Program Overview

Large language models are being rapidly integrated into production applications across all industries—from AI-powered customer service and development tools to security automation and business analytics. However, this widespread adoption introduces a fundamental vulnerability: Prompt Injection. Unlike traditional injection attacks, prompt injections exploit the core architecture of how LLMs process natural language, creating a threat that transcends typical security boundaries and affects every deployment scenario from chatbots to automated decision systems.

This technical session demonstrates real-world prompt injection techniques through pre-recorded demonstrations, examining the instruction-data boundary problem that makes LLMs inherently vulnerable. The session then provides practical defense-in-depth strategies with live code examples.

Whether securing customer-facing applications, internal tools, or security systems, attendees will learn with actionable techniques for building more resilient LLM deployments.

Fatih Erdogan: I have over nine years of experience in the cybersecurity, with a strong focus on defensive security and developing cutting-edge cybersecurity solutions. Throughout my career, I have played a key role in digital forensics, incident response, and threat research teams, consistently contributing to strengthening organizational security postures.

Currently, I work as Expert Cyber Security Engineer at Turkish Airlines Technology in Cyber Defense Department, specializing in detection engineering, AI security, and R&D.

Beyond my professional role, I am deeply interested in security research, particularly in AI security and detection engineering. As an active member of the cybersecurity community, I have also delivered talks at prominent cybersecurity conferences, including BSides Prishtina, The H@CK Summit, Hacktrick, and DevFest Istanbul.

Gokay Akin bio coming soon.

Kazakhstan has spent the last five years building its own national bug bounty ecosystem, connecting ethical hackers with critical infrastructure, banks, telecoms and state agencies. In this talk, we share what it took to design and scale a platform that works reliably at a national level: from architecture and triage workflows to researcher onboarding, trust, and policy.

Bekarys Kabi is the product lead behind Tumar.One, Kazakhstan’s national bug bounty platform. With a background in product management and cybersecurity operations, he has spent the last several years designing triage workflows, scaling researcher communities, and leading the transition of Tumar.One to an open-source, self-hosted model. Bekarys works closely with banks, telecoms, ministries and global open-source projects to help them run structured vulnerability disclosure programs. His focus is on creating practical, transparent and scalable security tools for emerging markets, while building a long-term ecosystem around ethical hacking and coordinated vulnerability disclosure.

Olzhas Satiyev is a cybersecurity leader and one of the pioneers of vulnerability disclosure and offensive security development in Central Asia. He has more than 10 years of experience building security programs for banks, telecom operators and government agencies. As a founder of TSARKA and the KazHackStan conference, he helped shape the regional cybersecurity ecosystem and launched multiple national-scale initiatives. Olzhas focuses on applied security research, red teaming, and building platforms that connect researchers with organizations. His work drives collaboration between ethical hackers and critical infrastructure across Kazakhstan and beyond.

Whether you are a Red Team or Blue Team specialist, learning the techniques and tricks of malware development gives you the most complete picture of advanced attacks. Also, due to the fact that most (classic) malwares are written under Windows, as a rule, this gives you tangible knowledge of developing under Windows. The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples. The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.

The course is divided into four logical sections:

Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running) AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling) Persistence techniques Cryptographic functions in malware development (exclusive) Malware Development for Android and Linux (bonus)

Most of the example in this course require a deep understanding of the Python, Kotlin and C/C++ programming languages.

Knowledge of assembly language basics is not required but will be an advantage

Zhassulan Zhussupov is a cybersecurity enthusiast, author, speaker, and mathematician. Author of popular books:

• MD MZ Malware Development Book (2022, 2024)
• MALWILD: Malware in the Wild Book (2023)
• Malware Development for Ethical Hackers Book (Packt, 2024)
• AIYA Mobile Malware Development Book (Github, 2025) Author and tech reviewer at Packt. Co founder of several cybersecurity research labs, author of many cybersecurity blogs, HVCK magazine, Malpedia contributor. Speaker at more than 20+ international conferences like BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc

This session delivers a practical, case-driven overview of the Incident Response (IR) lifecycle, covering detection, containment, and recovery. Participants will learn how to apply recognized frameworks such as NIST SP 800-61, the SANS 6-Step Model, ISO/IEC 27035, and Lockheed Martin Cyber Kill Chain, and also know about a real-world case study. The session also demonstrates the use of open-source forensic tools, including Autopsy and FTK Imager, for evidence collection and analysis. Attendees will leave with actionable insights to strengthen their organization’s response capability and post-incident readiness.

I am Md. Redowan Zaman Anik, currently working as an Incident Handler at the National CIRT, where I focus on national-level incident handling, Cyber Threat Intelligence (CTI), and Security Operations (SOC). With over 11 years of experience in the field of cybersecurity, I have been actively involved in handling national-level cyber incidents and contributing to the country’s digital defense. My journey encompasses both academic and professional achievements, including the publication of two research papers in the field of cybersecurity.

