10:30 – 10:40
Dark Stage   Moderator Remarks
Speakers

Big Hass The Master of all things cool

10:40 – 11:00
Dark Stage   Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More In early September, we made it our goal to find as many vulnerabilities in as many car companies as possible. Over the next few months, we were able to remotely start/stop, lock/unlock, flash lights, open trunks, and honk the horns of all smart-enabled Toyota, Nissan, Infiniti, Genesis, Honda, Accura, and Lexus vehicles. We gained intimate access to the internal networks of BMW and Mercedes-Benz, being authorized as fully permissioned SSO users with access to dealer portals, Github, Slack, and hundreds of mission critical applications. We found systemic access control vulnerabilities affecting telematic and fleet-management companies, allowing us to dispatch and track police cars, ambulances, and truckers. Join us as we discuss our findings as web hackers attempting to hack the auto industry!
Speakers

Sam Curry Security Research & Hacker, USA

Justin Rhinehart Security Researcher, USA

11:00 – 11:20
Dark Stage   Think You Cant Get Phished? Think Again. Many security professionals think they cannot be victims of a phishing email. Their hubris is their downfall. Anyone can be phished by a motivated threat actor with the proper resources, time, and patience. In this talk we will relate a phishing example in story form from an actual compromise. The “how” will shock you. The “fix"? Surprisingly simple.
Speakers

Kevin Ripa SANS Instructor, The Grayson Group of Companies, Canada

11:20 – 11:40
Dark Stage   Building Cyber Resilience through Managed Detection and Response
Speakers

Bob Layton Chief Channel Officer, eSentire, USA

11:40 – 12:00
Dark Stage   Autonomic Security Operations - A Future-proof Approach to Threat Management Blue teams worldwide continue to struggle against adversaries. The decades old challenges of hiring, complexity, tooling, costs, and ineffectiveness remain. We've developed Autonomic Security Operations, our approach to reimagining legacy SecOps teams, shifting towards SRE-based approaches for organizations to achieve Google scale outcomes.
Speakers

Iman Ghanizada Global Head of Autonomic Security, Google Cloud, USA

12:00 – 12:20
Dark Stage   Know How: From Digital Laggard to Cyber-leader? The need for organisations to transform was driven by the pandemic with the adoption of new applications and automation. The challenge is delivering cyber resilience as the criminal gangs have transformed the way they operate, improving their evasion techniques for detection products and targeting critical infrastructure. Adopting Zero Trust segmentation is a simple way to deliver a structured approach to security. In this session we will look at some of the issues and lay out an effective approach to identifying risk and deploying preventive measures to contain an attack – limiting the spread of ransomware and breaches
Speakers

Mohannad Meri Regional Sr. Systems Engineer – META, Illumio, Jordan

12:20 – 13:00
Dark Stage   Just Hacker Things with Jayson As someone who was homeless, who started in Tech almost 30 years ago. Who started in Cyber Security over 20 years ago. Who is extremely opinionated and is according to some just a little too blunt. That won’t stop him from answering every question he is asked while on the stage. If you have a burning question you want to ask a Hacker or Red Teamer or Blue Teamer or just a weirdo who has traveled to over 50 countries and loves to share what’s on his mind. Then ask away but be prepared for the answer because you might not like it.
Speakers

Jayson E.Street World class hacker & author, USA

13:00 – 13:20
Dark Stage   Live Demo: Bypassing Next Generation 2FA & MFA Implementations 2FA in the 21st Century - The current stage of 2FA, how it is being used, and what was the advent of 2FA Conventional 2FA Implementations in Web and Mobile applications - How 2FA is implemented in web applications and mobile applications logically and technically Bypassing 2FA in web applications, mobile applications- Methods to bypass 2FA in web apps and mobile apps Understanding the various means of bypassing MFA, FaceID and TouchID
Speakers

Shahmeer Amir Founder, Younite, Authiun, Veiliux, Pakistan

13:20 – 13:40
Dark Stage   Live Demo: Managing Ransomware and Business Email Compromise Through this session, we show the effectiveness of telemetry and logs ingested from multiple sources into a single data lake where detection can be applied using traditional techniques as well as AI/ML based detectors to improve the efficiency of your SecOps teams when conducting investigations 
Speakers

Muhammed Mayet Security Architect, Secureworks, UAE

13:40 – 14:00
Dark Stage   Live Demo: Zero Trust in Action Demonstration of policies and controls to strengthen your security
Speakers

Rob Allen VP of Operations EMEA, Threatlocker, Ireland

14:00 – 14:20
Dark Stage   Live Hack: Smart devices are not always safe Learn how to protect your smart devices by taking full control
Speakers

Joseph Elias Risk Advisory – Cyber Assistant Manager, Deloitte, UAE

Lamis Yousef Risk Advisory – Cyber Assistant Manager, Deloitte, UAE

14:20 – 14:40
Dark Stage   Live Hack: How does your Email Security Tools Make you Vulnerable to Major Vulnerabilities that Require no Interaction Many big corporations and vendors these days are using email protection services. The logic behind these tools is to inspect any incoming links that are sent to the organization, check their legitimacy through web sandbox tools (such as Urlscan.io), and then if it’s whitelisted, let the email go. However - when the service requests the link, which often can be internal invites or sensitive information with the tokens and the UUID within the query param, it can disclose secrets which are being indexed on Urlscan.io, and allows anyone all over the world to expose
Speakers

Gal Nagli No 1 Hacker at HackerOne, Israel

14:40 – 15:00
Dark Stage   Live Demo: Identifying the First Checkup for Vulnerabilities Spotting "injections"  and how to mitigate vulnerabilities. This session will showcase an overview of techniques 
Speakers

Ilkin Javadov Penetration Tester & Ethical Hacker, Azerbaijan

15:00 – 15:20
Dark Stage   Live Hack: Corporate Espionage via a Malware Free Attack A phishing email attack with a malicious URL that will leverage a JAVA exploit to gain remote access to a targeted endpoint. With the hands-on keyboard, we will execute a LOTL (Living off the Land) attack by using the trusted tools, to download our espionage tools, record a confidential conversation next to the target and exfiltrate the recorded session to our C2C server.
Speakers

Philippe Farhat Corporate SE, META , Crowdstrike, UAE

15:20 – 15:40
Dark Stage   Just say No to Ransomware You can cut off attackers at point with quality threat defense, but does layering defenses trade off performance? How can you secure data as part of an overall defense-in-depth strategy? How to devise a simpler and more effective threat defense? Find out here
Speakers

Ahmad Abou Zaher Senior Solutions Engineer, Cloudflare, UAE

15:40 – 16:00
Dark Stage   Live Hack: Re-Discovering Code Review in Bug Hunting Presenting source code extraction and code review for vulnerabilities in an Electron/React Native desktop application to demonstrate the ability of hackers to introspect and debug code easily with modern dev tool chains
Speakers

Eugene Lim White Hat Hacking && DevSecOps, GovTech Singapore

16:00 – 16:20
Dark Stage   Society's comfort with AI-Driven Orchestration
Speakers

Omar Zarabi President & CEO - Port53, USA

16:20 – 16:40
Dark Stage   Live Hack: Till REcollapse: Fuzzing the Web for Mysterious Bugs It all starts with unexpected input. Most modern complex web applications rely on regex for validation and implement input normalization. This includes but is not limited to crucial account identifiers, such as email addresses and usernames. In this talk, we will understand the REcollapse technique. It can be used to discover weirdly simple but impactful vulnerabilities in hardened targets. You''ll see real-world examples and a live demo on how to leverage the tool to uncover new bypasses for web applications and firewalls.
Speakers

André Baptista Ethical Hacker and Professor, Portugal

16:40 – 16:50
Dark Stage   Closing Remarks
10:40 – 10:50
Dark Stage   Moderator Remarks
Speakers

Big Hass The Master of all things cool

10:50 – 11:10
Dark Stage   Live Hack: Dangers of USB Attack Surface
Speakers

Remesh Ramachandran CISO, Security Researcher, Zambia

11:10 – 11:30
Dark Stage   Live Demo: Hunt for Ransomware & Recovery and Signs of Compromise Ransomware has rapidly evolved from being simple commodity malware affecting individual computer users to an enterprise threat that is severely impacting industries and government institutions. This demonstration will explain different activities that attackers might use to encounter a ransomware and how SOC defenders can hunt for such activities, investigate, and automate response (triage) to recover from ransomware post-incident activities) using the latest security research and advanced analytics platforms
Speakers

