is the first CTF in Jordan with more 150+ yearly participants. He has a YouTube channel in which he publishes training courses and tips in Cybersecurity field to feed the Arabic content on the internet.

Abstract:

The plague of computer security for the last 40 years has been the buffer overflow.This common vulnerability has given rise to a flood of different worms and exploits.
In this session we will explore the journey of vulnerability research.Catching crashes with fuzzing, then exploring the interesting topic of brute-forcing and symbolic execution while defeating malwares like hidden logic bombs and nasty IDA graphs.


Location: Library Hall

Biography:

Electrical Engineering student and ACM ICPC problem solver since 2016. I find my passion in reverse engineering doing malware analysis and exploitation development. True competitions team player, I’ve achieved top ranks in Egyptian CTFs as well as winning CyVentuers : the first cyber security hackathon developing anti-ransomware solution while snatching the 15K dollars funding.

Abstract:

Modern web applications is switching to serverless functions because its simple and cost effective. But serverless functions has its own concerns and vulnerabilities. We will dive into vulnerabilities and attacks and we will review the best practice to deploy serverless functions,specially Aws Lambda function from the offensive and defensive sides.


Location: Library Hall

Biography:

Developer, security evangelist and CEO & founder of Shieldfy. 13+ years of experience in web development. Worked as a developer, team leader, security consultant at many companies in Egypt, Qatar, UAE and Canada. Founded Shieldfy, a security platform for developers.

Abstract:

This talk is about insecurity of POS and fraud that can you be on. From the classic skimmer, eavesdropping, modification, and installation of third-party software to hardware tampering POS.
Talk also covers POS security features, main brands, cybercrime, methodology to POS tamper, impacted models, security countermeasures, PCI DSS, EMV, insecurity of EMV and NFC.


Location: Library Hall

Biography:

Fan of tech and cybersecurity, ISECOM OSSTMM instructor, trainer for security courses, speaker, researcher. Almost 10 years in the cybersecurity world. During recent years, he has specialized in payment systems EMV, NFC, POS, ATM. Currently, the director of R&D LATAM at Dreamlab Technologies.

Abstract:

Whether people admit or not, we are moving to the cloud. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. Security professionals need to change their mindset.

This session will try to draw the main areas of concern from Security perspective based on MITRE cloud matrix. Demos will be provided on different topics. Come and join a deep technical session with no marketing or time wasting content.


Location: Library Hall

Biography:

Ahmed Nabil has more than 17 years of experience in the field of Information Technology/Systems, Infrastructure, Project Management, Information Security, Application development/Automation, IT management and holds several professional IT certifications. Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences (Microsoft Ignite the Tour, ITCamp Cluj, CISO Africa Summit, Egypt CSCAMP, SharePoint Saturdays, CloudWeekend…..etc.) and author of several articles published in different international security magazines. Ahmed Nabil graduated in 2000 with a BS in Electrical and Control Engineering. He is currently the Global Chief Architect at one of the top Oil and Gas companies in the world. Ahmed was awarded the Microsoft Most Valuable Professional Award in Enterprise security/Cloud and Data Center Management for 7 years in row from 2013 to 2020 for his exceptional knowledge sharing and community leadership in Egypt.

Organizers

Amgad Magdy
(Co-Founder)
Ramy Sherif
Cooper
(Videographer)
Sharka
(Ambassador)
Denis Makrushin
Aya Adel
Khaled Mansour
Khaled Nasser

Sponsors

Sliver Sponsor
Bronze & Competition Sponsors
Community Sponsors
Food & Beverage By
Google Communities Partners
Community Partners

Venue




Cairo’s first technology and innovation park in the heart of Egypt.
171 Tahrir St., Bab El Louk, Ad Dawawin, Abdeen, Cairo Governorate 11513, EGYPT



Code of Conduct

BSides Cairo is dedicated to providing a harassment-free, constructive, inclusive and pleasant atmosphere for everyone. We do not tolerate harassment or discrimination of conference participants in any form.
Conference participants violating these rules may be sanctioned or expelled from the conference without a refund.
We expect participants to follow these rules at all event venues and event-related social activities. We think people should follow these rules outside event activities too!

If someone makes you or anyone else feel unsafe or unwelcome, please report it as soon as possible.
Harassment and other code of conduct violations reduce the value of our event for everyone. We want all participants to be happy at our event.
Contact a conference volunteer, identified by a volunteer shirt/lanyard, the volunteer will get one of the organisers to take your report, or you can contact an organiser directly, identified by an organiser shirt/lanyard.

Shoot Us A Message

bsidescairo [at] gmail [dot] com