Throughout my career, I have been passionate about sharing knowledge and building capacity. I have delivered cybersecurity training programs at several prestigious institutions, including the National Academy for Planning and Development (NAPD), BKIICT, and the Bangladesh Computer Council (BCC). I have also conducted specialized training for National Security Intelligence (NSI), Criminal Investigation Department (CID), and other law enforcement agencies. Additionally, I have led programs on SOC Analysis, Email Security, CA Certificate systems, and Juniper technologies, aiming to strengthen cybersecurity awareness and operational excellence across government and critical sectors.

From contextualized threat scenarios to aid in hypotheses generation to post-hunt activities, threat modelling often results in outputs which are useful as part of structured threat hunting. However, there does not exist a significant amount of literature that connect threat modelling and threat hunting, much less operationalize them together to a threat hunting scenario.

In this workshop, we will teach the basics of technique-based threat modelling with the MITRE ATT&CK framework and perform mitigations with MITRE D3FEND. We will then generate hypotheses for structured threat hunting, and apply it to a simulated threat hunt in a Windows lab environment. We also posit how threat modelling functions and threat hunting functions can complement each other in an iterative chain to provide teams the ability to continuously validate the organisation's security posture.

Donavan Cheah leads cybersecurity within Thales Digital Factory in Singapore. He has led multiple threat modeling, risk assessment and offensive security engagements for a wide variety of customers. He has presented his threat modeling talks and conferences at international conferences such as DefCamp (Romania), SECCON (Japan), VULNCON (India) and SINCON (Singapore), as well as cybersecurity camps such as the Global Cybersecurity Camp 2025 (Taiwan). He also co-leads the Threat Modeling Connect chapter in Singapore, which is a threat modeling community with global presence in the EU, the Americas and Asia. Today, Donavan's interests lie in integrating threat modeling into other cybersecurity activities such as threat hunting, SecOps, as well as looking into AI-related cyber threats.

Mukhtar Serikbayev is an Application Security Architect and DevSecOps Consultant with a strong background in secure software development, architecture assurance, and offensive security. He has led major AppSec transformation initiatives for financial services and government organizations, integrating security into SDLC processes, CI/CD pipelines, and cloud-native architectures. Mukhtar is an Offensive Security Web Expert, he brings hands-on experience in web and mobile testing, secure code review, microservices/API hardening, and threat modeling aligned to attacker behavior. Today, he’s exploring how AI-driven automation and autonomous security agents can improve threat hunting, code assurance, and secure engineering at scale. He is passionate about enabling teams to build secure-by-design, resilient products.

Yoon Yik is a Security Researcher at the Privacy and Security Laboratory at Nanyang Technological University. He has a background in Digital Forensics and Incident Response, Cyber Threat Intelligence and Malware Analysis. He is also co-chapter lead of Threat Modeling Connect Singapore Chapter. Presently, he is passionate about cybersecurity community building and is a "Crew" at Division Zero Singapore cybersecurity community leading initiatives like HackSmith, a 24H cybersecurity tool-making hackathon.

Cyber threat intelligence (CTI) from the outside feels like an alphabet soup of jargon and a montage of faceless hackers in hoodies. But behind the acronyms and headlines are real people, real motives, and real risks. This session will cut through the noise and simply explain what CTI actually means, why it matters, and how it impacts everyone every day. We’ll explore who the baddies are, from cybercriminals chasing quick cash to nation-state actors with long-term agendas, and unpack their tactics in plain English. Along the way, We’ll work the technical buzzwords into accessible terms and translate arcana into concepts you can (and might actually want to) explain to a colleague. Whether you’re curious about hackers, confused by cybersecurity lingo, or just want to know why these threats keep making the news, this talk offers a clear, approachable foundation. You will walk away with a sharper grasp of cyber threats, the people behind them, and the vocabulary to talk about it all confidently.

An international lecturer from Mexico to Mongolia, April Lenhard is a cyber threat intelligence professional with a decade of experience working in both cybersecurity and national security policy. As a principal product manager of cyber threat intelligence at Qualys, she focuses on creating CTI strategy and building new products. April is also a faculty member at Georgetown University, where she created a graduate-level course on Cyber Threat Intelligence in National Security. She is currently a 2025 NextGen National Security Fellow at the Center for New American Security, and a Penn Kemble Fellow at the National Endowment for Democracy.

One thing that distinguishes most nation state actors (APTs) from cybercriminals is that they have ample time and resources that allows them to stay under the radar. For example, the domain aging techniques they use across a variety of hosting providers at purposefully discordant timeframes. In this presentation, I will use practical examples from a number of currently active APT groups to show how they keep their infrastructure under the radar and yet how we were still able to track them.

Martijn Grooten has been working in cyber security since 2007. He spent many years at Virus Bulletin, where he ran the annual threat intelligence conference. He has spoken at many conferences, including Black Hat and RSA. He has done work on security for high-risk groups and people and is currently working as a senior threat intelligence analyst for Silent Push, where he focuses on tracking APTs.