Day 1 – 14th of December 2018:
CSCAMP2018 | 9th year Opening
By Moataz Salah (Bluekaizen founder).
Cairo Security Camp is an annual event targeting the Information Security Community of the Middle East and North Africa (MENA Region). IT Professionals and security practitioners from throughout the region are invited to attend. The Conference purpose is to gather, in one place, everyone interested in helping to improve and enrich the Information Security field in the MENA region. Our Goal is to raise the level of information security field in the MENA region, hoping that one day we live up to international standards.
Day 1 CyVentures Hackathon.
By CyVentures
Agenda 1- Idea Generation Workshop 2- New Trends in Cybersecurity 3- Hackathon Activities.
Revealing Clickjacking Secrets – Workshop
By Ahmed Anas (Security Researcher)
the attack the victims may be trapped to perform unintended actions on social media applications, initiate critical transactions or even it would be extended to reveal confidential information. In this session I am presenting a new technique that protects from Clickjacking attacks enforcing user awareness regarding the sensitive user interface elements actions he is willing to perform.
Reviewing Teleco Security Consideration & Risks Evaluation – A Starter Kit
By Ahmed Atef Selim (Sr. Information Security Consultant)
Most of security in Telecommunication talks may have targeted a deep teleco technical audience, This session is targeting security professional that working in the teleco field, where a foundation to telecommunication security concepts and existing risk due to IP shifting done lately (3G/4G/5G) will be introduce, moving forward with the session will introduce risk assessment challenges due to the nature of Teleco, Calculating the risk (Identifying Risk Factors & it’s Parameter) is not same as IT infrastructure, For example Asset value can’t be depending only on the data type, other factor take places (Interconnection, Revenue …etc) since most attacks come from the signaling protocol which doesn’t contain Data (Voice Calls) by it’s nature, ending by sharing suggested ideas to properly assess the risks.
This session is designed to enable the security professional into the teleco security field, sharing knowledge gained through the last 5 years entering the teleco security field so that new comers can start faster and increase the learning curve.
Day 1 : Ask The Experts. – at Hacking Village
By Ahmed Nabil (IT Manager | Security, Networking, System Engineering)
specific cyber security field. Prepare all your top of mind questions and share your experience to better improve our community. Each user will have maximum of 10 minutes with one of the experts on different tables. Discussions are served based on First In First Out.
P.S: Prepare your questions, you have only 10 minutes per expert and try not put vague questions. so, that the expert can help as much as they can.
Experts will cover variable topics between :
1. Cyber Security Career Advice
2. Malware Analysis
3. Capture the Flag Competitions
4. Digital Forensics
5. Working in International Companies
6. Security Management
7. Pen Testing
8. Secure Coding
9. Others
The challenge of Building effective SOC with limited resources.
By Mohamed Sadat (Information Security Section Head at THE EGYPTIAN CREDIT BUREAU)
Some organizations have formal security operations centers(SOCs). where teams of dedicated analysts carefully monitor for threats around the clock, every day of the year.Unfortunately, most organizations cannot afford a 24×7 SOC.The cost of having well-trained analysts onsite at all times outweighs the benefit for almost every organization. Instead, most organizations either make do with an informal SOC comprised of a small number of analysts who have many other duties to perform or have no SOC at all and rely on borrowing people from other roles when needed.Security events are not consistently monitored around the clock. This leads to major delays in responding to many incidents, while other incidents go completely unnoticed. It’s a dangerous situation that results in damaging cyber incidents.For organizations caught between the prohibitive cost of a formal SOC and the wholly inadequate protection from an informal SOC, there is a solution: building a SOC that automates as much of the SOC work as possible.
Hardening Corporate Printer. Workshop
By Amr Ragheb (Assistant Manager, Deloitte Egypt)
In this talk, Amr be illustrating most of the attack vectors applicable for network printers and how can an attacker compromise the security of a corporate through its printers.
The purpose of this talk is to learn how to defend your corporate by knowing the root causes of each threat and how to eliminate this threat factor.
Crashing The Continent : Introduction to exploitation. Workshop
By Hady Azzam (Computer Science student)
Binary exploitation bugs reside on the top of the vulnerabilities stack due to their severe impacts , such bugs could lead to memory leaks , remote code execution , and DoS attacks , it could be the worst nightmare for a company due to the impact on either the confidentiality , integrity , or the availability, for that reason we are going review a study case , and take a look at such vulnerabilities from the implementation side.
Demystifying people’s role in cyber security.
By Mahmoud Tawfik (senior cyber security advisor and technology entrepreneur.)
In the era of digital transformation, people’s role needs to be redefined as the most critical role in protecting the digital environments, this role needs to be demystified to effectively mitigate present and future cyber security risks.
