Welcome to Gulf Information Security Expo & Conference (GISEC)

10:30 – 10:40

Dark Stage Moderator Remarks

Speakers

Big Hass The Master of all things cool

10:40 – 11:00

Dark Stage Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More In early September, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles. We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications. We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!

Speakers

Sam Curry Security Research & Hacker, USA

Justin Rhinehart Security Researcher, USA

11:00 – 11:20

Dark Stage Think You Cant Get Phished? Think Again. Many security professionals think they cannot be victims of a phishing email. Their hubris is their downfall. Anyone can be phished by a motivated threat actor with the proper resources, time, and patience. In this talk we will relate a phishing example in story form from an actual compromise. The “how” will shock you. The “fix"? Surprisingly simple.

Speakers

Kevin Ripa SANS Instructor, The Grayson Group of Companies, Canada

11:20 – 11:40

Dark Stage Building Cyber Resilience through Managed Detection and Response

Speakers

Bob Layton Chief Channel Officer, eSentire, USA

11:40 – 12:00

Dark Stage Autonomic Security Operations - A Future-proof Approach to Threat Management Blue teams worldwide continue to struggle against adversaries. The decades old challenges of hiring, complexity, tooling, costs, and ineffectiveness remain. We've developed Autonomic Security Operations, our approach to reimagining legacy SecOps teams, shifting towards SRE-based approaches for organizations to achieve Google scale outcomes.

Speakers

Iman Ghanizada Global Head of Autonomic Security, Google Cloud, USA

12:00 – 12:20

Dark Stage Know How: From Digital Laggard to Cyber-leader? The need for organisations to transform was driven by the pandemic with the adoption of new applications and automation. The challenge is delivering cyber resilience as the criminal gangs have transformed the way they operate, improving their evasion techniques for detection products and targeting critical infrastructure. Adopting Zero Trust segmentation is a simple way to deliver a structured approach to security. In this session we will look at some of the issues and lay out an effective approach to identifying risk and deploying preventive measures to contain an attack – limiting the spread of ransomware and breaches

Speakers

Mohannad Meri Regional Sr. Systems Engineer – META, Illumio, Jordan

12:20 – 13:00

Dark Stage Just Hacker Things with Jayson As someone who was homeless, who started in Tech almost 30 years ago. Who started in Cyber Security over 20 years ago. Who is extremely opinionated and is according to some just a little too blunt. That won’t stop him from answering every question he is asked while on the stage. If you have a burning question you want to ask a Hacker or Red Teamer or Blue Teamer or just a weirdo who has traveled to over 50 countries and loves to share what’s on his mind. Then ask away but be prepared for the answer because you might not like it.

Speakers

Jayson E.Street World class hacker & author, USA

13:00 – 13:20

Dark Stage Live Demo: Bypassing Next Generation 2FA & MFA Implementations 2FA in the 21st Century - The current stage of 2FA, how it is being used, and what was the advent of 2FA Conventional 2FA Implementations in Web and Mobile applications - How 2FA is implemented in web applications and mobile applications logically and technically Bypassing 2FA in web applications, mobile applications- Methods to bypass 2FA in web apps and mobile apps Understanding the various means of bypassing MFA, FaceID and TouchID

Speakers

Shahmeer Amir Founder, Younite, Authiun, Veiliux, Pakistan

13:20 – 13:40

Dark Stage Live Demo: Managing Ransomware and Business Email Compromise Through this session, we show the effectiveness of telemetry and logs ingested from multiple sources into a single data lake where detection can be applied using traditional techniques as well as AI/ML based detectors to improve the efficiency of your SecOps teams when conducting investigations

Speakers

Muhammed Mayet Security Architect, Secureworks, UAE

13:40 – 14:00

Dark Stage Live Demo: Zero Trust in Action Demonstration of policies and controls to strengthen your security

Speakers

Rob Allen VP of Operations EMEA, Threatlocker, Ireland

14:00 – 14:20

Dark Stage Live Hack: Smart devices are not always safe Learn how to protect your smart devices by taking full control

Speakers

Joseph Elias Risk Advisory – Cyber Assistant Manager, Deloitte, UAE

Lamis Yousef Risk Advisory – Cyber Assistant Manager, Deloitte, UAE

14:20 – 14:40

Dark Stage Live Hack: How does your Email Security Tools Make you Vulnerable to Major Vulnerabilities that Require no Interaction Many big corporations and vendors these days are using email protection services. The logic behind these tools is to inspect any incoming links that are sent to the organization, check their legitimacy through web sandbox tools (such as Urlscan.io), and then if it’s whitelisted, let the email go. However - when the service requests the link, which often can be internal invites or sensitive information with the tokens and the UUID within the query param, it can disclose secrets which are being indexed on Urlscan.io, and allows anyone all over the world to expose

Speakers

Gal Nagli No 1 Hacker at HackerOne, Israel

14:40 – 15:00

Dark Stage Live Demo: Identifying the First Checkup for Vulnerabilities Spotting "injections" and how to mitigate vulnerabilities. This session will showcase an overview of techniques

Speakers

Ilkin Javadov Penetration Tester & Ethical Hacker, Azerbaijan

15:00 – 15:20

Dark Stage Live Hack: Corporate Espionage via a Malware Free Attack A phishing email attack with a malicious URL that will leverage a JAVA exploit to gain remote access to a targeted endpoint. With the hands-on keyboard, we will execute a LOTL (Living off the Land) attack by using the trusted tools, to download our espionage tools, record a confidential conversation next to the target and exfiltrate the recorded session to our C2C server.

