Sponsored by Keepnet Labs

Security BSides Jeddah 2021 – Free Online Event

Security BSides Jeddah

Security BSides Jeddah

Security BSides Jeddah is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.
I will be part of the CISO Forum
To register :   Click Here
For more free events : Click Here
Attend with us the panel discussion to explore the “Future Challenges for CISOs” with the top cybersecurity executives sharing their perspective. We will be Live at 20:00 hours (GMT +3)

The event will be live-streamed on YouTube and the URL to attend the event will be posted on our Twitter and LinkedIn Accounts.

From Las Vegas (2009) to Jeddah (2021)

What they say about Security BSides:

Schedule

10:00 – 10:45

Reverse Engineering Binaries To the Max using GHIDRA

Ghidra is considered to be a game-changer tool since its release by the NSA as an open-source software reverse engineering framework in March 2019. It is a feature-rich, highly customizable, and scalable suite. In Cyber Security, it is extensively used by IR and Malware Analysis teams. We will demo how to properly configure and use the tool and explain some of the excelling advanced features that make the tool shine and stand out among other tools.

10:45 – 11:30

Abdulrahman M Al-Safah

Abdulrahman M Al-Safah

Ideas on Enhancing OT/ICS Cybersecurity Hiring Process

The topics briefly cover the hiring process within End Users, Vendors and Cybersecurity services companies and organizations. and how you can enhance this process with experities shortage in the market today.

11:30 – 12:15

Rian Saaty

Rian Saaty

Deep Dive into Kerberos & Its Attacks

The talk will start by briefly explaining Windows OS authentication mechanisms such as NTLMv1 NTLMv2 & some of its flaws. Next, it will dive into the Kerberos protocol, which is the most recent and mature authentication protocol used by Microsoft until today. Moreover, the talk will cover some of the most interesting attack vectors against Kerberos with real world examples.

12:15 – 12:45

Break

12:45 – 13:30

Mohammad H Abdulaal

Mohammad H Abdulaal

Hardware Development for Red Teaming Ops. – The Basics of Hardware Attacks – Rolling Code Circumvention.

This talk will give you an insight into the significant role of hardware in cybersecurity. The talk will start off by showcasing in-house developed apparatus mostly utilized in Red Teaming Operations. Such as, USB Rubber Duckies and cable implants. The presentation will also briefly cover the fundamentals of Hardware Penetration Testing. Towards the end of the talk, we will show you the ropes of bypassing rolling code systems for wireless attacks

13:30 – 14:15

Abudulrahman AlAmer

Abudulrahman AlAmer

Active Directory Security

This talk will give you an insight about ADAz security Attack and defense and it highlights most of the attacks and how to defend yourself from them.

14:15 – 15:00

The Art of Security Incident Handling

Security incident handling is one of the most important essential topics in the security field, incident handling is a culture, and it has a profound relationship with business continuity, and play a great role in laying down the plans for future investments, in this talk, we will introduce attendees to the incident handling and response, and we will discuss the 6 phases of incident handling and how they should affect your career path decision. Topics discussed:

  • Introduction to incidents handling.
  • The six phases of incident handling:
    • Preparation
    • Identification: Monitoring, Detection, Categorization, and Initial response
    • Containment.
    • Eradication.
    • Recovery.
    • Lesson learned (or follow-up).
  • Tools and disciplines.
  • Responsibilities.
  • Threat Intelligence and Threat Modeling.
  • Demo time.

15:00 – 16:30

speaker-9

Mohammed Alattas

Code Injection Techniques

In this topic, we will discuss several techniques of code injection and we will focus on answering two main questions:

  • The first one is how does it happen?
    • From a “red team” perspective, we will see the process of how attackers inject malicious code remotely, which could be executable, DLL, or even shellcode.
  • The second one is how can we detect it?
    • From a “Blue Team” perspective, we will see the challenges that the Blue Team is facing while detecting these kinds of attacks.

16:30 – 17:00

speaker-5

Hashem Al-Azizi

Cybersecurity Governance

An introduction to the cybersecurity governance concept, why it is important, and how it can be influenced by external and internal factors. We will also discuss the business drivers for the cybersecurity governance and how we can embed it inside the entities.

