All Activities @ HITB+ CyberWeek

Expand All +
  • 12th Oct – Saturday


  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Fun and interactive mobile games to help your children learn how to use the Internet safely. VIEW DETAILS
    Family & Kids
    Free
    Where
    Booth

  • An educational and fun video to learn about cybersecurity… and beyond! VIEW DETAILS
    Family & Kids
    Free
    Where
    Cinema Room

  • How much do you really know about cybersecurity? Test your knowledge with this challenging quiz. VIEW DETAILS
    Family & Kids
    Free
    Where
    Booth

  • Meet and greet our very own Cyberheroes and walk away with the cyberheroes comics filled with tips for cybersecurity best practices. Use them wisely, use them well. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Meet with leading cybersecurity recruiters from the industry
    Family & Kids
    Free
    University & High Schools
    Where
    Exhibition Area

  • Teach parents how to be cyber smart by understanding the different risks that their kids could face online, how to avoid these risks, and how to use new technologies for their kids’ development. VIEW DETAILS
    Family & Kids
    Free
    Where
    Stage

  • Have you ever thought of what happens to the content you share and what might be its consequences? Discover the risks that teenagers are facing on social networking sites. VIEW DETAILS
    Family & Kids
    Free
    Where
    Stage

  • Do you know what a career in cybersecurity looks like? A career in cyber security is an exciting one, and this session explains the many options available to guide your children on the right path. VIEW DETAILS
    Family & Kids
    Free
    Where
    Stage

  • 13th Oct – Sunday


  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • UAE's next-generation cyber warriors from high schools and Universities battle it out in an intense 2-day attack & defense contest. Winners will qualify to compete in the PRO CTF on the 15th, 16th and 17th where they'll compete with some of the world's best hackers for a shot at USD100,000 in prizes!

    LEARN MORE

    Competitions & Activities
    Free
    University & High Schools
    Where
    CTF Arena

  • An introduction for security-enthusiastic ladies to ethical hacking and penetration testing.

    Key learning objectives

    Understanding of web applications and organizational networks

    Overview of common weaknesses and how they can be exploited

    Understanding how to defend against these vulnerabilities

    MORE DETAILS

    Free
    Security Professionals
    Where
    Blackhoodie Track Room

  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Meet and greet our very own Cyberheroes and walk away with the cyberheroes comics filled with tips for cybersecurity best practices. Use them wisely, use them well. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Artificial intelligence is steadily flooding our world and slipping into a lot of verticals from autonomous cars and robots to defense, media, and smart homes. Hundreds of new startups implement AI solutions worldwide, and we are getting closer to the point where machine learning based solutions consume traditional algorithms. While we understand more or less how to deal with software vulnerabilities, we have no clue what’s happening in ML-based solutions. In addition, we don’t know how it's possible to hack them. However, we cannot but take note of adversarial examples, which have recently attracted media attention but were invented 5 years ago. This area is rapidly growing and soon there will be almost 1000 research papers on this topic. Some of them will hit media only in 5 years or so. In my presentation, I will show what occurs in AI security industry, which is the most closed cybersecurity area. I will address the most critical AI applications such as face recognition, self-driving cars, voice assistants, and the latest attacks. Then I will present ML algorithms such as classification, regression, reinforcement learning, clustering, etc. I will explain how to attack them. Finally, particular attack methods will be discussed such as adversarial, privacy, poisoning, backdoor, reprogramming, and you will see how they are evolving.
    Free
    Security Professionals
    Where
    Ballroom A

  • How much do you really know about cybersecurity? Test your knowledge with this challenging quiz. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Teach students how to be cyber smart by understanding the different risks that they could face online, how to avoid these risks, and how to use new technologies for their development. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Meet with leading cybersecurity recruiters from the industry
    Family & Kids
    Free
    University & High Schools
    Where
    Exhibition Area

  • Fun and interactive mobile games to help your children learn how to use the Internet safely. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • An educational and fun video to learn about cybersecurity… and beyond! VIEW DETAILS
    Free
    University & High Schools
    Where
    Cinema Room

