Program Overview

Large language models are being rapidly integrated into production applications across all industries—from AI-powered customer service and development tools to security automation and business analytics. However, this widespread adoption introduces a fundamental vulnerability: Prompt Injection. Unlike traditional injection attacks, prompt injections exploit the core architecture of how LLMs process natural language, creating a threat that transcends typical security boundaries and affects every deployment scenario from chatbots to automated decision systems.

This technical session demonstrates real-world prompt injection techniques through pre-recorded demonstrations, examining the instruction-data boundary problem that makes LLMs inherently vulnerable. The session then provides practical defense-in-depth strategies with live code examples.

Whether securing customer-facing applications, internal tools, or security systems, attendees will learn with actionable techniques for building more resilient LLM deployments.

Fatih Erdogan: I have over nine years of experience in the cybersecurity, with a strong focus on defensive security and developing cutting-edge cybersecurity solutions. Throughout my career, I have played a key role in digital forensics, incident response, and threat research teams, consistently contributing to strengthening organizational security postures.

Currently, I work as Expert Cyber Security Engineer at Turkish Airlines Technology in Cyber Defense Department, specializing in detection engineering, AI security, and R&D.

Beyond my professional role, I am deeply interested in security research, particularly in AI security and detection engineering. As an active member of the cybersecurity community, I have also delivered talks at prominent cybersecurity conferences, including BSides Prishtina, The H@CK Summit, Hacktrick, and DevFest Istanbul.

Gokay Akin: Starting my career as a Cyber Security Analyst, I continued as Incident Response Analyst and SIEM Administrator. I diversified by consulting for large organizations and managing various projects. I built many enterprises’ Cyber Defence Center infrastructures from scratch and ensured the right transformations went live. Preparing and implementing SIEM replacements and Detection Engineering processes is the area I enjoy most. I am currently the Detection Engineering Team Lead at Turkish Airlines.

I take great pleasure in following rapidly evolving Cyber Security trends and producing proactive solutions for the coming years

Security Operations Centers (SOCs) are often assessed through maturity models, compliance frameworks, and performance metrics. However, real incidents frequently demonstrate that maturity does not always equate to resilience. This presentation focuses on how to practically assess whether a SOC can maintain effective detection, response, and coordination under real operational stress.

Based on field experience across financial institutions, industrial environments, and government SOCs, the session introduces a pragmatic approach to evaluating SOC resilience across people, processes, technologies, and critical dependencies. Rather than reviewing policies and tooling in isolation, the approach emphasizes observing behavior under pressure: decision-making, escalation quality, handovers, and coordination with incident response, IT, and business stakeholders.

Attendees will learn how to assess SOC resilience without waiting for a major breach, using targeted interviews, tabletop exercises, and stress-based scenarios such as concurrent incidents, degraded telemetry, or loss of key personnel. The presentation highlights common hidden failure points identified in real assessments and provides practical guidance on translating findings into prioritized resilience improvements. Participants will leave with a clear methodology and actionable checkpoints to evaluate and strengthen SOC and CSIRT resilience in their own environments.

Imane Bachane is the Founder and CEO of BLUESEC, a cybersecurity consulting firm specializing in SOC transformation, cyber governance, and intelligence-driven security operations across Africa and the Arab regions. Her work focuses on assessing and strengthening the operational effectiveness and resilience of SOCs and CSIRTs, particularly in regulated and resource-constrained environments.

Before founding BLUESEC, Imane led Cyber Threat Intelligence (CTI) activities within a major banking group, where she contributed to building an intelligence capability directly supporting detection, incident response, and security decision-making. Her experience bridges CTI, SOC maturity, and threat-informed defense, with a strong emphasis on converting frameworks and maturity models into practical, executable workflows for operational teams.

Imane works with financial institutions, industrial operators, and national organizations to assess SOC readiness, validate performance under stress scenarios, and improve coordination between SOC, incident response, and governance functions. Her assessments focus on identifying hidden operational dependencies and single points of failure revealed during real incidents.