Speakers

Philippe Farhat Corporate SE, META , Crowdstrike, UAE

15:20 – 15:40

Dark Stage Just say No to Ransomware You can cut off attackers at point with quality threat defense, but does layering defenses trade off performance? How can you secure data as part of an overall defense-in-depth strategy? How to devise a simpler and more effective threat defense? Find out here

Speakers

Ahmad Abou Zaher Senior Solutions Engineer, Cloudflare, UAE

15:40 – 16:00

Dark Stage Live Hack: Re-Discovering Code Review in Bug Hunting Presenting source code extraction and code review for vulnerabilities in an Electron/React Native desktop application to demonstrate the ability of hackers to introspect and debug code easily with modern dev tool chains

Speakers

Eugene Lim White Hat Hacking && DevSecOps, GovTech Singapore

16:00 – 16:20

Dark Stage Society's comfort with AI-Driven Orchestration

Speakers

Omar Zarabi President & CEO - Port53, USA

16:20 – 16:40

Dark Stage Live Hack: Till REcollapse: Fuzzing the Web for Mysterious Bugs It all starts with unexpected input. Most modern complex web applications rely on regex for validation and implement input normalization. This includes but is not limited to crucial account identifiers, such as email addresses and usernames. In this talk, we will understand the REcollapse technique. It can be used to discover weirdly simple but impactful vulnerabilities in hardened targets. You''ll see real-world examples and a live demo on how to leverage the tool to uncover new bypasses for web applications and firewalls.

Speakers

André Baptista Ethical Hacker and Professor, Portugal

16:40 – 16:50

Dark Stage Closing Remarks

10:40 – 10:50

Dark Stage Moderator Remarks

Speakers

Big Hass The Master of all things cool

10:50 – 11:10

Dark Stage Live Hack: Dangers of USB Attack Surface

Speakers

Remesh Ramachandran CISO, Security Researcher, Zambia

11:10 – 11:30

Dark Stage Live Demo: Hunt for Ransomware & Recovery and Signs of Compromise Ransomware has rapidly evolved from being simple commodity malware affecting individual computer users to an enterprise threat that is severely impacting industries and government institutions. This demonstration will explain different activities that attackers might use to encounter a ransomware and how SOC defenders can hunt for such activities, investigate, and automate response (triage) to recover from ransomware post-incident activities) using the latest security research and advanced analytics platforms

Speakers

Hesham Saad Sr. Global Cybersecurity Technical Specialist - EMEA, Microsoft, United Arab Emirates

11:30 – 11:50

Dark Stage Stopping Credential Theft using AI

Speakers

Sameh Sabry Regional Director, Middle East, and Africa, Conceal, UAE

11:50 – 12:10

Dark Stage Live Demo: Pandora's Box of Digital Financial Inclusivity in Africa The African financial landscape is highly dependent on a unique model of mobile banking. This model is great for financial inclusivity but it brings with it higher-than-usual digital and cyber risks. Godfrey Magila will simulate how we get into the mindset of the African hacker and ensure that all the touch points are secure for the financial institutions, the end user and everything in between

Speakers

Godfrey Magila Global CEO, Magilatech, UAE

12:10 – 12:40

Dark Stage Live Demo of Fault Injection

Speakers

Joe Grand Tech wizard, author, Joe “Kingpin” Grand a legend in the cyber

12:40 – 13:00

Dark Stage Live Demo: You Only Live Twice: From 0 to Adversary-Generated Threat Intel in 300 Seconds •Gone are the days of third-party, generic threat intel’s utility, if they ever existed—generating your own threat intelligence is not only possible but essential
•Creating a deception network in real-time based on various weaknesses, from a recent Confluence exploit to Apache spark to weak credentials in Linux and Windows machines
•Alive demo of how connecting a vulnerable computer to the internet results in immediate attacks online—watch as threat actors enter the network and their actions are dissected in real time

Speakers

David Barroso CEO and Founder, CounterCraft, Spain

13:00 – 13:20

Dark Stage Ransomware Impacting OT and How to go About It Targeted and supply chain ransomware is the new normal - high-stakes extortion using sophisticated, nation-state attack techniques. Increasingly, ransomware impacts physical operations and cause sometimes long-lasting OT production shutdowns. In this session we look at the three ways ransomware can cause OT shutdowns, with real-world examples. We will also look at how secure sites deal with this new threat.

