Security BSides Athens 2024

BsidesAth Speaker


Generational Cyber

by Campbell Murray, @zyx2k

Abstract: Having seen the industry grow from a handful of misunderstood misfits to the big money industry it has now become, believe me when I tell you I have seen (and done) some things! As we approach the 30-year mark of what we now recognise as formal penetration testing, let’s take a look back at how the industry and the people within it has changed and the trends we are seeing going into the future. We will look at the changing attitudes and requirements of both customers and consultants and what is good and bad regarding the latest trends as the third generation of newcomers to the field enter the workplace

Bio: Leaving a career as a commercial skipper of charter and sail training yachts crossing the Atlantic multiple times, Murray entered Cyber Security in the mid-1990s with a heavy focus in the offensive attack simulation space. In the decades that have followed, he has pen tested and red teamed everything from large Government and military installations, software and networks to cars, trains, ships and aeroplanes.
One of the founders of the Tiger Scheme examination and standards body in 2007 and a founding director or the Cyber Scheme in 2013, Murray has had a considerable influence on the penetration testing community globally in terms of methodology, standards, and development of the industry.
Currently the technical lead at Sodium Cyber as well as a non-executive director at several other Cyber Security consultancies. Murray was the founding director of Encription Ltd in the UK from 2006 – 2016 and later the Global Head of Cyber Security Delivery for Blackberry Professional Services from 2016 – 2020.

BsidesAth Speaker

Talk #1

Evilginx for Red Teamers

by Andrei Grigoras, @Twitter

Abstract: In this presentation, we will begin with an exploration of Evilginx, a leading open-source tool utilized for sophisticated phishing attacks within red team operations. We will delve into the strategic customization of Evilginx to enhance its stealth capabilities, ensuring it remains undetected by defensive mechanisms. Key focus areas include:
- identifying and eliminating Indicators of Compromise (IOCs) to obscure malicious activities.
- employing techniques to blacklist known public scanners, further reducing detection rates.
- strategies to bypass browsers' static analysis mechanisms, allowing for more effective phishing campaigns.
- the development and use of advanced browser-in-browser templates to create convincing phishing sites.
This session aims to provide insights into elevating the effectiveness of phishing simulations while navigating the challenges posed by modern security defenses.

Bio: Andrei is a highly experienced cybersecurity professional with a passion for Windows Evasion, breaching defenses, and network penetration testing. With over 5 years of experience in the field, Andrei has established itself as a trusted expert in the industry. Andrei's expertise and talent have been recognized through multiple awards won at various security content as well as industry-leading certifications such as OSCP, OSEP, PNPT, CRTO and CRTL. Additionally, Andrei has shared their knowledge and insights as a speaker at multiple other conferences for topics such as "Weaponizing ROP with pwntools" and "Building a resilient Red Team Infrastructure using Terraform:"e

BsidesAth Speaker

Talk #2

Showing Off Their SCILz: Sandworm Disrupts Power in Ukraine Using Novel Attack Against OT

by Daniel Kapellmann Zafra, @Kapellmann

Abstract: In late 2023, Mandiant released an investigation into an event where Russian-sponsored actor Sandworm targeted a Ukrainian critical infrastructure organization with a layered, disruptive attack that leveraged a novel technique for impacting operational technology (OT) environments. In this attack, Sandworm used OT-level living off the land (LotL) techniques to trip the victim’s substation circuit breakers, causing an unplanned power outage. Sandworm then conducted a second disruptive event by deploying wiper malware in the IT environment.
This attack represents the latest evolution in Russia’s disruptive playbook, which has been increasingly visible since the recent invasion of Ukraine. The techniques leveraged during the incident suggest a growing maturity of Russia’s offensive OT arsenal, including an ability to recognize novel OT threat vectors, develop new capabilities, and leverage different types of OT infrastructure to execute cyber physical attacks.
During this presentation, I will describe this operation and dive deep into the specific components of the attack from a perspective of OT security. I will also discuss what are its implications in terms of the tactical evolution of attacks against physical production systems during the war in Ukraine. Lastly, I will wrap up the presentation by looking at what defenders and researchers should expect from future cyber physical attacks based on our analysis of this and other OT events during the last couple years.

Bio: Security Engineering Manager for Google Mandiant where he oversees the strategic coverage of threat intelligence with expertise in operational technology and information operations. He is a frequent speaker on ICS/OT topics at international conferences. As a former Fulbright scholar from Mexico, he holds a master’s degree from the University of Washington specialized in Information Security and Risk Management. In 2017, he was awarded first place at Kaspersky Academy Talent Lab's competition for designing an application to address security beyond anti-virus.

BsidesAth Speaker

Talk #3

Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security

by Vangelis Stykas, @evstykas

Abstract: In this talk, we delve deep into the increasingly interconnected world of electronic vehicles (EVs), photovoltaic (PV) solar systems, and the broader power grid infrastructure—a nexus that is becoming a fertile ground for potential large-scale cyber disruptions. As we navigate through this complex interplay of technology and infrastructure, we will uncover the critical vulnerabilities lurking within the API connections that bind these systems together. Our exploration will not only highlight these weaknesses but will also demonstrate, through real-world scenarios and potential attack vectors, how they can be exploited to launch sophisticated cyber-attacks, emphasizing the urgent need for robust security frameworks and proactive cybersecurity measures to safeguard our collective future. The advent of PV inverters and EV charging systems has been marred by the industry's "rush to market" mentality, leading to overlooked security considerations. These critical weaknesses potentially allow remote attackers unprecedented control, with the ability to fully commandeer or even incapacitate these devices. Our investigation will reveal how targeting cloud platforms used by installers could unlock elevated access not just to PV inverters but also to EV chargers. This access includes functionalities usually restricted from the systems' proprietors, thereby opening a pandora's box of vulnerabilities.