17:00 – 19:00

Youssef Sammouda

Youssef Sammouda

Bug Bounty Hunting Workshop: The easy and payable way to find security bugs in web applications.

In this workshop, we’ll have a brief introduction about the concept of bug bounty hunting and how it has changed the game in the last few years improving the overall security of applications. We’ll discuss in detail , with a live walkthrough, about finding rare vulnerabilities that are usually missed by researchers and also unknown or misunderstood by developers. We’ll showcase examples of these vulnerabilities found in the wild and specifically in applications developed and maintained by big tech companies like Facebook. We’ll give some tricks to simplify the process of finding them and some thoughts on how to eliminate these bugs in an early stage of a secure SDLC and if not, how to prevent some of them with new security solutions introduced by browsers.

19:00 – 19:30

speaker-11

Brian Contos

Cybersecurity & The Board: Choosing success over the Sarlacc Pit

I regularly have conversations with cybersecurity leaders and experts across a range of industries. Recently on my Cyber Security Effectiveness Podcast, I’ve spoken with the board members from several market-leading companies, in the public and private sectors, to understand their perspectives on cybersecurity.

These conversations demonstrate that board members are paying close attention to their organizations’ security programs — their approach and effectiveness and the impact on risk posture. Additionally, board members’ influence on the direction of a company’s security program has grown. As a result, IT leaders must report regularly that security technology, people, and processes are optimized to protect and defend the organization so that when a breach or attack does take place, it will have minimal impact on the brand and bottom line.

Attendee takeaways:

  • Understanding what boards really care about
  • Measuring and trending security effectiveness
  • Rationalizing – exposing gaps, retiring ineffective solutions, and prioritizing investments
  • Interpreting risk predicated on an intelligence-led approach to security
  • Communicating effectively

19:30 – 20:00

speaker-14

Samiyah Alanazi

Industrial Automation and Control System Culture

  1. IAC Systems Security Methodologies and Approaches
  2. Policies, Standards, Guidelines, and Procedures
  3. Types and Classes of Attack
  4. Important Technological Trends

20:00 – 20:45

Panel Discussion – “Future Challenges for CISOs”

Brian Contos, VP & CISO, Mandiant Advantage

Dr. Erdal Ozkaya

Dr. Erdal Ozkaya

Dr. Erdal Ozkaya, CISO, Comodo

Dr. Reem Al-Shammari, Global Thought Leader in Cyber Security & Technology, Energy Sector

Dr. Fatimah Alturkistani, Director, Cybersecurity Enablement, STC

Abdulrahman Al-Nimari, CISO

Aatif Khan, Risk Management Executive

20:45 – 22:45

speaker-10

Naif Ayub Hussain

Digital Forensics Workshop: Getting hands-on experience in Digital Forensics.

This workshop will provide a dive into Digital Forensics essentials, and the necessary knowledge to understand the Digital Forensics process. We will discuss data acquisition and validation methods and techniques, and then cover file systems and structures and how to identify various file types, volatile and non-volatile data, do a live disk and memory forensics demonstration using different tools, and more!

22:45

Closing Ceremony & CTF Winner Announcement

Capture The Flag

Prepare your arsenal for one of the most exciting CTF by Cyber Defenders.

BSides Jeddah is coming up this year with a CTF hosted by CyberDefenders. This will be a Jeopardy-style blue team flavored intermediate CTF with a few harder challenges, including network analysis, memory forensics, disk forensics, and OSINT.

Start Date – 11 AM GMT+3 (KSA Time) 27th October 2021

End Date – 11 AM GMT+3 (KSA Time) 28th October 2021

CTF Type – Public

انضموا إلينا في حلقة النقاش لاستكشاف “التحديات المستقبلية لمدراء أمن المعلومات” مع أفضل مسؤولين في الأمن السيبراني يشاركون آراءهم

تعقد الحلقة في الساعة 8:00 مساءً بتوقيت السعودية Comodo CyberDefenders

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *