Day 1 – 15th of December 2017:

Cybercrime – A Middle-East and North Africa (MENA) regional perspective

By CHERIF DJERBOUA (AMEA Regional Technical Leader, Trend Micro).
Palo Alto Networks

This session will explore the cybercriminal ecosystem in this region and beyond and the threat landscape that may target MENA organizations big and small, either in the private or public sector.

Cybersecurity – an enabler to help organizations with digital transformation.

By ISLAM EL-SHAFIE (Regional Security & Compliance consultant, Microsoft)

The Digital transformation that is underway in most organizations will change the nature of their security tactics, organizations will have to shift their approaches and adopt modern & intelligent protection, detection & response components that can cater to the rapidly growing threat landscape.

Diffusing A Bomb With Reverse Engineering
– Workshop

By FADY OTHMAN (Information Security Consultant at ZINAD IT)

A while ago I stumbled upon an online reverse engineering challenge, I downloaded the challenge and from the beginning it caught my attention. I started reversing and I realized that it was a well designed challenge that is perfect to teach reverse engineering. after solving the challenge I was disappointed when I looked online to see how other people solved it because it was solved in a way that teaches them too little.
In this workshop I will “diffuse” the “bomb” using multiple methods and multiple tools (hopefully IDA, GDB, EDB, Radare2) to make the most of it and trying to teach something new on the way.

Kiwis approach to GRA

By AHMED ELASHMAWY (Senior consultant at Axenic Ltd)

Governance, Risk, and compliance (GRC), are commonly seen as a tick box exercise for organizations and techies in security.

However, Kiwis have nailed their Governance, Risk and Assurance (GRA) model within government agencies, as well as, a lot of private sector organizations. Over the past few months, I have come across a number of US, European and Australian professionals who expressed how impressed they were with New Zealand GRA approach.
In this session, I will share with the audience how various aspects of information security all hang together in New Zealand.

Defending Application by putting them under the Proactive SOC spotlight.
– Workshop

By MOHAMED ALFATEH (Sr. Consultant in ZISS team (ZINAD Information Security Services))

Most companies are trying to shift their Security Operations Center (SOC) from a reactive to a proactive posture. Putting the application layer under a proactive monitoring and analysis is a critical activity to anticipates and pre-empts incidents to prevent their occurrence. In this talk we will discuss different techniques to proactively anticipate web threats and act upon anticipation proactively rather than passively. During the session, we will show how you could use OWASP AppSensor to feed data into SOC and to respond to analysis results. The session will introduce number of corresponding SIEM use cases that could be implemented in deferent SIEM technologies.

From IT to TI: Practically applying Threat Intelligence in your IT environment.

By BAHAA OTHMAN (IT Security Manager, the Egyptian Exchange)

In this talk, we will try to answer some of the questions that a lot of users asks about threat intelligence, why it will be the next big thing in Security industry?How to apply the concept practically in the organization? What are the skills needed for Threat Hunting? What are the market capabilities? What do these keywords mean and how it applies to IT (IOC, TTP, YARA, STIX). We will also cover Threat Models: CKC, ATT&CK, STRID and how to Use CTI for SOC Use case design.

Lock Picking Intro Session.

By AHMED ELASHMAWY (Senior consultant at Axenic Ltd)

This is an introductory session on Lockpicking that will allow CSCAMP2017|8th year attendees new to that activity understand how locks work, types of locks, Tools and the importance of understanding lock picking.

Day1 Lock Picking Village.

By AHMED ELASHMAWY (Senior consultant at Axenic Ltd)

Physical security is essential for maintaining systems security. If you gain physical access to servers, network equipment or racks hosting appliances, then all other security controls can be rendered useless. Red teams around the world test physical security alongside with digital security. For the first time in Egypt, CSCAMP 2017 introduces lock picking practices for security professionals. Join us in the Hacking Village and enjoy the interesting and challenging lock sport. We will provide you with a set of basic tools, a couple of transparent training locks and a variety of padlocks, cylinder locks, and knob locks to play with.

Day 1 : Ask The Experts.

By AHMED NABIL (IT Manager | Security, Networking, System Engineering)

Grab this chance and get the opportunity to have a one to one discussion with a Security expert in a specific cyber security field. Prepare all your top of mind questions and share your experience to better improve our community. Each user will have maximum of 10 minutes with one of the experts on different tables. Discussions are served based on First In First Out.
Experts will cover variable topics between :
Cyber Security Career Advice, Malware Analysis, Capture the Flag Competitions, Digital Forensics, Working in International Companies, Security Management, Pen Testing, Secure Coding, Others.

Panel Discussion: What’s new with OWASP Top 10.
| Workshop


OWASP released a major update to the OWASP top 10 project. In this session we will look at what is new in the 2017 version. We will discuss the major changes to the top 10 list and whether or not such changes brings better value to application security.

Understanding the threat landscape targeting the enterprise.

By ADHAM MOHAMAD (Cyber Security Architect, CyShield)

We all want to provide a secure environment for our business. We also know that implementing security solutions and having scheduled security checks can increase the cyber armor of the company, yet all of this can be circumvented with a tiny misconfiguration, lack of a policy or a zero day. It`s all about understanding the risk in order to choose the proper mitigation and alarming technique.
In this talk we will get a quick grasp at the recent attacks targeting major organizations and talk about some recent attack methods and how the current security mechanisms fall behind in an attempt to understand why the traditional security mechanisms tend to fail.

Day1 Closing Note: A Closer Look into Lawful Interception Platforms and Cyber Espionage in the Middle East.

By DR. AHMED SHOSHA (Senior Threat Researcher at FireEye)

Many have heard about Hacking Team and Gamma, the infamous spyware sellers to governments, those companies are only the tip of a black iceberg. In this session, we will shed the light on the players in the Lawful Interception market in the Middle East and their malware products.
In addition, we will discuss the threat intel research to identify, detect and track the abusive usage of those spyware platforms in cyber espionage campaigns.

Gala Dinner & Entertainment Night.

We are delighted to invite all attendees, speakers and sponsors to CSCAMP2017 | 8th year Gala Dinner . Don’t miss this fantastic evening full of entertainment, amazing food and a friendly atmosphere.
Spaces are limited to this awesome annual event, so don’t delay.
Professional and Corporate tickets will be able to access the Gala Dinner For free. Academic tickets will need to add an extra 100 EGP.