  • Designing your custom-made electronic circuit boards is the next logical step for stepping up your microcontroller project. After mastering the art of embedded software development, creating your custom hardware enables more elegant designs, lowers power budget and unlocks higher performance at a smaller size. We describe a low-risk method for designing custom embedded microcontroller designs. With a step-by-step approach, you do not have to dig into the full scary stack of electronic engineering to create your embedded designs and finally bring your custom design to production. Your PCB peripherals can range from conventional sensors and switches to specialised display controls, external storage and wireless transceiver features. You can use all these fancy electronic parts without bulky adapter PCBs as they enter the market. Once you decide on the type of microcontroller at the core of your project and you familiarise yourself with its firmware, implementing new peripherals on your custom PCB can become risk-free when following a few basic guidelines. We explain how you can dissect your design into modular function blocks. Once proven to work, you can contain complex electronic analogue circuits in reusable modules. Your circuit block collection grows one peripheral at a time. By establishing alternative parts and footprint options in your component library, your project can transition through the different stages from prototyping to mass production. This flexibility keeps you also prepared for shortages in the availability of specific component variants and unexpected longer lead times. In analogy to the software build process, configuring a build environment with the right set of rules for your electronic design is essential. Like a compiler check, the design rule check (DRC) verifies the electronic and mechanical functions of your circuit. It is vital to specify the settings as detailed as possible to avoid unnecessary mistakes and debugging on the physical board. Most PCB design tools offer a long list of rule settings for schematics and layout helping you to find schematic flaws. Component and board manufacturer often provide you with design rules in their datasheets and requirements. We show how these map to PCB design rules. This talk provides hands-on advice on how to choose suitable components and create schematics in a clear and structured way. The focus is on PCB layout and preparing the PCB design for prototyping and small/medium scale manufacturing. Topics covered: electronic circuit design basics using function blocks in schematics for modularity organising component libraries, BOM preparing rulesets, DRC/ERC component placement and PCB layout design for testability thermal dissipation and parasitics creating production files (panelisation, PCB Gerber files, Pick & Place files) external PCB assembly services and testing integrating your PCB design with nice looking housings
    Free
    Security Professionals
    Where
    Ballroom A

  • Due to the exhaustion of IPv4 free address space, the use of IPv6 on the Internet is gradually increasing. All Windows operating systems since Windows Vista have IPv6 enabled by default. IPv6 brings a series of improvements compared to IPV4, but these improvements are also put a double-edged sword. Recently, we have been focusing on "IPv6" attack research and found that in the IPV6 environment, there are many attack points, such as: Iptables will fail, use IPV6 to bypass the Web defense strategy and abuse IPV6-specific protocols for man-in-the-middle attacks, and Other attack ideas! In this speech, I will disclose the attack methods and ideas I have found for IPV6, and will also release tools for IPV6 attacks.
    Free
    Security Professionals
    Where
    Ballroom A

  • Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust. Do we trust AI? I don't, personally. What is "state of the art" in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don't touch it. And tomorrow is too late. But what we can do for Trustworthy AI? There are just no simple answers. You can't install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?.. To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
    Free
    Security Professionals
    Where
    Ballroom A

  • Learn the importance of cybersecurity education in schools and the various dimensions of the cyber curriculum. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • Learn to think like a hacker and the techniques they employ. But remember, with great power comes great responsibility! VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 1

  • Have you ever thought of what happens to the content you share and what might be its consequences? Discover the risks that teenagers are facing on social networking sites. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • The 0day vulnerability market developed over the years in a way that is unsafe, chaotic and rather inefficient. Today bad business practices, lack of professionalism and low levels of trust are still spread in this market and can seriously hamper the ability of law enforcement and intelligence agencies to acquire and maintain strategic cyber capabilities in order to fight organized crime, terrorism and hostile geopolitical actors. Having a deep understanding of these issues and of their solutions, Crowdfense is “hacking the 0day market” in order to improve it for all the parties involved (researchers, brokers, integrators and end-users), by introducing new quality standards and best practices related to products, services and to the sustainability of the underlying business processes. This session will share how Crowdfense is doing this, why, what are the results and what could be the next steps.
    Free
    Security Professionals
    Where
    Ballroom A