Bio: Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
He currently applies his skills as a Chief Technology Officer at Atropos.
His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.

BsidesAth Speaker

Talk #4

Attacking Wireless Enterprise Networks

by Foivos Kouroutsalidis, @Twitter

Abstract: The conference talk "Attacking Wireless Enterprise Networks" explores the realm of wireless network security with a focus on enterprise environments. The session delves into the critical aspects of reconnaissance within a red team environment, shedding light on various methods for target identification and mapping of the in-scope attack surface.
The presentation will focus on vulnerabilities and attacks specific to Extensible Authentication Protocol (EAP) networks. Attendees will gain insights into various techniques employed by attackers, including evil twin, captive portal, password spraying and relaying attacks and how weaker EAP methods can be exploited to gain unauthorized access.
By attending this talk, participants will obtain a comprehensive understanding of the threats faced by wireless enterprise networks.

Bio: Foivos Kouroutsalidis is a Senior Specialist Consultant in Deloitte’s Risk Advisory Department in Greece. He started his career as an IT support engineer and later transitioned into the field of information security as a security analyst and penetration tester/red teamer later on. His areas of interest include Web Application, Infrastructure and Wireless penetration testing.

BsidesAth Speaker

Talk #5

The hackers guide to AI: malicious use cases for LLMs

by Mackenzie Jackson, @advocatemack

Abstract: This talk is for anyone wanting to explore how a malicious actor can harness the power of AI for nefarious purposes, live and in action. Leveraging demos, we show how we can turn helpful AI assistants into evil agents of chaos, turn AI hallucinations into malware advertisements, and even show how a complete novice can use an AI model can hack a vulnerable network entirely.
We start by covering the basics of AI models including benefits and weaknesses of baseline LLMs vs instruction-turned LLMs. We then explore prompt injection in detail with a series of demos but critically show how a common AI email assistant can be tricked into malicious actions like showing nefarious links and stealing data simply through a prompt hidden inside an external email. We also show how hallucinations from AI, specifically open-source packages that don’t exist, can be used by an attacker to spread malware. Next, we use White Rabbit, a red-team-tuned LLM, to hack a vulnerable Network without any previous knowledge.
The final segment focuses on a discussion around if AI can be used safely in a corporate environment and how we can defend against AI-powered hackers.

Bio: Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations.
Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.

BsidesAth Speaker

Talk #6

From Ghidra to Frida: How to train your dragon and enchance your dynamic instrumentation skills

by Konstantinos Mitropoulos, @Twitter

Abstract: Reverse engineering is known to be a challenging process in the modern era. The complexity of software applications makes it difficult for reverse engineers to understand the overall design and function of an application, and requires tailor-made tooling that can help them throughout the entire reversing process.
The Ghidra to Frida hook generator is a handy plugin that tries to bridge the gap between the static analysis of an executable which is done by Ghidra, and the dynamic analysis that the Frida instrumentation framework can deliver. It provides an easy, single click way of generating Frida hooks for any executable address in the binary, utilizing the information extracted by Ghidra's Analyzer to produce handy code that can be immediately included in a Frida hook script.
For a newcomer to Reverse Engineering, it can take away all the difficulty of the Frida learning curve for native binaries, as users can end up from an identified address to working and useful hook code for that address, within seconds. For a more seasoned Reverse Engineer, the plugin provides useful options for generation of multiple hooks at once, for addresses or functions that are somehow related. For example, it can hook all the functions that contain a certain string in their name, it can hook callers and callees of a certain routine, it can hook all exported symbols of a library to identify the entry point in each case, and multiple others - all possible after a couple of clicks of the mouse.

Bio: Konstantinos Mitropoulos is a Security Analyst at CENSUS S.A. , and has examined multiple types of applications in various deployment scenarios. After manually writing multiple native Frida hooks that refuse to work for the most obscure reason each time, he decided to automate the whole process to solve this problem once and for all.

BsidesAth Speaker
BsidesAth Speaker

Talk #7

Cloud Convergence: Exploring the Interconnected World of Cloud, DevOps and AD in Penetration Testing

by N. Niskopoulos & M. Gyftos, @Twitter , @Twitter

Abstract: In today's digital landscape, the convergence of cloud computing, DevOps practices, and internal Active Directory (AD) infrastructure has become increasingly prevalent, shaping the way organizations deploy, manage, and secure their IT environments. This presentation delves into the interconnected world of Cloud, DevOps tools and AD, exploring the security implications and challenges inherent in this complex ecosystem.
As organizations embrace cloud technologies and DevOps methodologies to drive agility and innovation, they are also confronted with new cybersecurity risks and increased attack surface. Cyber attackers are stirring their focus on currently easier exploitation of vulnerabilities in cloud environments, leveraging misconfigurations, weak authentication mechanisms, and insecure DevOps pipelines to gain unauthorized access, compromise sensitive data, and disrupt operations.
Through real-world examples and case studies, this presentation highlights the impact of cyber attacks on cloud, DevOps, and AD environments, illustrating the potential consequences of security breaches. Attendees will gain insights into common attack vectors, defensive strategies, and best practices for securing these interconnected environments. By understanding the interconnected nature of these technologies and the security implications therein, organizations can better protect their digital assets and mitigate the risk of cyber attacks in today's rapidly evolving threat landscape.