Speakers

Naoufal Kerboute Regional Director – Middle East, Turkey & North Africa, Waterfall Security

13:20 – 13:40

Dark Stage Live Hack: Augmented Security Testing Security testing has relied on scanners for decades. But are they enough? Human augmented security testing has evolved beyond the penetration test of 10 years ago. Now the talent, data, speed and scalability are better than ever before. See how augmented security testing can make your organization safer than ever before.

Speakers

Jay Kaplan Co-Founder, CEO, Synack, USA

Alex Tugatijian Customer Success Manager, Synack

Nikhil Srivastava Synack Red Team Legend, Synack, India

13:40 – 14:00

Dark Stage Live Hack: Automating Security Validation to Manage Exposure and Reduce Risk Watch a live ethical attack using Automated Security Validation technology and learn how organizations today stay one step ahead of the adversary and can reduce exposure with a click of a button

Speakers

Hardeep Singh Lead Security Consultant, Pentera, UAE

14:00 – 14:20

Dark Stage Evasive file threats

Speakers

Michael Tal Technical Director, Votiro, Israel

14:20 – 14:40

Dark Stage The Limitations of Legacy, The Possibilities of the Disruptors, and the Aspiration for Evolution As they embark on their digital transformation journey and increase proliferation of their digital assets, a med-size enterprise is faced with the reality of having more than 250 million events a day in their environment. Legacy cyber defense programs are not geared to deal with, sieve through, analyze and triage along with having a timely and effective response to achieve cyber resilience.Without the power of automation and machine learning, the fight against cyber threats is deemed lost. Cyber resilience is about the enterprise ability to effectively monitor, detect, respond to and recover from cyber threats and now should be done at predominantly by machines at machine speed

Speakers

Tarek Ghoul Founder & CEO, Coordinates ME, a GBM Company, UAE

14:40 – 15:00

Dark Stage Cyber-Espionage Campaign Targeting Companies in the Middle East Investigating a malicious campaign involving the abuse of binaries vulnerable to side-loading, targeting the Middle East. We’ll explore how a ProxyShell has been used to exploit a vulnerability on an Exchange Server

Speakers

Liviu Petre Solutions Architect, Bitdefender, Romania

15:00 – 15:20

Dark Stage No Password, No Problem: The Future of Authentication in a Threatening World As cyber threats continue to loom, the need for stronger authentication in the digital landscape is more important than ever. In "No Password, No Problem: The Future of Authentication in a Threatening World," we'll dive into the benefits and drawbacks of password-based authentication, and explore how password-less authentication is emerging as the future of secure and convenient access. From biometric authentication to token-based solutions, we'll examine the latest trends and innovations in authentication, and how they can help protect against the ever-evolving threats of the modern world. Join us for an engaging and thought-provoking discussion on the future of authentication and why it matters for individuals, businesses, and society as a whole.

Speakers

Rami Kayyali Chief Technology Officer, The Kernel, UAE

15:20 – 15:40

Dark Stage Best Practices for Securely Replicating PI System Data Across Segmented Networks Many critical infrastructure organizations have a PI system within their OT network to monitor asset values, archived and historical data, as well as digital state tables. The data living in the PI system needs to be transferred to an external network for remote monitoring and analytics. However, to prevent unwanted threats from entering secure OT networks, many organizations have completely isolated their OT network from external connections, introducing a challenge when it comes to sharing data between two networks at differing security levels. Join us as we discuss best practices for securely transferring PI data one-way out of OT to an IT network, the cloud, or any other network for remote monitoring, without introducing risk.

Speakers

Mark Toussaint Senior Product Manager, Owl Cyber Defense, USA

Kris Voorspoels Cross Doman Solution Architect, Owl Cyber Defense, UAE

15:40 – 16:00

Dark Stage The Dark Web Threats: Shielding Your Business from Account Takeovers The risk of the dark web but from a corporate perspective, not individuals, and how big corporates got hacked because of dark web leaks, "account takeover attacks,". A deep dive on how to prevent it.

Speakers

Youssef Mohamed CTO, Buguard, Egypt

16:00 – 16:20

Dark Stage Live Demo: TACE: Taint Assisted Concolic Execution. Software defects are ubiquitous. Since these defects may expose the software to a plethora of vulnerabilities, these must be identified in time. Symbolic and concolic executions (symbex) are popular software testing approaches to detect these defects. However, they are inherently slow and incur high-performance overhead. Thus, despite their tremendous potential, their application in solving critical problems in software analyses is limited. Several improvements on symbex, such as SymCc and SymQemu, move the constraint collection to compile time, thus, offering a better execution speed. However, a solution to the constraint bloating problem remains elusive in the existing techniques. We present TACE (Taint Assisted Concolic Execution) that combines the recent advancement in symbex and taint flow analysis to debloat the constraints by selecting the constraints relevant to the target branch in terms of the shared tainted variables. With the order of magnitude improvement, TACE demonstrates a significant edge over existing tools in detecting defects in real-world libraries