  • Have you struggled as a teacher to engage with your students? Every child is unique and carries their own personality. Learn teaching methods that you can adapt as per your student’s personalities. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Do you know what a career in cybersecurity looks like? A career in cyber security is an exciting one, and this session explains the many options available to guide your children on the right path. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Engage teachers to explore various teaching methods, techniques and aids to integrate cyber curriculum into every day lessons. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • APT groups always try to hide and be persistent inside their target environment. Although MITRE ATT&CK matrix try to collect knowledge of all adversary tactics and techniques, new techniques or skills will still show up. Recently, we found a new technique are being utilized in multiple operation and APT groups, including BlackTech, WINNTI and Operation ShadowHammer. Once while doing incident response, we found typing special URL path can trigger invisible webshell backdoor in the windows webserver without leaving any logs. The way this attack used let it hard to detect since it does not need to leave file inside webserver, it doesn't have its own process and no log will be created. This kind of webshell backdoor can be used in any windows platform even if it doesn't have webserver installed. In this presentation we will show up the complete attack of this kind of backdoor cases, threat indicators, victims and disaster assessment. What kind of technique or special windows API they used to achieve fileless, logless, processless webshell? What should we do when doing incident response with this kind of invisible webshell? And furthermore, we also using some windows undocumented API to build a new tool trying to catch up this kind of backdoor from memory while doing incident response.
    Free
    Security Professionals
    Where
    Ballroom A

  • Solder and tinker your way to understand how hardware devices work, and learn physical techniques to hack digital devices. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 1

  • JWT (JSON Web Token) is a popular authentication protocol for delivering stateless authentication. It has been highly popular in recent years because of its simplicity, performance, and the level of security it provides. The protocol is highly adapted for sessioning, authentication and authorization. However, a single mistake in the implementation can lead to the compromise of the entire application. In my presentation, I will show common implementation weaknesses observed in the wild, how to test and break JWT authentication, as well as demonstrate practical approaches for securing JWT against each described attack. In addition, I will release an open-source toolkit for testing JWT in modern applications.
    Free
    Security Professionals
    Where
    Ballroom A

  • Engage teachers to explore various teaching methods, techniques and aids to integrate cyber curriculum into every day lessons. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • This presentation will start on the very basics of what docker is and why organizations are willing to invest time and resources on it. The basics will explain how docker works, and its brief architecture. It would then dive into where the concept of containers originated from which would contain a brief history of containers. There will also be a brief comparison of dockers vs virtual machines. It would then go into terminologies commonly used in docker and a live demo on creating a docker image and deploying that image as a container. Once the basics are covered, the presentation will deep dive into docker internals and security features. It will briefly cover what are Namespaces, CGROUPS, Capabilities and Seccomp along with examples on how to configure/implement them. The presentation will then explain how the docker features are usually misconfigured in organizations and how can they be used to gain root access to the host system. The presentation will essentially cover 3 misconfigurations with the help of live demos.
    Free
    Security Professionals
    Where
    Ballroom A

  • What does it take to protect your laptop, to keep your data secure, and to maintain your trust into your device while traveling abroad? You probably have seen the cool crowd covering their built-in laptop webcams with geeky stickers. You heard them obsessing about hackers attacking their laptops with backdoored laptop chargers or malicious USB-cables. What if you're not satisfied with stopping there at securing your device - how would holistic Laptop security look like? What if you want to get control back over your laptop, its operating system, its built-in devices like webcams, microphones, and network interfaces? What if you don't want to worry anymore about sophisticated malware attacks reprogramming internal memories like BIOS firmware, SSD-firmware, keyboard controllers for becoming persistent? What if you don't like to worry about sophisticated attackers with physical access to your machine while leaving it unattended in a hotel room or your car? In this talk, we show how to configure your laptop securely - in anticipation of highly sophisticated attackers with physical access. Moreover, we will demonstrate modern hardware virtualization features for getting control back over your privacy and data. We explain how to use Linux based hardware virtualization features for trusted control of network interfaces, integrated audio- and video devices of a Windows 10 installation. We will show how internal and external hardware security features can improve contemporary disk encryption security - and how to get secure boot right.
    Free
    Security Professionals
    Where
    Ballroom A

  • 14th Oct – Monday


  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • UAE's next-generation cyber warriors from high schools and Universities battle it out in an intense 2-day attack & defense contest. Winners will qualify to compete in the PRO CTF on the 15th, 16th and 17th where they'll compete with some of the world's best hackers for a shot at USD100,000 in prizes!