Bio: Nikos have been working as an IT Security Specialist since 2012. His main areas of expertise are Cybersecurity and Data Protection, as well as identifying and evaluating Cyber Security Threats. In the course of my professional career I have been engaged in multiple projects further improving my experience in various sectors including Telecommunications, Banking, Insurance, Oil & Gas, Power & Utilities, Government & Public Sector, as well as working for projects for the European Commission. I hold a BSc degree in Digital Systems with a specialization in Networks and Telecommunications and an MSc with specialization in Cyber Security both from the University of Piraeus, as well as, OSCP, ISO27001 and Web Applications Diploma, certifications.

Marios has been working on the Cyber Security field since 2017, started his career focusing on web application penetration testing but then continued on focusing more on cloud penetration testing including AWS, GCP and Azure. On his free times he enjoys playing basketball and chess.

BsidesAth Speaker

Talk #8

Cyber Shadows in the Sky: The Impact of Hacking on Space Technology

by Eleftherios Athousakis, @Twitter

Abstract: In this talk, we delve into the intriguing intersection of hacking and space technology, beginning with satellite history and a, not so, hypothetical scenario where a skilled hacker manages to disable a service important to all humankind. This fictitious presentation is aimed to serve as a springboard to discuss the vulnerabilities inherent in our reliance on space-based technology. We explore the potential consequences of such an event, from disruptions in telecommunications and navigation to impacts on military operations and emergency services. The talk further illuminates the need for robust cybersecurity measures in space technology and advocates for proactive strategies to safeguard our space assets. By intertwining the realms of hacking and space, we aim to shed light on the pressing need to secure our digital and physical frontiers. Let’s continue with the story, shall we?

Bio: Serving with the Hellenic Armed Forces for almost 28 years with multinational assignments and experience in Satellite Communications, OSINT, Cyber Security, and Digital Forensics.

BsidesAth Speaker

Talk #9

Sigma: Decoding the Future of Detection

by Alex Sinnott, @Twitter

Abstract: Sigma detections have been a way for blue teams to share malicious behavior for over 7 years. Since then, the core team have been working extremely hard on bringing brand new features – like correlations, filtering, & meta rules, sweeping documentation uplifts, as well as bringing a new suite of tools and ecosystem changes that's designed to be as modern as the SIEMs we use today.
Come explore these advancements as we unlock some of new exciting possibilities of what Security Teams can now do with Sigma and the v2 Specification.

Bio: Alex is a Security Engineer working within the Security Operations Team at Wise. He's had over 7 years of experience working in Security Operation Centers across 2 continents tackling some of the most prevalent problems within the SecOps domain – focusing on Detection Engineering & Validation.
Alex also works alongside the core Sigma team writing proposals & documentation and working on the challenges of improving the overall user-experience of the Sigma ecosystem for all incoming and incumbent security professionals.

BsidesAth Speaker

Talk #10

Home Labs for fun and !profit (Put your home lab on your resume!)

by Kat Fitzgerald, @rnbwkat

Abstract: What should your home lab really consist of? That's a tough question. Let's present some ideas, but at the same time, let's talk about how it can help advance your career and get you noticed for that next interview!
Your home lab is a great addition to your career and a fabulous stepping stone on your resume - when you do it right. And, contrary to popular belief, your Home Lab should not substitute as a heat source in the winter time, but it should set you apart from all the other resumes!
Home Labs are for learning and applying what you learn in ways to boost your growth, skill sets and more, and this talk brings them all to the table, all on a shoestring budget.
This is not your Mother's Home Lab - this is about having fun while learning hardware and software techniques such as virtualization, containers, security and just making it FUN! That is what is missing in so many home lab discussions.
And who knows, you might even learn a little bit about SDLC in the process - (that's "Secure Development Lifecycle", BTW)
All this and Dancing Flamingos? Wow! What a deal!!

Bio: Based in Chicago and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Chicago area.

BsidesAth Speaker

Talk #11

Local Admin in less than 60 seconds [My guilty pleasure]

by Nikos Vourdas, @nickvourd

Abstract: Local Privilege Escalation, also known as LPE, refers to the process of elevating user privileges on a computing system or network beyond what is intended, granting unauthorized access to resources or capabilities typically restricted to higher privilege levels. Gaining local admin privileges during red teaming significantly enhances the potential for lateral movement and access to additional resources. Modern environments offer unprecedented opportunities to gain local admin privileges more easily than one might imagine. The days of relying solely on traditional techniques such as exploiting unquoted service paths, weak service permissions, misconfigured AlwaysInstallElevated policies etc. are long gone (still possible but rare). Thus, in this presentation, we will explore together some alternative and realistic methods for escalating privileges and moving laterally within an internal network, inspired by my recent engagements.

Bio: Nikos Vourdas, also known as nickvourd or NCV, is a Senior Offensive Security Consultant at EY Greece. With over four years of professional experience, he has actively participated in various global Tiber-EU and iCAST Red Teaming engagements. Regardless of his young age, Nikos has conducted full Red Teaming operations to major clients across retail, banking, shipping, construction industries. He holds OSWE, OSEP, OSCP, OSWP, CRTL and CRTO certifications. Nikos loves contributing to open-source projects and always starts his day at 05:00 AM with a refreshing jog while listening to Chinese rap music.

BsidesAth Speaker

Talk #12

Talk 12 TBA

by Speaker 12, @Twitter

Abstract: Speaker 12 Abs

Bio: Speaker 12 Bio

BsidesAth Speaker

Talk #13

Recent Advances in Malicious Cryptography/Mathematics and Their Potential Impact on Malware Activity

by Eric Filiol, @Twitter

Abstract: Malicious Cryptography and Malicious Mathematics (MCMM) can be defined as the interconnection of attack techniques with cryptology and mathematics for their mutual benefit. This domain covers several fields and topics among which "super malware" design and implementation.
While few attacks using these techniques have been identified or detected to date, there are fears that the use of MCMM techniques will increase in the near future when considering the evolution of state doctrines in the area of malware-based offensive cybersecurity.
The aim of this talk is to present recent advances in this field:
- evading techniques that have been proven definitively efficient at bypassing any DLP or similar detection techniques
- operational deniable cryptography using short keys enabling to fool reverse-engineer
- complex protocol used by a process to determine whether it under analysis or not systematically.
The talk and related paper do not include code or techniques that could be misused (responsible disclosure). Only mathematical and algorithmic concepts are presented in a very didactic way and eventually illustrated by experimental results or demos.
The presentation outlines the possible safeguards to be considered to counter these techniques, presenting their strengths and weaknesses and the difficulties involved in implementing them.

Bio: Éric Filiol is a Head of Discipline Cyberdefense and senior expert in information/systems security and intelligence at Thales Digital Factory, Paris. He is also associate professor at ENSIBS, France. He directed the research and the cyber security laboratory of a French engineer school for 12 years. He spent 22 years in the French Army (Infantry/French Marine Corps). He holds an engineering degree in Cryptology, a PhD in Applied Mathematics and Computer Science from Ecole Polytechnique and a Habilitation to Conduct Research (HDR) in Information from the University of Rennes. He is editor-in-chief of the research journal in Computer Virology and Hacking Techniques published by Springer. He regularly gives international conferences in the field of security (Black Hat, CCC, CanSecWest...).

BsidesAth Speaker

Talk #14

From Data Deluge to actionable Insights with LLMs: Introducing "TI Mindmap"

by Antonio Formato, @anformato

Abstract: We'll introduce TI Mindmap, an open-source project designed to empower Infosec professionals in navigating the complexities of Threat Intelligence write-ups. https://github.com/format81/TI-Mindmap-GPT Through a sequence of demonstrations and discussions, we will explore how TI Mindmap leverages the capabilities of LLMs to enhance the efficiency of processing and extracting crucial information from a variety of Threat Intelligence sources. Covering tasks ranging from summarizing Threat Intelligence articles to mapping entity relationships with Mindmaps, and from engaging in AI-driven chats on your data to generating PDF reports, TI Mindmap offers a comprehensive toolkit for synthesizing key insights from the data deluge. During the session, we'll not only showcase the capabilities of TI Mindmap but also share insights gained from our development journey. We'll discuss the challenges we've encountered, the lessons we've learned, and the future directions of this open-source project. We'll explore how TI Mindmap leverages Prompt Engineering, RAG Retrieval Augmented Generation and Streamlit python library and future plan we have in mind. Additionally, we'll extend an invitation for valuable contributions from the cybersecurity community, inviting attendees to collaborate and enhance TI Mindmap together. This session offers an opportunity to explore the cutting-edge intersection of LLMs and cybersecurity.

Bio: Antonio Formato is a Cybersecurity Technology Specialist at Microsoft.He has more than 17 years of experience in supporting organizations to reduce cyber risks. He currently works on intersection of Generative AI and Cybersecurity with strong background in threat intelligence and cloud security. He's actually researching and developing open source solutions leveraging LLMs and Python.

BsidesAth Speaker

Talk #15

Deep Dive into Clouded Waters - An overview in Digital Ocean's Pentest and Security

by Bleon Proko, @gl4ssesbo1

Abstract: Digital Ocean has been around for some time and has given it's users a cheap, bur quite reliable Cloud Platform.
That doesn't mean it's fully secured. Or that admins can set it up securely. Especially considering that most Infrastructure Based Attacks come from misconfigurations. In this talk, we'll look at how to attack Digital Ocean's Services, how to abuse them as attack vectors and how to defend against them.
We'll start with Reconnaissance, looking at what services can be found online and where to look for them.
Then, we'll look at how to get access to the Infrastructure, including and not limited to Phishing, Droplet Attacks, App Attacks, Function Attacks, etc.
We'll look at what privileges can we get from different Initial access methods and what can be enumerated/abused to get Admin rights.
Privilege Escalation and Lateral Movement comes next.
Second to last is Persistence. We'll look at how to persist, using what Digital Ocean provides.
And lastly, Exfiltration. We'll get data out and try to make it stealthily.
By the end of it, if you do not get lost, you'll get a better idea on how to "Make Digital Ocean Great Again".

Bio: An Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting.

BsidesAth Speaker

Talk #16

AI: Double-edged sword in Cyber Security

by Shilpa Singh, @Twitter

Abstract: Imagine attackers wielding super-powered malware that adapts to defenses and evades detection. Scary, right? That's the potential of AI in cyberattacks. However, the good news is that AI can also be used for bolstering Cyber Security, simulating real-world attacks to identify and fix vulnerabilities before attackers can exploit them. That’s what I want to explore during this talk.

Bio: Being always enthusiastic about cyber-Security and having 9+ years of experience in IT Security. She possesses in-depth knowledge and ability to navigate complex systems. Leading several projects often involve collaborating with diverse teams and stakeholders showing her ability to build and maintain strong relationships across various departments.
Overall, Shilpa's blend of technical knowledge in SOC, Cyber Security and Incident Response, SIEM, Device Configurations, Elastic Search and Log Management, Endpoint Protection, Vulnerability Management, Security Best Practices and ITIL framework, proven leadership skills, networking experience, and unique perspective makes her an ideal candidate to captivate and inspire audience.

BsidesAth Speaker

Talk #17

Expanding Security Horizons: SIMD-Based Threats

by Andrii Mytroshyn, @Twitter

Abstract: As cybersecurity continues to evolve, it is imperative to anticipate novel threats that exploit cutting-edge technologies. This talk focuses on a lesser-explored avenue of attack—CPU-exhaustion techniques—showcasing their potential through the lens of NEON/SSE instructions. These SIMD instruction sets, prevalent in ARM and x86 architectures, offer attackers a unique opportunity to manipulate parallel processing capabilities for nefarious purposes. By intricately designing operations that exploit these instructions, adversaries can push CPUs to their limits, causing resource exhaustion and severe performance degradation.
Description: The main goal of the talk is to give its participants a basic idea of attacks using GPU/SIMD, and provide an understanding why it is possible and why almost any system could be affected by such threads.
1. Short introduction of SIMD
2. Attack possibilities with Neon/SSE
3. Example of attack with GPU and CPU

Bio: Samsung Electronics, computer graphics 6 years and 8 month Visteon Corporation, computer graphics 5 years and 5 month Carbon black, security 1 year and 4 month

BsidesAth Speaker

Talk #18

Stretching the Boundaries: Hunting for Elasticsearch Leaks

by Viktor Markopoulos, @vict0ni

Abstract: Elasticsearch has become a viable solution for efficient data indexing and retrieval. From small use cases to global enterprises. However, with its widespread adoption comes the inherent risk of misconfigurations and unintended exposure of sensitive information. It is known that Elasticsearch hosts can be easily misconfigured, leaving them open to the Internet for easy browsing without authentication. As this technology can also be used not only for analytics but often as an efficient NoSQL database, this unauthorized access can lead to many exposures.
Industries using Elasticsearch vary from manufacturing, financial and government to medical and military suppliers.
In this talk we will present a tool developed to discover public Elasticsearch hosts that possibly contain sensitive and publicly identifiable information and other leaks. Deployed with incorrect settings, they require no access control and can be browsed just like any other internet resource.
We will focus on:
- How the tool works and analyzes results with live examples.
- How to leverage the findings and focus them to your own research
- Understand the reason for the findings and how to protect against them if you or your company uses Elasticsearch or similar products
- Future tool features and options.

Bio: Viktor is an information security consultant for Bitcrack Cyber Security in South Africa and living in Athens. His primary interests are web application and API pentesting, as well as bug bounty hunting and freelance research articles in his spare time.

BsidesAth Speaker

Talk #19

Securing Your Software Supply Chain: Insights from a Hacker's Perspective

by Yannis Folias, @YFolias

Abstract: The goal of this presentation is to highlight the most common attacks against an organisation's Software Supply Chain, discuss their potential impact, and explore different strategies to mitigate associated risks.
During this session, participants will delve into the various stages of the software development process, from source code management to distribution and deployment. At each step, attendees will gain insights into potential threats commonly faced by organisations, including unauthorised access to repositories, attacks on third-party dependencies, and vulnerabilities during the build and deployment phases.
Understanding the inherent risks at each phase of the software supply chain is crucial for developing a robust strategy and implementing best practices to strengthen software development workflows and safeguard critical digital assets. By embracing initiatives like the SLSA framework, organisations can identify and mitigate risks as early as possible, ensuring greater security and resilience throughout their entire software supply chain.

Bio: Yannis Folias is a Security consultant and an Open Source enthusiast with a DevOps background. He is currently working as a Senior Cloud-Native Security Consultant on behalf of ControlPlane, focused on threat-modelling and securing Kubernetes clusters while ensuring the robustness of CI/CD pipelines.
Originally from Greece, he migrated to London back in 2015, and since then has been in a constant learning and growing battle. An OSCP holder who also got his master's degree in Advanced Security and Digital Forensics, doing his best to stay curious and committed to finding new ways of breaking and fixing systems.

BsidesAth Speaker
BsidesAth Speaker

Talk #20

REWIRE – Cybersecurity Skills Alliance, A New Vision for Europe

by M. Athanatos & F. Georga, @athanat

Abstract: New Cybersecurity challenges arise daily and are crucial in the digital age, requiring continuous upskilling for keeping up with the new ATT&CK. This talk presents the outcomes of the REWIRE project, concluding after an innovative and productive, 4-year journey. With 25 partners from academia and Vocational Education and Training (VET), CyberSec industry, certification and umbrella organizations, it developed an European Cybersecurity Blueprint and Skills Strategy. Exploiting the results of the four EU cybersecurity pilot projects: CONCORDIA, SPARTA, ECHO, and CyberSec4Europe, REWIRE addresses skill gaps through a new innovative approach. It introduces occupational profiles based on the ENISA’s European Cybersecurity Skills Framework, delivering trainings for key roles such as Cyber-Incident Responder, CTI Specialist, Penetration Tester, and Chief Information Security Officer. REWIRE involved stakeholders to exploit VET potential, enhanced Cyber-Ranges, and promote European Quality Assurance in Vocational Education and Training (EQAVET) and European Qualifications Framework (EQF) / European credit system for VET (ECVET) frameworks for quality and transferability. Sustainability is key, with ongoing collaboration to continuously monitor the sectors’ needs, facilitate mobility, and enhance long-term employability.

Bio: Manos Athanatos M.Sc. (male) is Cybersecurity Expert and a Senior Technical Project Manager at FORTH and TUC, acting as a cybersecurity product manager and consultant. He has 15 years of experience in cybersecurity projects and is the acting Coordinator, Scientific and Technical Coordinator in a number of them. He is a member of the OASIS CACAO TC, TAC TC, CTI TC, FIRST.org and ENISA AHWG on SOC. He was R & D Engineer in DiSCS Lab, FORTH-ICS and received his B.S. (’05) and M.Sc. (’07) degrees in Computer Science from the University of Crete, Greece. His main research interests include systems, network and system security, cybersecurity automation, deception technologies, network monitoring, CTI and SOC technologies.

Fotini Georga is Customer Service Manager - Greece, Italy, Bulgaria, Croatia & Serbia Business Assurance. I have a Bachelor of Science in Business Administration. My working experience has started in a ship managing company in the Quality Assurance department. I continued to the Certification Body-Classification Society Lloyd's Register and I am currently working in the Certification Body LRQA.

BsidesAth Speaker

Talk #21


by George Sotiriadis, @Twitter

Abstract: Echo is an innovative full-stack phishing framework engineered to empower users Developed with technologies like Vue.js for the frontend and Node.js with MongoDB for the backend, Echo represents a new approach in how someone can create a phishing campaign. At its core, Echo offers users the ability to dynamically edit and host pre-designed phishing pages, providing adaptability and customization options. One of Echo's core features is its emphasis on evasion tactics. Recognizing the growing sophistication of security measures, Echo leverages the nature of Vue.js to enhance evasion tactics against automated scanners. By generating content dynamically and manipulating the DOM during runtime, Echo evades detection by concealing crucial elements such as links from static analysis. This strategic approach not only makes the framework resilient against automated detection but also ensures that phishing campaigns remain undetected, thereby maximizing their effectiveness. The workshop will include a live demonstration of Echo's functionality, allowing attendees to witness firsthand how the framework operates and gain practical insights into its capabilities. Furthermore, an example phishing campaign will be presented, enabling participants to observe Echo in action and understand the potential impact of the tool. By combining technical expertise with practical demonstrations, this workshop aims to equip participants with the knowledge and skills needed to leverage Echo effectively.

Bio: George Sotiriadis is an offensive security consultant with expertise in penetration testing, red teaming, and malware development. He holds certifications including OSCP and CRTO and has 1.5 years of experience in penetration testing and red teaming. George's research interests include Penetration Testing & Vulnerability Assessment on net-centric information systems, as evidenced by his published thesis. Additionally, he has developed Chimera, a Python-based tool providing evasion capabilities against EDR systems. George's focus is on practical solutions and contributing to the cybersecurity community through his work and research.

BsidesAth Speaker

Talk #22

Soldering Session

by Georgios Roumeliotis, @Twitter

Abstract: In this soldering session, participants will learn basic soldering techniques, essential safety measures, and effective soldering iron cleaning tips through a hands-on approach. The session will culminate in assembling their own BSides badge as a practical exercise.

Bio: Georgios is an Information Security Consultant and Penetration Tester at TwelveSec, specializing in a range of testing methodologies including external, internal, web, and mobile application security, as well as CVE hunting. His expertise extends into Unix/Linux application development and embedded systems, blending technical skill with practical security insights. Georgios holds key certifications such as Certified DevSecOps Professional (CDP) and OffSec Certified Professional (OSCP), and has contributed to cybersecurity knowledge through his research on CVEs. He earned his Bachelor’s degree in Computer Engineering from the University of Peloponnese.