She is certified SOC-CMM and SANS GSOM, and actively contributes to the regional cybersecurity community, advocating for resilient, maturity-driven, and operationally grounded SOC capabilities.

Jamaleddine Hadini is a cybersecurity practitioner specializing in incident response, digital forensics, and SOC modernization. With more than ten years of experience supporting critical organizations, he develops resilient defense capabilities grounded in threat-informed practices, automation, and defensible architectures. His expertise spans threat hunting, detection engineering, DFIR, and OT/industrial cybersecurity. Jamaleddine holds several certifications, including SANS GCFA, SANS GRID, and CHFI, reflecting his expertise across blue-team operations. A strong advocate for capacity building in Africa, he collaborates with industry partners to strengthen regional expertise and contribute to sustainable, sovereign cyber capabilities.

IntelMQ is a Free and Open Source tool chain to automate Threat Intelligence data handling.

IntelMQ automates the boring processes of incident handling to concentrate on the tasks that really need your attention. Learn how to ingest data from various sources such as Shadowserver, how to arrange your bespoke workflows, connect with other systems (such as MISP, databases, RDAP, Ticketing systems etc) and how to notify your constituency.

Sebastian Wagner, IntelMQ.org Project Sebastian Wagner is a Free Software enthusiast, full-stack software developer, and project manager currently working for a small software firm, and is active in NGOs for the common good. He co-maintains IntelMQ for 11 years and previously worked at CERT.at for six years.

Whether you are a Red Team or Blue Team specialist, learning the techniques and tricks of malware development gives you the most complete picture of advanced attacks. Also, due to the fact that most (classic) malwares are written under Windows, as a rule, this gives you tangible knowledge of developing under Windows. The course will teach you how to develop malware, including classic tricks and tricks of modern ransomware found in the wild. Everything is supported by real examples. The course is intended for Red Team specialists to learn in more detail the tricks of malware development (also persistence and AV bypass) and will also be useful to Blue Team specialists when conducting investigations and analyzing malware.

The course is divided into four logical sections:

Malware development tricks and techniques (classic injection tricks, DLL injection tricks, shellcode running) AV evasion tricks (Anti-VM, Anti-Sandbox, Anti-disassembling) Persistence techniques Cryptographic functions in malware development (exclusive) Malware Development for Android and Linux (bonus)

Most of the example in this course require a deep understanding of the Python, Kotlin and C/C++ programming languages.

Knowledge of assembly language basics is not required but will be an advantage

Zhassulan Zhussupov is a cybersecurity enthusiast, author, speaker, and mathematician. Author of popular books:

• MD MZ Malware Development Book (2022, 2024)
• MALWILD: Malware in the Wild Book (2023)
• Malware Development for Ethical Hackers Book (Packt, 2024)
• AIYA Mobile Malware Development Book (Github, 2025) Author and tech reviewer at Packt. Co founder of several cybersecurity research labs, author of many cybersecurity blogs, HVCK magazine, Malpedia contributor. Speaker at more than 20+ international conferences like BlackHat, Security BSides, Arab Security Conference, Hack.lu, Standoff, etc

In today's cyber threat landscape, effective coordination among incident response teams is crucial. This session will provide participants with a high-level overview of open-source tools that facilitate coordination, data sharing, and threat intelligence. The session will cover key tools like MISP and TheHive, and also highlight lesser-known gems that help you maintain an overview of your constituency.

We will focus on coordination tools and also scrape the topic of analysis and forensics.

Sebastian Wagner, IntelMQ.org Project Sebastian Wagner is a Free Software enthusiast, full-stack software developer, and project manager currently working for a small software firm, and is active in NGOs for the common good. He co-maintains IntelMQ for 11 years and previously worked at CERT.at for six years.