    LEARN MORE

    Competitions & Activities
    Free
    University & High Schools
    Where
    CTF Arena

  • A crash course for beginners who have no knowledge in car security to get started on their car security journey.

    Key learning objectives

    Learn about the basic understanding of vehicular networks

    Gain better understanding of vehicular communication protocols

    Explore the attack surfaces in vehicles

    MORE DETAILS

    Free
    Security Professionals
    Where
    Blackhoodie Track Room

  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Meet and greet our very own Cyberheroes and walk away with the cyberheroes comics filled with tips for cybersecurity best practices. Use them wisely, use them well. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Adversarial learning aims at understanding the weaknesses of machine learning in the adversarial environment and developing protection against potential threats. In the field of object detection and image classification, a large number of open source machine learning models are used by industry. Researchers can attack Faster RCNN, SSD, VGG, ResNet and so on by using white boxes to generate adversarial images, then transfer learning to attack object detection and image classification systems in the real world before. But in the field of porn images detection , the only well-known open source model is Yahoo's NSFW. We have proved through experiments that transfer learning to the Yahoo's NSFW, can attack the real world porn images detection service with a lower success rate. Further research shows that by optimizing the loss function and adjusting the attack algorithm, a higher success rate can be achieved without affecting human senses through smaller disturbances.We call the new attack algorithm as FDA ( FeatureMap Destroy Attack).At the same time, we also propose a method to detection and defense Real-World Adversarial Images for Illicit Online Porn.
    Free
    Security Professionals
    Where
    Ballroom A

  • How much do you really know about cybersecurity? Test your knowledge with this challenging quiz. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Teach students how to be cyber smart by understanding the different risks that they could face online, how to avoid these risks, and how to use new technologies for their development. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Recent years have seen a flood of novel wireless exploits, from vulnerable medical devices to hacked OT devices, with exploitation moving beyond 802.11 and into more obscure standard and proprietary protocols. While other non-WiFi RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Today, cyber threats have grown not just in its depth (more sophisticated) but also in its breadth (expanded scope). It has grown from threats in Enterprise IT systems to Operation Technologies (OT) and Industrial Control Systems (ICS).

    To ensure wireless security, one needs to have a comprehensive understanding of the technology, threats, exploits, and defensive techniques along with experience in evaluating and attacking wireless technology. Not limiting one’s skill-set to WiFi, we also need to evaluate the threat from other standards-based and proprietary wireless technologies as well. This session takes an in-depth look at the security challenges of many different wireless technologies, exposing one to wireless security threats through the eyes of an attacker. Using readily available and custom-developed tools, we’ll navigate our way through the techniques attackers use to exploit RF networks. The session will introduce one how to identify the threats that expose wireless technology and build on this knowledge to implement defensive techniques that can be used to protect wireless systems.

    Free
    Security Professionals
    Where
    Ballroom A

  • Meet with leading cybersecurity recruiters from the industry
    Family & Kids
    Free
    University & High Schools
    Where
    Exhibition Area

  • Fun and interactive mobile games to help your children learn how to use the Internet safely. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • An educational and fun video to learn about cybersecurity… and beyond! VIEW DETAILS
    Free
    University & High Schools
    Where
    Cinema Room

  • MuddyWater is a threat actor likely based in Middle East, with known activities since at least the middle of 2017. It targets various individuals, government organizations and industries in many countries all across the Middle East and Central Asia, with the highest intensity of targets in Turkey, Pakistan, Afghanistan and Jordan. Starting with spear phishing emails and macro-powered attachments sent to carefully selected high profile targets, the threat actor attempts to deliver and install various backdoors written in different programming languages to the victims' computers – all with the purpose of performing cyber espionage. One of these backdoors has interesting capabilities, such as disk wiping, anti-analysis and numerous false flags. To increase stealthiness, C&C communication is forwarded via PHP proxies hosted on hacked websites, creating an asynchronous communication channel. We took advantage of this configuration to monitor the activity of this actor, discovering the identities of some of the victims as well as some commands which attackers attempted to execute on victims’ machines. In this presentation, we will show the most recent evolution of the tools, tactics and procedures of this threat actor. We will present some examples of targeted documents and the multiple layers of obfuscation added to their payloads. We will also detail the different tools this threat actor uses, and we will propose some ideas on how to prevent and hunt for these threats.
    Free
    Security Professionals
    Where
    Ballroom A