Speakers

Mthandazo Ndhlovu Security Researcher, The Artificial Intelligence and Digital Science Research Center, Technology Innovation Institute, UAE

Ridhi Jain Researcher, The Artificial Intelligence and Digital Science Research Center, Technology Innovation Institute, UAE

16:20 – 16:40

Dark Stage A.I. is the new black: how will ChatGPT influence corporate cybersecurity? Understanding how ChatGPT currently influences the cyber threats landscape, where cyber criminals use it, and will it be effective? Whether this is a real game changer for the industry and, in particular Security Operation Centers (SOCs)?Exploring the potential benefits of using ChatGPT in in the field of defensive cybersecurity (threat hunting and malware analysis) and shareing Proof-of-Concept tool to use in threat detection use cases

Speakers

Maher Yamout Senior Security Researcher Kaspersky, UAE

Victor Sergeev Incident Response Team Lead, Kaspersky, UAE

16:40 – 17:00

Dark Stage Live Demo Session SSRF: Beating Deny/Blacklists For Profit

Speakers

Thomas Devoss Ethical Hacker, USA

17:00 – 17:00

Dark Stage

10:30 – 10:30

DARK STAGE Moderator Remarks DARK STAGE

Speakers

Big Hass Radio Host Pulse 95 FM UAE

10:30 – 10:50

DARK STAGE Exploit research of World''s Largest Coffeehouse Chain DARK STAGE One thing is enjoying eating and drinking coffee and the other is actually hacking these retails stores. This sssion takes us into a deep dive into how Walid found the RCE, what kind of research was involved, what kind of tools aided in that, how does the Oracle retail system work and how the exploit was developed.

Speakers

Walid Faour Penetration Testing Lead Alshaya Group United Arab Emirates

10:50 – 11:10

DARK STAGE Crypto Heist through Web2 DARK STAGE Let''s explore two critical web2 vulnerabilities that could lead to transfer of funds in crypto wallets. This 20-minute talk aims to raise awareness and provide insights to fortify your web32 solution against web2 attacks.

Speakers

Dimitris Pallis Ethical Hacker Greece

11:10 – 11:30

DARK STAGE A Look into the Future: The Role of AI in Cybersecurity Operations DARK STAGE AI is revolutionizing cybersecurity, empowering defenders while posing new risks in the hands of attackers. Join cybersecurity expert Paula Januszkiewicz to explore AI's dual role, from enhancing threat detection to automating hacking techniques. Learn about evolving threats like phishing attacks and biometric manipulation, and prepare for the challenges ahead.

Speakers

Paula Januszkiewicz Founder & CEO CQURE Poland

11:30 – 11:30

DARK STAGE Starship Secrets of the Modern Security Program DARK STAGE In the age of uncountable security offerings from vendors and consultants, what essentials actually matter? At the end of the day, risk reduction for compliance''s sake should not simply be a series of boxes to check; dealing with the underlying root causes of security issues will inevitably lead you to the Promised Land. In this talk, we will bypass the mountains of snake oil in the security industry and focus on the absolute prerequisites of a successful security apparatus.

Speakers

Bryce Case Jr Hacker, Rapper, Entrepreneur, USA

11:50 – 12:10

DARK STAGE Drip, Drip, Drop: Confronting Data Attacks in ICS/OT systems DARK STAGE Environments that leverage Industrial Control Systems (ICS) or Operational Technology (OT) infrastructure are not impervious to data attacks or breaches that contaminate data sources. In industrial systems, system and data integrity are inherently connected to process safety, with the potential to impact human life and the environment directly. Therefore, within the industry, this aspect holds a top-tier priority. This talk will cover various data sources and attacks on data, including data sources used for AI/ML processing. The focus will be on how to confront and mitigate these data attacks in ICS/OT environments.

Speakers

Michael Hoffman SANS Certified instructor SANS Institute

12:10 – 12:30

DARK STAGE Cyber Resilience in the Cloud: A Live Ethical Cloud Attack DARK STAGE As we’ve shifted to the cloud, we’ve exposed ourselves to new security risks that can’t be ignored. Join Hardeep Singh, Pentera Sr. Security Engineer, as he demonstrates a live ethical attack on the Cloud. Learn how Automated Security Validation removes assumptions and ensures cyber resilience across your entire attack surface, including the Cloud.

Speakers

Hardeep Singh Senior Security Architect Pentera UAE

12:30 – 13:00

DARK STAGE The Dark Side of AI - How Hackers use AI & Deepfakes DARK STAGE Mark will take you on a journey to the Dark side of AI. More than 90 % of cyber attacks are caused by human error and AI changes the nature of attacks. How do cybercriminals use Chat GPT, Worm GPT and Deepfakes? What should we do to protect ourselves? Can we use AI to fight back? Mark has met and anonymously interviewed hackers to understand the inside perspective. Get an exciting and rare insight into the Dark Side of AI.