Hesham Saad Sr. Global Cybersecurity Technical Specialist - EMEA, Microsoft, United Arab Emirates

11:30 – 11:50
Dark Stage   Stopping Credential Theft using AI
Speakers

Sameh Sabry Regional Director, Middle East, and Africa, Conceal, UAE

11:50 – 12:10
Dark Stage   Live Demo: Pandora's Box of Digital Financial Inclusivity in Africa  The African financial landscape is highly dependent on a unique model of mobile banking. This model is great for financial inclusivity but it brings with it higher-than-usual digital and cyber risks. Godfrey Magila will simulate how we get into the mindset of the African hacker and ensure that all the touch points are secure for the financial institutions, the end user and everything in between 
Speakers

Godfrey Magila Global CEO, Magilatech, UAE

12:10 – 12:40
Dark Stage   Live Demo of Fault Injection
Speakers

Joe Grand Tech wizard, author, Joe “Kingpin” Grand a legend in the cyber

12:40 – 13:00
Dark Stage   Live Demo: You Only Live Twice: From 0 to Adversary-Generated Threat Intel in 300 Seconds •Gone are the days of third-party, generic threat intel’s utility, if they ever existed—generating your own threat intelligence is not only possible but essential
•Creating a deception network in real-time based on various weaknesses, from a recent Confluence exploit to Apache spark to weak credentials in Linux and Windows machines
•Alive demo of how connecting a vulnerable computer to the internet results in immediate attacks online—watch as threat actors enter the network and their actions are dissected in real time
Speakers

David Barroso CEO and Founder, CounterCraft, Spain

13:00 – 13:20
Dark Stage   Ransomware Impacting OT and How to go About It Targeted and supply chain ransomware is the new normal - high-stakes extortion using sophisticated, nation-state attack techniques. Increasingly, ransomware impacts physical operations and cause sometimes long-lasting OT production shutdowns. In this session we look at the three ways ransomware can cause OT shutdowns, with real-world examples. We will also look at how secure sites deal with this new threat.
Speakers

Naoufal Kerboute Regional Director – Middle East, Turkey & North Africa, Waterfall Security

13:20 – 13:40
Dark Stage   Live Hack: Augmented Security Testing Security testing has relied on scanners for decades. But are they enough? Human augmented security testing has evolved beyond the penetration test of 10 years ago. Now the talent, data, speed and scalability are better than ever before. See how augmented security testing can make your organization safer than ever before.
Speakers

Jay Kaplan Co-Founder, CEO, Synack, USA

Alex Tugatijian Customer Success Manager, Synack

Nikhil Srivastava Synack Red Team Legend, Synack, India

13:40 – 14:00
Dark Stage   Live Hack: Automating Security Validation to Manage Exposure and Reduce Risk Watch a live ethical attack using Automated Security Validation technology and learn how organizations today stay one step ahead of the adversary and can reduce exposure with a click of a button
Speakers

Hardeep Singh Lead Security Consultant, Pentera, UAE

14:00 – 14:20
Dark Stage   Evasive file threats
Speakers

Michael Tal Technical Director, Votiro, Israel

14:20 – 14:40
Dark Stage   The Limitations of Legacy, The Possibilities of the Disruptors, and the Aspiration for Evolution As they embark on their digital transformation journey and increase proliferation of their digital assets, a med-size enterprise is faced with the reality of having more than 250 million events a day in their environment. Legacy cyber defense programs are not geared to deal with, sieve through, analyze and triage along with having a timely and effective response to achieve cyber resilience.Without the power of automation and machine learning, the fight against cyber threats is deemed lost. Cyber resilience is about the enterprise ability to effectively monitor, detect, respond to and recover from cyber threats and now should be done at predominantly by machines at machine speed
Speakers

Tarek Ghoul Founder & CEO, Coordinates ME, a GBM Company, UAE

14:40 – 15:00
Dark Stage   Cyber-Espionage Campaign Targeting Companies in the Middle East Investigating a malicious campaign involving the abuse of binaries vulnerable to side-loading, targeting the Middle East. We’ll explore how a ProxyShell has been used to exploit a vulnerability on an Exchange Server
Speakers