Day 1 Closing Note: Amateur Persistence Attack (APT) in the Middle East.
By Dr. Ahmed Shosha (Security Researcher, Microsoft.)
When the term APT surfaced the news, we assume hearing about complex cyber tactics and techniques and advanced malware capability. This is not always the case. This Talk will discuss few campaigns of inexperienced APT attacks surfaced the social media and targeted the Middle East. The talk will go through how those campaigns started, what was the attack vector and how they targeted their victims.
Gala Dinner & Entertainment Night.
We are delighted to invite all attendees, speakers and sponsors to CSCAMP2018 | 9th year Gala Dinner . Don’t miss this fantastic evening full of entertainment, amazing food and a friendly atmosphere.
Spaces are limited to this awesome annual event, so don’t delay
Professional and Corporate tickets will be able to access the Gala Dinner For free. Academic tickets will need to add an extra 100 EGP.
Day 2 – 16th of December 2018:
Panel Discussion: Egypt’s New Cybercrime Law Challenges.
By Dr. Marianne Amir Azer (A member of the Egyptian Parliament and Associate Professor at Nile University),
Adel Abdel Moneim (Cybersecurity Expert, ITU-ARCC),
Dr. Mohamed Hegazy (Director of Intellectual Property Rights Office in ITIDA and the Head of regulation and laws committee in MCIT),
Mohamed Alfateh (Sr. Consultant at ZINAD IT).
The new Egypt E-crime law is facing many challenges. Many terms of the law have been discussed in the media and in some seminars and conferences since the issuance of the initial version of the law until it is finally approved. But some details of the terms of the law still need to be clarified and some are pending approval from the executive regulations in order to set specific regulations to be applied.
In this panel discussion, we will host members of the executive committee of the law to talk about some technical details of the terms of the law and explain how the enforcement of the law will affect the investment environment in Egypt. Also some concerns will be clarified associated with personal privacy and free exchange of information on the Internet.
Women in Cybersecurity CTF. at Hacking Village
By CYBERTALENTS
hosted by Cairo Security Camp on Saturday, 15th of December.
What’s CTF:
Capture the flag competition (CTF) is a cybersecurity competition where participants demonstrate their technical ability in the cybersecurity field.Every team will have a list of challenges in different cybersecurity categories like Malware Reverse Engineering, Web Security, Digital Forensics, Network Security and others. For every challenge solved, the team will get a certain amount of points depending on the difficulty of the challenge. The team who will get the highest score at the end of the day will be the winning team.
Prizes:
Winning team will receive tickets to attend HITB conference in Amsterdam next May, one of the most prestigious cyber security conferences globally, flights, accommodation and conference tickets are covered for the the first winning team.
Competition Rules:
1.Any attack against the site or the hosted servers that are out of the scope will be banned immediately from participating in the CTF.
2.Running Automation tools are not allowed and won’t help you complete the challenge.
3.Sharing flags between different teams is prohibited.
4.Brute Force attacks on the challenges submission portal or challenges links are not allowed.
5.The organizers have the permission to disqualify a team for any unethical behavior or any trial to interrupt the CTF.
Why Cybersecurity Competition Now?
Cyber Security job market suffers a severe workforce shortage. In 2016, the number of cybersecurity jobs opening worldwide is 2 million jobs with a shortage of 1 million jobs.
By 2019, the number of the job opening is expected to increase to reach 6 million jobs opening. Also, Cyber Security market, in general, is expected to reach 10 % year of year growth in the next 5 years to make the total cyber security market more than 200 billion dollars in 2021. Thus, all entities including governments, private companies, service providers need to take quick actions to close that gap to bring more cybersecurity talents to the cybersecurity game.
About CyberTalents:
CyberTalents is a platform that ranks cybersecurity talents according to their real hands-on skills in different cybersecurity categories by running CTF Competitions in order to get hired by recruiters.
www.cybertalents.com
[email protected]
Day 2 : CyVentures Hackathon. at Hacking Village
By CyVentures
Day 2 CyVentures Hackathon Activities.
Are you really ready for Digital Transformation?
By Hazem Gamal (Senior Sales Engineer)
Are you really ready for Digital Transformation? While the business benefits are clear, technology adoption, the escalating threat landscape and compliance to any number of standards and legal requirements are all challenges to any DX efforts. If your organization is moving into the Digital future, you need to make sure that your security infrastructure isn’t stuck in the past. This session will provide the insight towards a comprehensive and adaptive security architecture that can support your organization’s changing objectives and more importantly, evolve as the cyber threat challenge evolves as well.
Automated pentesting in a domain controlled environment.
By Adham Mohamad (Cyber Security Architect, CyShield)
When doing large scale assessments or in red teaming engagements with no clear scope it`s essential to add a layer of automation to extract the blueprints of a network and identify the nearest path to the hidden treasures. In this talk we will have a glimpse on how automation of some attacks and use of active directory management features can unravel the mysteries of the network.