Speakers

Mark T. Hofmann International Profiling-Expert Germany

13:00 – 13:20

DARK STAGE Artificial Intelligence (AI) for C4ISR - Power of Context DARK STAGE Resecurity implements Artificial Intelligence to empower military intelligence and defense agencies with unparalleled insights into emerging threats and security challenges using advanced analytics.

Resecurity''s implementation of artificial intelligence for C4ISR represents a significant leap forward in the field of national security. With Context AI, defense agencies have access to a powerful tool that not only enhances operational effectiveness and cost efficiency but also addresses the inherent challenges associated with AI-generated intelligence.

Speakers

Ahmad Halabi Managing Director Resecurity UAE

13:20 – 13:40

DARK STAGE Critical Infrastructure when physical risk becomes virtual DARK STAGE Physical access remains the number 1 risk for Critical Infrastructure today. The session aims to delve deeper into how accidental insider becomes the pawn of the threat actor to compromise the CI capability through methods like deep fake.

Speakers

Stevo Cvetkovic Managing Director ITSec Australia

13:40 – 14:00

DARK STAGE Defending Your Cloud: Practical Insights from Nation-State Attacks & AI-Powered Security DARK STAGE Dive into the principles of layered cloud security, drawing insights from real-world nation-state attacks. Discover how generative AI can enhance threat detection and response. Witness practical demonstrations of effective ransomware mitigation techniques.

Speakers

Thomas Philip Maurer Head of Security & Compliance Middle East, Turkey, Africa, Google, UAE

14:00 – 14:20

DARK STAGE Meta Bug Bounty Program - Researcher’s Side DARK STAGE In this talk, we will delve into the Meta Bug Bounty program and demonstrate live hacking scenarios. Attendees will gain insights into Meta API requests (specifically Facebook GraphQL) and witness live demonstrations and scenarios using the Facebook mobile and web application.

Speakers

Bassem Bazzoun Security Researcher Meta Lebanon

14:20 – 14:40

DARK STAGE Mobile phishing in action! DARK STAGE In 2023, modern attacks directly targeting mobile phones or cloud services were detected in almost 71% of data leaks. These attacks are highly effective because they only use legitimate tools (MFA, O365, Google, etc.) and target users directly, without any malicious payload. We're going to look at these threats, which are real but very difficult to detect, and explain how mobile phishing kits are created, with an accurate demo. authentication protection.

Speakers

Bastien Bobe Field CTO Lookout

14:40 – 15:00

DARK STAGE Cyber Mirage: How Artificial Intelligence is Shaping the Future of Social Engineering DARK STAGE AI''s emergence has reshaped social engineering, spawning AI-powered threats. In a recent case in Hong Kong, scammers used deepfake and voice-cloning tech to steal $25 million. This talk showcases AI''s ability to create convincing deepfakes and voice clones, emphasizing the need for robust defense mechanisms against these evolving threats.

Speakers

Brandon Kovacs Senior Red Team Operator US

15:00 – 15:20

DARK STAGE Bytes and Knights: Armoring Up in the Age of Hack Attacks DARK STAGE An exhilarating session where bytes meet knights in the ongoing battle against hack attacks. Arm yourself with knowledge, resilience, and the tools needed to defend against the ever-present digital adversaries. We will delve into top attack techniques used by hackers to gain access to sensitive information and resources. Our knights will demonstrate real-world exploits, showcasing the critical security flaws that every organization and user must be aware of, and help you choose the right set of solutions to fortify your defenses.

Speakers

Anirban Mukherji Founder & CEO miniOrange India

Pratish Ray Head of IDP Technology & Principle Software Engineer miniOrange India

15:20 – 15:40

DARK STAGE Phishing-as-a-Service: Unmasking the New Financial Cyber Threat DARK STAGE As cyber threats continue to evolve, a concerning trend has emerged – the rise of "Phishing-as-a-Service" (PaaS). This session delves into the intricacies of this new financial cyber threat, exploring how threat actors are leveraging sophisticated services to conduct targeted phishing campaigns. Attendees will gain insights into the mechanics of PaaS, its impact on financial institutions, and effective strategies to counteract this growing menace.

Speakers

Dr. Deepak Kumar Sr. Cyber Intelligence & Digital Forensics Expert India

15:40 – 16:00

DARK STAGE If I don't know you, how can I trust you? DARK STAGE Let's talk about identity, governance, and what it means to "trust" in a dangerous zero-trust world. In this talk you'll learn the common threats, the challenges of protecting against them, and how to keep your digital doors locked tight.