Liviu Petre Solutions Architect, Bitdefender, Romania

15:00 – 15:20
Dark Stage   No Password, No Problem: The Future of Authentication in a Threatening World As cyber threats continue to loom, the need for stronger authentication in the digital landscape is more important than ever. In "No Password, No Problem: The Future of Authentication in a Threatening World," we'll dive into the benefits and drawbacks of password-based authentication, and explore how password-less authentication is emerging as the future of secure and convenient access. From biometric authentication to token-based solutions, we'll examine the latest trends and innovations in authentication, and how they can help protect against the ever-evolving threats of the modern world. Join us for an engaging and thought-provoking discussion on the future of authentication and why it matters for individuals, businesses, and society as a whole.
Speakers

Rami Kayyali Chief Technology Officer, The Kernel, UAE

15:20 – 15:40
Dark Stage   Best Practices for Securely Replicating PI System Data Across Segmented Networks Many critical infrastructure organizations have a PI system within their OT network to monitor asset values, archived and historical data, as well as digital state tables. The data living in the PI system needs to be transferred to an external network for remote monitoring and analytics. However, to prevent unwanted threats from entering secure OT networks, many organizations have completely isolated their OT network from external connections, introducing a challenge when it comes to sharing data between two networks at differing security levels. Join us as we discuss best practices for securely transferring PI data one-way out of OT to an IT network, the cloud, or any other network for remote monitoring, without introducing risk.  
Speakers

Mark Toussaint Senior Product Manager, Owl Cyber Defense, USA

Kris Voorspoels Cross Doman Solution Architect, Owl Cyber Defense, UAE

15:40 – 16:00
Dark Stage   The Dark Web Threats: Shielding Your Business from Account Takeovers The risk of the dark web but from a corporate perspective, not individuals, and how big corporates got hacked because of dark web leaks, "account takeover attacks,". A deep dive on how to prevent it.
Speakers

Youssef Mohamed CTO, Buguard, Egypt

16:00 – 16:20
Dark Stage   Live Demo: TACE: Taint Assisted Concolic Execution. Software defects are ubiquitous. Since these defects may expose the software to a plethora of vulnerabilities, these must be identified in time. Symbolic and concolic executions (symbex) are popular software testing approaches to detect these defects. However, they are inherently slow and incur high-performance overhead. Thus, despite their tremendous potential, their application in solving critical problems in software analyses is limited. Several improvements on symbex, such as SymCc and SymQemu, move the constraint collection to compile time, thus, offering a better execution speed. However, a solution to the constraint bloating problem remains elusive in the existing techniques. We present TACE (Taint Assisted Concolic Execution) that combines the recent advancement in symbex and taint flow analysis to debloat the constraints by selecting the constraints relevant to the target branch in terms of the shared tainted variables. With the order of magnitude improvement, TACE demonstrates a significant edge over existing tools in detecting defects in real-world libraries
Speakers

Mthandazo Ndhlovu Security Researcher, The Artificial Intelligence and Digital Science Research Center, Technology Innovation Institute, UAE

Ridhi Jain Researcher, The Artificial Intelligence and Digital Science Research Center, Technology Innovation Institute, UAE

16:20 – 16:40
Dark Stage   A.I. is the new black: how will ChatGPT influence corporate cybersecurity? Understanding how ChatGPT currently influences the cyber threats landscape, where cyber criminals use it, and will it be effective? Whether this is a real game changer for the industry and, in particular Security Operation Centers (SOCs)?Exploring the potential benefits of using ChatGPT in in the field of defensive cybersecurity (threat hunting and malware analysis) and shareing Proof-of-Concept tool to use in threat detection use cases
Speakers

Maher Yamout Senior Security Researcher Kaspersky, UAE

Victor Sergeev Incident Response Team Lead, Kaspersky, UAE

16:40 – 17:00
Dark Stage   Live Demo Session SSRF: Beating Deny/Blacklists For Profit
Speakers

Thomas Devoss Ethical Hacker, USA

17:00 – 17:00
Dark Stage