Day 2 : Ask the Experts. at Hacking Village
By Ahmed Nabil (IT Manager | Security, Networking, System Engineering)
Grab this chance and get the opportunity to have a one to one discussion with a Security expert in a specific cyber security field. Prepare all your top of mind questions and share your experience to better improve our community. Each user will have maximum of 10 minutes with one of the experts on different tables. Discussions are served based on First In First Out.
P.S: Prepare your questions, you have only 10 minutes per expert and try not put vague questions. so, that the expert can help as much as they can.
Experts will cover variable topics between :
1. Cyber Security Career Advice
2. Malware Analysis
3. Capture the Flag Competitions
4. Digital Forensics
5. Working in International Companies
6. Security Management
7. Pen Testing
8. Secure Coding
9. Others
Focus Group: Security Management Problems.
By Ahmed Saafan (the director of development and information security at zlabs)
The information security management focus group is a simple way to run a productive meeting among security professionals to discuss and get conclusions on complex high level security problems problems that most of us face in an fast shifting industry. The idea is to share the collective wisdom and experience of the audience whom has a vast and diverse backgrounds, to solve the most prevalent painful problems of the focus group. We learn from the best and share with the best. It a powerful way to get ahead of problems by taking experience from people who have similar problems and a good way to share your knowledge and enrich the local community. We come with passions and ideas that we want to share with each other or complex problems that we want to know what others are doing about. We connect with each other and create a community around topics that we’re passionate about.
The group begins with nothing more than a roomful of great people and some paper and pens. And the magic begins! We create an agenda of topics or problems that are relevant to most of the audience. It’s simple: write the name of your idea on a piece of paper, announce it to your friends, and put it on the agenda. After grooming and grouping, we end up with a full agenda of interesting topics and problems to discuss. We convene our sessions, sharing and creating new knowledge, and connecting with each other. We make new connections and invent new ideas.
Bring on your passion, ideas and problems!
Calling the True Callers.
By Mustafa Saad (Cyber Security Researcher)
Today, we know that everybody uses Caller-Id App with our advanced smart phones and people don’t think twice about contacting anybody because of that. The main function of these Apps is to display the caller’s name of almost all incoming calls, although these caller numbers are not stored in your contacts, and we usually don’t make an effort to look it up. We either take the call, or we don’t.
In addition of displaying caller’s name, most of Caller-Id Apps are a solution to avoid unsolicited telemarketing, phone spam, robocalls, and various scam calls. Some of these apps even allow you to see how other people named you in their contacts.
So what’s the problem?
The personal usage of such apps puts the user’s privacy at risk because they allow the App to access very sensitive data stored in that phone. Throughout my speech, I will explain and discuss practically, how Caller Id apps work, and I will demonstrate my proof of privacy leakage concept using one of the popular Caller-Id App in Egypt as an example.
On the other hand, I will show that the companies behind these apps don’t take any responsibility nor do they demonstrate actual transparency in their practices. Many of these Caller-Id backend servers are completely insecure and I have no difficulties in breaking into them.
I investigated about 10 different Caller-Id backend servers and the results were catastrophic. I was able to access more than 76 gigabytes of sensitive records which stored in these servers. These huge records contained all sorts of user’s sensitive data which you will not believe it’s stored there.
The Evolving Threat Landscape.
By Ibrahim Youssef (Technical Leader – KSA, North Africa and Levant)
Cybercriminals had been boosting low-profile threats and costly security risks seemed to be emerging from aspects of computing that had been often neglected. We will look over the most remarkable security stories in 2018 and outline the strategies involved in protecting enterprises against these new and less visible threats.
Security Assurance As business Enabler.
By Dr Emadeldin Khalil (Cyber Risk Resilience & Business Continuity Exec. Director in NTRA)
Nowadays cost is a deciding factor for IT purchase decisions, companies will try to implement the minimum and, in some cases, also sacrifice usability and by extension, business productivity.
The internet brings huge business opportunities and benefits, but it also brings risks. Every day there are cyber attacks on different companies, attempting to steal information and money, or disrupt business. It is increasingly important to manage these risks to take advantage of the internet whilst protecting your business.
Egyptian market in need for the security assurance as the common criteria where the customer the developer and testing laboratory are met.
In the old days the design for testability was essential solution for electronic world, but today design for security is the key …. Why, How, by Whom….. Those questions will be answered by this talk showing what is motivating us? And what is the benefits? We get through using common criteria in the Egyptian market for the financial inclusion and as new domain of technology to our fresh graduate ICT engineers
KIPS: Kaspersky Interactive Protection Simulation.