  • Learn the importance of cybersecurity education in schools and the various dimensions of the cyber curriculum. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • Learn to think like a hacker and the techniques they employ. But remember, with great power comes great responsibility! VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 1

  • There are two types of RFID - those that use INDUCTIVE COUPLING like NFC and those that use RF like GEN2 UHF as per the title. NFC has been widely covered and exploited in the hacking scene, but UHF really has not, other than a few "long range" experiments. However, UHF is now being widely adopted for all kinds of interesting applications, from vehicle gateways on toll roads and border crossings to goods and inventory tracking in logistics. Even airline luggage will soon be sporting fancy e-paper tags with UHF tracking enabled, but how safe is that going to be? What research has been done in this area? Well, before hackers can start researching they need the tools, and this workshop will cover the first step in creating those tools... Building your own SDR controlled UHF RFID reader gives you the power to dig right down into the guts of the protocol and start fooling around... Who knows what you'll find? We will be implementing a reader using the BladeRF platform, and will cover "gotchas", tips and tricks to better understand how to get this working and your UHF hacking project under way.
    Free
    Security Professionals
    Where
    Ballroom A

  • The discussion flow would start from the importance of browsers, need for security within it, my research and vulnerabilities found, and finally demonstration of zero day, apart from other exploits and attacks, against browsers. The talk would conclude with a discussion around remediation efforts to protect against such attacks. Over the years reliance on browsers has increased many folds. The features provided by browsers, along with its numerous extensions and components, browsers have seen a humongous increase in the number of users using it to browse different services. This provides a huge attack base to "research" and identify potential vulnerabilities which can be exploited in order to improve defensive controls. The talk I will be presenting is entirely my own work of research. While identifying vulnerabilities in web applications and participate in various bug bounty programs is interesting, I enjoy targeting platforms which are less popular as research topics. Having said that, while security for browsers is a known topic, I've been able to identify, through my research, several vulnerabilities which will help secure it further. The issues I will be talking about are completely within three specific domains - SOP, RCE and Address Bar Spoofing (ABS). These vulnerabilities, along with the attack scenarios are something which I've created through my research. As a case study I'll discuss integer underflow vulnerability in firefox (NSS). I've also created, from scratch, an exploit code which can be used across several browsers for the same vulnerability. I will be showcasing multiple Metasploit module, I created during my research.
    Free
    Security Professionals
    Where
    Ballroom A