Speakers

Rami Kayyali Chief Technology Officer & Regional Director The Kernel

16:00 – 17:00

DARK STAGE Ask the Hackers - First time @GISEC Dark Stage DARK STAGE Have you wondered what is on the mind of a hacker while they conduct a cyber-attack? Are you curious to know what motivates these hackers, what are the strategies they use? In this session, some of world’s top ethical hackers will answer everything you''ve ever wanted to know. Come ready with your questions and ask these hackers yourself and decode some exciting stories of their journey, learn their strategies, take a sneak peek into a hacker’s life.

Moderator

Big Hass Master of all Things Cool UAE

Speakers

Bryce Case Jr Hacker, Rapper, Entrepreneur, USA

Dimitris Pallis Ethical Hacker Greece

Dhruv Bisani Head of Red/Purple Team Starling Bank UK

Brandon Kovacs Senior Red Team Operator US

Judy Ngure Advisory Board Member CyberSafe Foundation Kenya

17:00 – 17:00

DARK STAGE Close DARK STAGE

10:30 – 10:30

DARK STAGE MC Remarks DARK STAGE

Moderator

Big Hass Master of all Things Cool UAE

10:30 – 10:50

DARK STAGE Hidden in Plain Sight: Exploiting Legitimate Services to Evade Email Security DARK STAGE In cybersecurity, phishing attacks persist despite advanced defenses like SPF and DMARC. Join us to learn how attackers exploit legitimate services to bypass email security, with real-world examples and strategies to mitigate risks.

Speakers

Dhruv Bisani Head of Red/Purple Team Starling Bank UK

10:50 – 11:10

DARK STAGE Unlock Secrets of the Dark Web with a Former US Secret Service Agent DARK STAGE You’ve heard the stories, read the news articles, and seen the movies. The shadowy underground economy, the enigmatic deep and dark web, and the mysterious figures who operate online are only known by their aliases. But how often do you have the chance to hear from a former US Secret Service Agent? An Agent who delved deep into the underbelly, becoming a player in the clandestine world of the underground economy. Now is your chance to hear how pivotal intelligence is and how using intelligence helped bring focus to an operation. The delicate art of moving from a digital online world into the physical realm. Learn how international operations peeled back the layers that hide the identity of illegal online operators. It's time to uncover the truth behind the veiled world of cyber intrigue.

Speakers

Richard K. LaTulip Field Chief Information Security Officer Recorded Future US

11:10 – 11:30

DARK STAGE Unlocking the Maze: A Simple tale of navigating the Identity Access Management and Governance Puzzle DARK STAGE

Speakers

Prasanth Prasad Spire Solutions UAE

11:30 – 11:50

DARK STAGE I Can Steal Your Sh1t DARK STAGE Most people switch off when someone starts talking about cyber security. In the time it takes you to read this synopsis, two small businesses will be successfully hacked in the UK. And yet, you still probably won’t do anything about it, because where do you even begin? If you dare to join the audience, Paul will steal your information in front of your eyes – and then he will point you in the right direction to do something about it.

Speakers

Paul Newton Mind Reader, Hypnotist, and Magician MentalTheft UK

11:50 – 12:10

DARK STAGE Fortifying Defenses Against AI-Powered Cyber Threats: Embracing Zero Trust Protection Strategies DARK STAGE As AI-driven cyber threats surge, this session explores the evolving landscape of attacks, emphasizing the need for robust defenses. From initial incursion to exfiltration, we delve into pivotal intervention moments and discuss zero trust strategies, resilient architectures, and more. Join to navigate the cybersecurity battlefield in the age of AI.

Speakers

Bahi Hour Sr. Director of Solution Engineering Xage Security, Inc. US

12:10 – 12:30

DARK STAGE AI powered Email Security DARK STAGE In an era where digital threats evolve with alarming speed, traditional cybersecurity measures often find themselves outpaced by sophisticated phishing schemes. Anxinsec, presents a compelling narrative on the role AI plays in identifying and neutralizing phishing emails and showcases how AI powered solutions can offer a formidable counter measure. The presentation will also address the challenges and ethical considerations inherent in deploying AI for security purposes. Questions around data privacy, the potential for false positives, and the ethical use of AI in monitoring communications are examined, offering a holistic view of the technological and moral landscape.

Speakers

Himesh Madhusoodanan Director of Products and Technology Anxinsec UAE

12:30 – 12:00

DARK STAGE Unleashing Generative AI 'demon' DARK STAGE Delve into the unsettling realm of AI-generated art. This session explores the darker facets of AI creativity, including the uncanny valley effect, intentionally disturbing creations, and the ethical implications therein. Uncover AI''s potential to manipulate appearances, inviting reflection on the consequences and ethical considerations surrounding disturbing AI art.

Speakers

Minh Hieu Ngo Reformed fraudster who single handedly stole personal data of 200 million U.S. citizens Vietnam

13:00 – 13:20

DARK STAGE Defending AI Attack Surface with Crowdsourced Testing DARK STAGE Crowdsourcing brings up to hundreds of fresh eyes to risk reduction tasks, counterbalancing the massive number of threat actors inspecting the attack surface. It also provides access to virtually any skill set, augmenting security teams on demand for red teaming, pen testing, bug bounty engagements, and vulnerability disclosure programs. This session offers an overview of the emergent AI Attack Surface, and why crowdsourcing is the right solution at the right time for AI Safety.