From contextualized threat scenarios to aid in hypotheses generation to post-hunt activities, threat modelling often results in outputs which are useful as part of structured threat hunting. However, there does not exist a significant amount of literature that connect threat modelling and threat hunting, much less operationalize them together to a threat hunting scenario.

In this workshop, we will teach the basics of technique-based threat modelling with the MITRE ATT&CK framework and perform mitigations with MITRE D3FEND. We will then generate hypotheses for structured threat hunting, and apply it to a simulated threat hunt in a Windows lab environment. We also posit how threat modelling functions and threat hunting functions can complement each other in an iterative chain to provide teams the ability to continuously validate the organisation's security posture.

Donavan Cheah leads cybersecurity within Thales Digital Factory in Singapore. He has led multiple threat modeling, risk assessment and offensive security engagements for a wide variety of customers. He has presented his threat modeling talks and conferences at international conferences such as DefCamp (Romania), SECCON (Japan), VULNCON (India) and SINCON (Singapore), as well as cybersecurity camps such as the Global Cybersecurity Camp 2025 (Taiwan). He also co-leads the Threat Modeling Connect chapter in Singapore, which is a threat modeling community with global presence in the EU, the Americas and Asia. Today, Donavan's interests lie in integrating threat modeling into other cybersecurity activities such as threat hunting, SecOps, as well as looking into AI-related cyber threats.

Mukhtar Serikbayev is an Application Security Architect and DevSecOps Consultant with a strong background in secure software development, architecture assurance, and offensive security. He has led major AppSec transformation initiatives for financial services and government organizations, integrating security into SDLC processes, CI/CD pipelines, and cloud-native architectures. Mukhtar is an Offensive Security Web Expert, he brings hands-on experience in web and mobile testing, secure code review, microservices/API hardening, and threat modeling aligned to attacker behavior. Today, he’s exploring how AI-driven automation and autonomous security agents can improve threat hunting, code assurance, and secure engineering at scale. He is passionate about enabling teams to build secure-by-design, resilient products.

Yoon Yik is a Security Researcher at the Privacy and Security Laboratory at Nanyang Technological University. He has a background in Digital Forensics and Incident Response, Cyber Threat Intelligence and Malware Analysis. He is also co-chapter lead of Threat Modeling Connect Singapore Chapter. Presently, he is passionate about cybersecurity community building and is a "Crew" at Division Zero Singapore cybersecurity community leading initiatives like HackSmith, a 24H cybersecurity tool-making hackathon.

Effective incident response depends not only on detection and mitigation but on the ability to coordinate quickly, collaborate across organizations, and communicate with clarity. This session introduces a practical framework, the “3C’s” developed from direct experience with CSIRTs and national-level response teams across multiple regions. Using real-world cases involving phishing, brand abuse, and infrastructure-level threats, the presentation will highlight how misalignment across internal teams, delayed external coordination, and unclear messaging can cause preventable escalation. It will offer concrete strategies to improve readiness: establishing trusted channels, aligning roles before incidents, and streamlining decision-making under pressure.

Designed for CSIRTs, infrastructure operators, and incident coordinators, the session focuses on improving the human and procedural layers of response, especially in environments where cross-border cooperation is essential.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision “Build Locally, Scale Globally”, and he believes in empowering the Arab World to be recognized as a leader in technology research and development.

Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape.

Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today’s digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally.

CTM360’s technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

Phishing and brand-abuse incidents often stall for basic reasons: unclear ownership, slow outreach to the right provider, and unclear messages. This session shares what worked in real cases—using anonymized examples from Central Asia—and how any team can apply the same steps anywhere.

We focus on simple, repeatable practices: set clear roles, contact the correct external partners quickly, and use short, plain messages aligned with TLP. Attendees leave with practical actions that speed takedowns and reduce repeat incidents—no products, no hype.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision “Build Locally, Scale Globally”, and he believes in empowering the Arab World to be recognized as a leader in technology research and development.

Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape.

Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today’s digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally.

CTM360’s technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.