  • Have you ever thought of what happens to the content you share and what might be its consequences? Discover the risks that teenagers are facing on social networking sites. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Have you struggled as a teacher to engage with your students? Every child is unique and carries their own personality. Learn teaching methods that you can adapt as per your student’s personalities. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Introduction to Failure Analysis Tools for IC Reverse Engineering and Editing for Fun and Profit For many people are 0 and 1 just an imaginary values, but they actually has a physical interpretation. Whether it is charge in capacitor, trapped electron, or electrical potential, these values can be read directly despite of extensive software security measures. Although IC manufacturers want to prevent us looking into circuits by adding passive or active shields, a silicon chip is not a black box and understanding the block level and then transistor level is essential for security assessment. Once we understand how a circuit works, we can listen to specific signals and collect data. We can further change data in our advantage and bypass security checks, even change security keys by modifying values or by rerouting the circuit logic. All major chip manufacturers invest a huge amount of money into reverse engineering laboratories. These labs are especially important in development and early production stage to early eradicate defects and result in high yield production later on. While searching for such failures, they have to reverse engineer their own chips in order to find a failure and fix the process, so the next time it won’t happen. For that purpose, there is a whole industry, you may never heard of, called “Failure Analysis”. It is full of high resolution, high sensitivity and highly priced equipment, specially build for reverse engineering and defect localization, so why not use it for security analysis? We can start by looking into a device by X-ray, use dangerous chemical, lasers, or CNC machines to open it, high resolution optical microscopes to analyze the structures, or even look through the silicon on directly on transistor level. High sensitivity IR cameras can show operating circuitry and by removing metal layers, we can reverse engineer the circuit and localize our point of interest. The Focused Ion Beam for example is an essential tool, which offers not only a micro-milling option, but by precise deposition or removal of conductive and non-conductive materials, we can cut and reroute traces, create test pads, or even edit circuit from the backside. With a usage of nanoprobes and SEM we can then do measurements, visualize various structures, and trace signals. Not every piece of equipment needs to cost hundred-thousands of dollars, we can achieve a lot with just simple equipment and by applying some skill. By understanding of physics fundamentals and operation of some professional tools it’s possible to recreate functionality with much smaller budget. Wide second-hand market and advanced consumer electronics may offers many possibilities. Infrared backside imaging can give a great insight in structure without removing top metal layers. For example many commercially available cameras offer good enough performance in detecting IR light, which can be produced by cheap LEDs. For example by performing camera modifications, it is possible to detect low level infrared light emitted by flowing current through a transistor – visualizing activity and the changing states of running circuits. IC delayering shows inner structures, interconnections and allows to recreate a whole design. There are two approaches for delayering, chemical and mechanical. Chemical delayering involves wide variety of very aggressive chemicals like HF and the result repeatability is not great for laboratory use. Mechanical delayering is more precise and safer, however it is time consuming and edge rounding cannot be fully avoided. As usual, it can be done with high precision polishing machine with laser alignment, or with a fine sandpaper, bare hands and some skills. IC structures seems complicated and overwhelming, but example of simple redrawing can show structures, like AND, NAND, OR, NOR or inverter and reverse engineering becomes much easier. By understanding the low level layout, important traces can be identified and accessed from upper layers, contacted by FIB and compromised by injecting false signals. Failure Analysis is a whole industry which makes use of wide variety of physical phenomenon, sample preparation techniques, observation techniques and circuit editing tools to reverse engineer an IC. These tools and techniques are becoming cheaper, more accessible, and thus chip analysis, reverse engineering and hardware hacking easier.
    Free
    Security Professionals
    Where
    Ballroom A

  • Do you know what a career in cybersecurity looks like? A career in cyber security is an exciting one, and this session explains the many options available to guide your children on the right path. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Engage teachers to explore various teaching methods, techniques and aids to integrate cyber curriculum into every day lessons. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • Solder and tinker your way to understand how hardware devices work, and learn physical techniques to hack digital devices. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 1

  • Attacks on payment infrastructures are incredibly popular and many hackers are chasing easy money. On the other hand, payment security does not stand still - EMV, mobile wallets, bitcoin, digital banks without branches, business accounts opened in 1 day. We live in an era of digital technology that protects us from hackers. But does it? Each technology has been examined under the microscope and received its own attack, executed not only on the academic paper but also in the real world by real fraudsters. Over the past 2 years, our team has been successfully debunking the security myths about NFC, EMV, POS terminals, and ATMs. We will show how easy it is to steal money from a bank card, the money that the customer sometimes doesn't even have in the account. Why isn't the payment industry trying to take care of its customers' security more than required by risk management and is waiting for problems to occur, without worrying about attacks that "haven't arrived yet"?
    Free
    Security Professionals
    Where
    Ballroom A

  • Engage teachers to explore various teaching methods, techniques and aids to integrate cyber curriculum into every day lessons. VIEW DETAILS
    Free
    University & High Schools
    Where
    Workshop Room 2

  • Power-line communication (PLC) carries data on a electric line is used for AC electric power transmission or electric power distribution to consumers. PLC systems are based on the idea of ​​networking without the need for new cables. PLC in smart grids is used extensively in smart meters. Thus, plugs could become an input point due to the data transmission on the power line and from an attacker's perspective, the PLC could become an new attack surface in smart grids. In this talk I will explain a red team approach of smart meters in smart grids. These smart meters work on PLC. I will explain a case for how to capture data on 220v power line and how to retransmission of data on power line. Also I will discuss various attack vectors on smart grids such as blackout of transformer, manipulating usage data and analyze how to mitigate them. I will use some old school mathematical calculation for demodulation signals and data extraction on power line theoretically.
    Free
    Security Professionals
    Where
    Ballroom A