Speakers

Kevin Kersley Client Director - Middle East and Africa BUGCROWD Australia

13:20 – 13:40

DARK STAGE How profoundly do you investigate hackers network infrastructure? DARK STAGE One part of the threat intelligence process is investigating the hackers network infrastructure. The data that you will receive after this process depends on the sources and methods you use. We are used to seeing that the hackers network infrastructure consists of IP addresses, domains, and URLs. It looks like the general ingredients for IOC feeds, and they usually appear after reactive investigations. But there is more. For example, hackers are able to use popular public services such as clouds, messengers, and code storage as a control server for their malware. From one side, there is no opportunity to add these services as IOCs to your feed because they will generate false alarms. On the other hand, it gives additional context for threat intelligence to establish all aspects of an attack. In my presentation, I am going to talk about proactive detection of the hackers network infrastructure and how to use the disadvantages of using public services by hackers.

Speakers

Denis Kuvshinov Head of Threat Intelligence Positive Technologies Russia

13:40 – 14:00

DARK STAGE Weaponising AI for Cyber Attacks & Offensive Operations DARK STAGE Exploring how Generative AI is now being incorporated into Cyber Attack to decrease the level of effort and sophistication required from threat actors to compromise systems and payment services. How easy is it for us to replicate these attacks to steal Gold; Print money or disrupt the global economy? How can we incorporate Generative AI into Offensive Operations for a threat driven defence.

Speakers

Manit Sahib Offensive Security Lead Global Fund, United Nations UK

14:00 – 14:20

DARK STAGE Weaponizing Intel for Offensive Operations DARK STAGE Intelligence analysis has been the core foundation of protecting countries, nation-states' interests, military, governments and different organizations. Following the famous proverb "The best defence is a good offence", this talk will cover, through case studies, how a Red Team can leverage threat intelligence to lead and win Adversary Simulation Operations to counter the bad guys before they get in.

Speakers

Saurabh Harit Practice Lead, Red Team Google FZ LLC UAE

Hatem Mohamed Senior Red Team Consultant Google FZ LLC UAE

14:20 – 14:40

DARK STAGE The Rise of Hacktivism During Tension DARK STAGE Join Group-IB for a compelling exploration of "The Rise of Hacktivism During Tension," as we delve into the intersection of cyber activism and societal unrest. Against the backdrop of escalating global tensions, this session offers a unique perspective on the evolving landscape of hacktivism and its implications for cybersecurity and geopolitics.

Speakers

Ivan Pisarev Head of Threat Intelligence MEA, Group IB

14:40 – 15:00

DARK STAGE Financial Application Security: Detecting and Preventing IDOR Attacks DARK STAGE

Speakers

Ilkin Javadov Senior Penetration Tester & Ethical Hacker Azerbaijan

15:00 – 15:20

DARK STAGE THINK YOU CAN’T GET PHISHED? THINK AGAIN… DARK STAGE Many presentations TALK about hacking and compromise, but how many of them actually DEMONSTRATE one? This one does. This will show attendees how simple such an endeavour can be, and more importantly, how easy it is to fall victim to one. In this talk we will first dissect an actual phishing attempt. We will then view it LIVE from the hacker side of the computer!

Speakers

Kevin James Ripa Senior instructor SANS Institute

15:20 – 15:40

DARK STAGE SDR Hacking of Radiowaves: Risks and Mitigation Strategies DARK STAGE Software-defined radio (SDR) technology has revolutionized the way we interact with wireless communication systems. However, this technology has also opened up new avenues for hackers to exploit vulnerabilities in radio systems. In this presentation, we will explore the risks associated with SDR hacking of radiowaves, including eavesdropping, payload extraction and replay attacks. We will also discuss the various mitigation strategies that can be employed to protect against these attacks, including encryption and signal modulation techniques. By the end of this presentation, you will have a better understanding of the potential risks associated with SDR hacking of radiowaves, and the steps you can take to protect your wireless communication systems.

Speakers

Ivan Glinkin Cyber Team Deloitte ME UAE

Kirill Bureev Cyber Team Deloitte ME UAE

15:40 – 16:00

DARK STAGE The Artistry of Account Hijacking and the Ballet of Bank OTP Bypass Scams DARK STAGE High-stakes exploration of authentication bypass, where live demonstrations reveal vulnerabilities in active websites. Witness potential consequences – from data breaches to privacy violations – and gain actionable insights into resilient mitigations. Join for practical solutions and a firsthand look at the dynamic authentication security landscape.