BsidesAth Speaker

Talk #23

EDR Evasion Basics

by Panagiotis Fiskilis, @Neuro_Z3RO

Abstract: In this talk we will learn about the basics techniques of EDR evasion and how we (as Red Teamers) can create implants that are either undetected or create some Low alerts, using the power of low level C/C++ programming with systemcalls

Bio: Panagiotis is an experienced penetration tester and Red teamer, with multiple years of experience in ethical hacking, interested in API hacking, Active Directory hacking and malware development. Panagiotis is also an active student at the University of West Attica

BsidesAth Speaker

Talk #24

Talk 24 TBA

by Speaker 24, @Twitter

Abstract: Speaker 24 Abs

Bio: Speaker 24 Bio

BsidesAth Speaker

Talk #25

Talk 25 TBA

by Speaker 25, @Twitter

Abstract: Speaker 25 Abs

Bio: Speaker 25 Bio

BsidesAth Speaker
BsidesAth Speaker
BsidesAth Speaker

Special Session 1

The Corporate Espionage Case: A Digital Forensics Adventure

by D.Georgiou, S.Pitikaris, K.Kiriakos, @Twitter

Abstract: «The Corporate Espionage Case: A Digital Forensics Adventure» is a fictional synthesis drawn on different experiences which serves as a cohesive narrative delving into the fascinating world of digital forensics through the lens of experienced professionals. In this workshop, we will share our journey across multiple DFIR cases, offering a unique glimpse into the meticulous process of analyzing cyber threats, uncovering digital evidence and ultimately piecing together the true story behind cybercriminal activities caring to be forensically-sound every step of the way! Attendees will be guided through the complexities of digital investigations, from phishing attempts and insider threats to initial breach detection, forensic acquisition, analysis and reporting. By exploring real-world scenarios, we aim to illuminate the challenges and triumphs of digital forensics, providing insights into the tools and techniques essential for navigating the digital crime-scene all the way to the courtroom.

Bio: Short Bio Dimitris Georgiou: Dimitris Georgiou is a senior consultant with more than 20 years of experience in IT and Cybersecurity. He is Chief Security Officer and Partner at Alphabit SA, a cybersecurity firm in Athens, Greece. He has diverse studies in the humanities and Computer Science and holds professional certifications in Information Security, Digital Forensics and Payment Security. He is member of BCS, IEEE, ACM and ISC2. He participates at the ISC2 Europe Advisory Council and volunteers as a Member of the Board of the ISC2 Hellenic Chapter. He consults organisations on how to effectively reduce cyber risk, conducts security audits and digital forensics investigations being a registered forensic court expert. He speaks and writes about cyber hygiene particularly caring for the safety of children online.

Short Bio Spiros Pitikaris: Spiros Pitikaris is a Cyber Security Consultant and has been a part of Alphabit for three years. With a BSc and Msc in Cyber Security he also holds professional certifications in Information Security, Digital Forensics and Penetration Testing. He combines a passion for the offensive side of cybersecurity with a keen interest in the defensive realms of digital forensics and incident response. His expertise and interests span various technologies, including application security, threat hunting and malware analysis.

Short Bio Konstantinos Kiriakos: Konstantinos Kiriakos, a computer science engineering graduate, transitioned from the world of software development to pursue his dream in cybersecurity. Drawn to the intricate challenges and complexities of cybersecurity, he embarked on this journey by earning the CC certification from ISC2. Today, he specializes in diverse areas like digital forensics, penetration testing, and consulting. His focus goes beyond identifying vulnerabilities; he actively contributes to evolving organizational defenses in all aspects by building robust security postures and empowering staff through comprehensive training sessions.

BsidesAth Speaker

Special Session 2

Block By Block: Building Your CTI Program

by Andreas Sfakianakis, @Twitter

Abstract: «Block By Block: Building Your CTI Program» is a 2-hour workshop designed to demystify the complexities of CTI and provide a clear pathway for participants to build or enhance their threat intelligence programs.
This workshop is created for individuals keen on grasping the fundamental principles of CTI and eager to translate this understanding into a strategic framework for their organizations. We will embark on a journey through the essentials of CTI, starting with an exploration of foundational CTI concepts and the pivotal role it plays in managing cyber threats. Throughout the session, we will delve into the steps necessary for initiating a CTI program, emphasizing the seamless integration of CTI into existing organisational processes. Moreover, the workshop will highlight practical and easy-to-implement approaches that organizations can adopt for quick wins and building foundational CTI capabilities (key practices, common pain points, and effective techniques). Emphasis will be placed on leveraging technology to enable CTI, developing skillset of CTI analysts, and employing a maturity model to gauge and enhance the effectiveness of CTI initiatives.
Whether you're at the early stages of considering a CTI program or looking to refine and expand your existing capabilities, this workshop offers insights, resources, and perspectives on cyber threat intelligence programs.

Bio: Andreas is a Cyber Threat Intelligence professional with over a decade of experience in cyber security. Having tilted at windmills, Andreas focuses on applying threat intelligence and helping organizations manage threats mostly within the Oil & Gas, Technology, and Financial sectors as well as in European Union’s Agencies and Institutions. Andreas has been contributing to the CTI community since 2012 via reports, his blog, newsletter, conferences, trusted communities, and instructing. His passion for teaching led him to become a SANS instructor for FOR578 Cyber Threat Intelligence course. Andreas’ primary goal is to help organizations establish and mature their cyber threat management programs by bringing decade-long insights from applying CTI. His goals also include the embedding of CTI in the EU policymaking through his collaboration with EU institutions on CTI projects and assessments. Andreas’ Twitter handle is @asfakian and his website is www.threatintel.eu ! Feel free to reach out!