By Ahmad Ashraf (Senior Security Consultant, Kaspersky Lab Middle East)
Kaspersky Interactive Protection Simulation – is a team roleplay game that simulates a business environment where participants are tasked with handling a series of unexpected cyber-threats, while trying to maximize profits and maintain market confidence.
The idea is to build a cyberdefense strategy by making choices from among the best pro-active and re-active controls available. The Exercise will last for an average of 2 hrs.a cyberdefense strategy by making choices from among the best pro-active and re-active controls available.
Discussion Panel: How to win your cybersecurity dream job?
By Hisham Moawad (IT & Telecom Security Engineering Manager)
By Mohamed Samir Wali (Sr. Manager, Technology Security Operations –Technology Information Security, Orange Egypt)
By Noura Hassan (Managing Director, North Africa & Levant)
By Ihab AbdElMonem (Head of Enterprise Security Planning and Operations, Etisalat Misr)
By Moataz Salah (Bluekaizen Founder)
With the cybersecurity skills shortage problem reaching 3 million unfilled positions, the need for more talents is increasing exponentially, however companies had a set of rules and protocols to recruit talents.In this panel, We will be hosting companies who is recruiting hundreds of security professionals every year. We will cover most of job seekers questions including what does it take to be noticed by large enterprises? what skills are they searching in the applied candidates? How security professionals can enhance their security professionals career path and increase their salaries.Whether you are an existing security professional looking to enhance your career path, fresh graduate looking for your first or a student want to get prepared for the cyber security career, this session is for you.
In this talk, we will talk about how to use fuzzing of the GTP protocol used for 4G/5G communication in order to compromise the widely exposed femtocells and what the remediations that should be taken.
CyVentures Hackathon Judging.
By CyVentures
CyVentures Hackathon is a Cyber Security Hackathon that will be held concurrent with Cairo Security Camp, For the first time in Egypt, a cybersecurity hackathon will be conducted to build new products.
Ideas Must have strong technical and business combination to win the prize. Winners will have the mentoring and needed support to build their own startup, raise investment, develop commercial partnership.
We are looking for small ambitious team, with deep technical skills who are willing to take the chance and develop their own cyber security product and services.
Young Egyptians with the technical skills and talent who wish to make a regional impact in the cyber security industry.
1,000 USD for each winning hackathon team, up to 5 teams Incubation program for 8 weeks on-site, fully paid.
HotSeat: Threat Hunters VS Exploit Writers.
By Dr. Ahmed Shosha (Security Researcher, Microsoft),
By Fady Othman (Information Security Consultant at ZINAD IT)
Two of the best egyptian cyber security experts will be putting each other in the hot seat in this fireside chat. Both Fady and shosha will take turns in answering difficult questions about threat intelligence, bug Huntings and zero day vulnerabilities. They will discuss how security researchers in fortune 500 companies can use the skills of exploit writers to make their products more secure. They will discuss what techniques threat hunters use to discover those exploits and what exploit writers do to pass the controls added by the vendors.
How to defend against OT cyberattacks.
By Mohamed Ahmed Abd el Haleem (Cyber security manager, Ministry of Electricity & renewable energy)
CyVentures Hackathon Finalists Pitching, Judging & Winners announcement.
By CyVentures
Closing & Women in Cybersecurity Winners.
By Moataz Salah (BlueKaizen Founder)
About
Cairo Security Camp is an annual event targeting the Information Security Community of the Middle East and North Africa (MENA Region). IT Professionals and security practitioners from throughout the region are invited to attend. The Conference purpose is to gather, in one place, everyone interested in helping to improve and enrich the Information Security field in the MENA region. Our Goal is to raise the level of information security field in the MENA region, hoping that one day we live up to international standards.
About BlueKaizen
Bluekaizen is a fast growing company that focus on cyber security education either for students, professionals or Management level. Either for individual or organization. We provide educations via training, conferences, webinars, magazines, cyber security summer camps, Assessments, cyber exercises & games and much more.
Place: INTERCONTINENTAL CITY STARS, Cairo, EGYPT.
Date: 16th, 19th of December 2017 for the conference.
Organizers: BlueKaizen.org and Security Kaizen Magazine.
Sponsors
Do you need to promote your product or services?
Do you need to reach Security Experts and Security Professionals?
Let it be known through sponsoring Cairo Security Camp or Security Kaizen Magazine.
Cairo Security Camp is the first annual conference organized by an Arab Country. Our conference covers all aspects of Information Security both technical and managerial aspects. In addition to being the first, Cairo Security Camp 2019 will proudly be hosting a variety of experienced speakers from very renown companies and organization To request for a sponsorship prospectus or find out more about sponsorship opportunities.
Please contact:
mahitab.afify (at) bluekaizen (dot) org