Speakers

Sankarraj Subramanian Cybersecurity Expert India

16:00 – 17:00

Moderator

Big Hass Master of all Things Cool UAE

Speakers

Alina Tan Ethical Hacker Singapore

Minh Hieu Ngo Reformed fraudster who single handedly stole personal data of 200 million U.S. citizens Vietnam

Sankarraj Subramanian Cybersecurity Expert India

David Colombo Tesla Hacker Germany

17:00 – 17:00

DARK STAGE Close DARK STAGE

10:30 – 10:30

INSPIRE [WOMEN IN CYBERSECURITY] MC Remarks DARK STAGE

Speakers

Big Hass Radio Host Pulse 95 FM UAE

10:30 – 10:50

INSPIRE [WOMEN IN CYBERSECURITY] TED Talk Movie Style session DARK STAGE Decrypt or Destruction? Staring into the heart of a ransomware incident

Embark into the heart of a ransomware incident. Uncover the strategies employed by the cyber criminal group, and witness the customer''s response to this digital threat. The pivotal question awaits: Would the outcome remain unchanged with the incorporation of AI? Join us in uncovering the untold possibilities, just bring the popcorn along!

Speakers

Katerina Tasiopoulou CEO Exelasis United Kingdom

10:50 – 11:10

INSPIRE [WOMEN IN CYBERSECURITY] Analysis of an in-vehicular network from the perspective of a test bench DARK STAGE Car manufacturers redefine driving experiences with Connected Vehicles, integrating extensive features for communication with external devices and wireless infrastructure. Alina discusses building a prototype test bench for vehicle CAN bus testing, introducing new protocols and explaining vehicle architecture, features, vulnerabilities, and learning points with challenges.

Speakers

Alina Tan Ethical Hacker Singapore

11:10 – 11:30

INSPIRE [WOMEN IN CYBERSECURITY] Open Banking scares customers, but they still want what APIs can deliver DARK STAGE This exciting session covers fintech asset protection, API and Open Banking security, blockchain security, secure payment technologies, and cyber attack case studies.

Speakers

Judy Ngure Advisory Board Member CyberSafe Foundation Kenya

11:30 – 11:50

INSPIRE [WOMEN IN CYBERSECURITY] Security Professional or Easy Target? DARK STAGE Security professionals constantly seek the latest threats, breaches, and defenses across all industries, but this pursuit raises concerns about divulging too much information. Join Valerie for insights and strategies to safeguard against unnecessary risks.

Speakers

Valerie Thomas Independent Cybersecurity Consultant US

11:50 – 12:20

INSPIRE [WOMEN IN CYBERSECURITY] Ask the Hacker - First time @GISEC Inspire Stage DARK STAGE Have you wondered what is on the mind of a hacker while they conduct a cyber-attack? Are you curious to know what motivates these hackers, what are the strategies they use? In this session, some of world’s top ethical hackers will answer everything you've ever wanted to know. Come ready with your questions and ask these hackers yourself and decode some exciting stories of their journey, learn their strategies, take a sneak peek into a hacker’s life.

Moderator

Big Hass Master of all Things Cool UAE

Speakers

Judy Ngure Advisory Board Member CyberSafe Foundation Kenya

Valerie Thomas Independent Cybersecurity Consultant US

Alina Tan Ethical Hacker Singapore

12:20 – 12:50

DARK STAGE Panel Discussion: Women & Cybersecurity: Redefining Risk and Representation DARK STAGE The International Telecommunication Union (ITU) presents a thought-provoking session highlighting the unique challenges faced by women in cybersecurity. The session will explore the dual vulnerability and underrepresentation of women in the field, and delve into the disproportionate impact of online risks, while uncovering the persistent barriers hindering women's participation. The session will showcase current global and regional initiatives aimed at skilling women in the cyber workforce, featuring initiatives from the ITU and Women in Cybersecurity Middle East.

Moderator

Heide Young Founding Partner & Board Member Women in Cyber Security Middle East (WiCSME)

Speakers

Yasmine Idrissi Azzouzi Cybersecurity Programme Officer ITU Switzerland

Dr. Reem AlShammari CyberSecurity and Technology Thought Leader Energy Sector Kuwait

Alya Al-Saadi Cybercrime Programme Coordinator INTERPOL

12:50 – 13:05

INSPIRE [WOMEN IN CYBERSECURITY] Empowering the workforce: DCIPark CISO Executive Program DARK STAGE

Speakers

Moaza Majed Project Manager DESC - Dubai Cyber Innovation Park (DCIPark)

13:05 – 13:20

INSPIRE [WOMEN IN CYBERSECURITY] Navigating the New Era of Cyber Threats: Leveraging AI for Enhanced Cybersecurity DARK STAGE Discover how AI revolutionizes cybersecurity in this session as we explore AI's role in proactive threat detection and response, equipping organizations to thrive in today's dynamic threat landscape.

Speakers

Dr. Hoda A.Alkhzaimi Co-Chair for Global Future Council for Cybersecurity UAE