BsidesAth Speaker

Special Session 3

Rising to the Challenge: Cyber Security in Greece

by Konstantinos Papanagnou, @Twitter

Abstract: Join us in a cumulative talk around the Cyber Security Challenge Greece, analyzing how the idea was conceived, some of the challenges encountered, the challenge aftermath, and of course - some walkthroughs of the challenges and a Q&A on potential ideas for next year’s edition.

Bio: Konstantinos is a Senior Penetration Tester at NVISO Security and the Technical Director of the Cyber Security Challenge Greece.

BsidesAth Speaker

Talk #29

Talk 29 TBA

by Speaker 29, @Twitter

Abstract: Speaker 29 Abs

Bio: Speaker 29 Bio

BsidesAth Speaker

Talk #30

Leveraging Large Language Models for Advanced AI Applications: A Comprehensive Guide

by Satyanand Kale, @Twitter

Abstract: In the evolving AI domain, Large Language Models (LLMs) like OpenAI's GPT series, Google's BERT, and Microsoft's Turing NLG have transformed application development, enabling nuanced textual understanding and generation. These models, trained on extensive datasets comprising billions of words from a myriad of sources, excel in text generation, question answering, and language translation.
A case study exemplifies this transformation, showing how a trademark identification application utilizing LLMs boosted infringement detection by 80%, markedly reducing manual audits. This presentation also touches on the integration of development platforms like Hugging Face, Amazon Bedrock, and Amazon SageMaker, facilitating the creation of LLM-powered applications.
The impact of LLMs in AI development is significant, with industries witnessing a 50% increase in material recovery rates due to AI-enhanced disassembly processes. Furthermore, LLMs have proven their utility across various sectors, improving customer service efficiency by 40% and doubling the productivity in content creation.
Attendees of this presentation will gain insights into LLM functionalities, their application in real-world scenarios, and the future trajectory of AI technology, highlighting their role in driving sustainable and innovative solutions across multiple industries.

Bio: Satyanand Kale, a Senior Engineer at Amazon, specializes in software development for brand protection, using machine learning for IP and counterfeit detection. He has led projects integrating vector databases with Amazon OpenSearch and using AI like BLIP-2 for enhanced brand safety. His innovations have significantly improved counterfeit detection and IP process efficiency. With a Master's in Computer Science from Arizona State University, Satyanand excels in system design, fraud detection, and IP management, bolstering brand integrity.

BsidesAth Speaker

Talk #31

Breaking Barriers: A Deep Dive into Bypassing Next-Gen 2FA and MFA Security Measures

by Muhammad Shahmeer, @Shahmeer_Amir

Abstract: As cyberattacks become more sophisticated, companies are increasingly relying on two-factor authentication (2FA) and multi-factor authentication (MFA) to protect their assets. However, these security measures are not foolproof and can be bypassed by determined attackers. In this presentation, we will take a deep dive into the techniques used by attackers to bypass next-generation 2FA and MFA security measures.
We will begin by discussing the limitations of 2FA and MFA and why they can be vulnerable to attacks. Then we will demonstrate a variety of attacks used by attackers to bypass these security measures, including phishing attacks, man-in-the-middle attacks, and SIM swapping attacks. We will also explore more advanced techniques such as exploiting vulnerabilities in authentication protocols and exploiting weaknesses in mobile authentication applications.
Throughout the presentation, we will provide real-world examples of successful attacks that have bypassed 2FA and MFA, highlighting the impact of such attacks on businesses and organizations. We will also discuss the latest trends and developments in 2FA and MFA security and the steps organizations can take to improve their security posture.
By the end of the presentation, attendees will have a better understanding of the vulnerabilities in 2FA and MFA security measures and how attackers can exploit them.

Bio: Shahmeer Amir is a world-renowned Ethical Hacker and the 3rd most accomplished bug hunter who has helped over 400 Fortune companies, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. He has founded multiple entrepreneurial ventures in the field of Cyber Security, and currently leads three startups in four countries.
As the CEO of Younite, Shahmeer's premier company is working on next-generation audio-video communication technologies. He is also the CEO of Veiliux, Asia's first mainstream Cyber Security startup present in the Asia Pacific, UAE, and the UK. Authiun, another startup, is a complete passwordless authentication solution for the 21st century.

BsidesAth Speaker

Talk #32

Trust me, I got this: Dumping LSASS when Debug Privilege is disabled

by Bleon Proko, @gl4ssesbo1

Abstract: LSASS Dump has become one of the goals that most penetration testers want to achieve on a machine. And for a good reason. LSASS contains a lot of credentials, from NTLM Hashes, to Cached Hashes, to even certificates.
For an attacker to be able to create a memory dump of LSASS, they need to have Local Administrator Rights and SeDebugPrivilege, which allows for the dumps to be created. What happens when an organization has prevented Local Administrators from having SeDebugPrivilege privilege? Can an attacker do anything?
In this talk, we will be looking at how TrustedInstaller's process acl can lead to dumping LSASS, even with an identity that is not allowed to. We will be looking at ways to achieve TrustedInstaller access, as well as ways to dump LSASS.

Bio: An Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting.

BsidesAth Speaker

Talk #33

Talk 33 TBA

by Speaker 33, @Twitter

Abstract: Speaker 33 Abs

Bio: Speaker 33 Bio

BsidesAth Speaker

Talk #34

Talk 34 TBA

by Speaker 34, @Twitter

Abstract: Speaker 34 Abs

Bio: Speaker 34 Bio