  • As IoT becomes more integral to our lives, the need to secure them grows. One thing the security industry isn’t talking very often is - IoT security. We talk very often about application security but very rarely we talk about security in Hardware or in particular security in IoT. With application security, you as a penetration tester is confronted with a Windows or a Linux server, or a web application or even a TCP/UDP protocols. But with IoT penetration testing, you have very uncommon architectures like ARM, PowerPC, MIPS, etc. Sometimes, you are even confronted with communication protocols like ZigBee, BLE, NFC, RFID, etc and to make it more complex, many times hardware device manufacturers do have their custom RF frequencies. These require new expertise and severals toolsets which are very uncommon. It is no wonder that traditional penetration testers can get completely lost in the world of embedded devices security and their protocols. This talk is going to be a helpful resource to help you become IoT Penetration tester. In this talk, attendees will get an opportunity to learn about the potential risks and vulnerabilities carried by IoT systems. They will also get to learn about IoT security best practice and guidelines. You will learn how to build & secure a connected IoT platform and attack from a hacker’s perspective. Also, I will be sharing the secrets that no one tells you about penetrating the IoT device, which I have learned over the years working as IoT and Mobile application security analyst.
    Free
    Security Professionals
    Where
    Ballroom A

  • 15th Oct – Tuesday


  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Who?

    25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.

    What?

    A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.

    VIEW DETAILS

    Competitions & Activities
    Free
    Where
    CTF Arena

  • We’re bringing the best bug hunters and research hackers to one destination for the UAE’s first bug bounty bazaar. It's one event with many bounties exploiting a variety of targets with a range of cash pots in a combined $1.5 million pool. Also, the best bug hunters and ethical hackers are competing in an all-new coordinated bug bounty contest with a total of $1.5 million in bounty to be won.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    D2P Arena

  • A malware evasion and penetrating testing challenge for machine learning and AI enthusiasts with US$100,000 up for grabs! We initiated this competition to spur the development of defensive security solutions using advances in machine learning to detect and protect against vulnerabilities and malicious exploits. We have a bold ambition: to accelerate progress in automated cyber defense processes and contribute to the development of the first generation of autonomous and real-time models applied to cyber security problems.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    AI Village

  • Is it possible for a power plant that runs an entire city to be brought down by a cyber attack? Well, let’s find out! VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Do you have what it takes to crack the Cyber Escape Room? Put on your investigative hats as you will be tasked with solving a ransomware attack! VIEW DETAILS
    Free
    University & High Schools
    Where
    Escape Room

  • Meet with leading cybersecurity recruiters from the industry and get ready to face a mock interview to test your wits under pressure. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • How much do you really know about cybersecurity? Test your knowledge with this challenging quiz. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • HITC runs classes, labs and workshops for kids between 8 to 18 years old. Topic modules can range from cyber hygiene to programming and hacking labs. In cyber hygiene we cover the basics such as: what is a hacker? Are you aware of your online presence, such as social media? What is a good password? We teach students how they can protect themselves online. Our session is always finished by hacking away (with our permission!) in our very own kids-friendly hacking environment. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Training Rooms

  • The Standoff will take place non-stop during HITB+ CyberWeek, starting right after the forum opens and lasting until the end of the forum.

    Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    Main Foyer

  • Did you know that you can monitor the actions of a hacker inside your network? Learn about the various tools that organizations and individuals can use to defend against cyber attacks. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Perspectives on the importance of cyber security in securing the nation and its digital assets from the Abu Dhabi Digital Authority. How are government entities managing digital transformation in a region that is subject to increasing cyber attacks. People are the weakest link in an organization’s security posture and research shows that government entities are at a disadvantage in cyber preparedness. How are they developing the human capital necessary for knowledge transformation to be prepared for future challenges.
    Free
    Government & Business
    HIghlight Talks
    Where
    Ballroom C

  • Rub shoulders and network with leading recruiters in the field of cybersecurity. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Many people believe that there are only two types of companies: those that have been breached, and those that will be. Regardless of your viewpoint, no matter how many new, shiny information security appliances are purchased, data breaches continue to happen at alarming rates as no company seemed immune.

    This session will provide information on the current data breach landscape and behind the scenes look into cyber liability from a former insurance professional with no sales spin. The talk will discuss how the coverage works and what types of breaches can be covered. Further, the session then will discuss how cyber insurance is being integrated into a risk management plan. Information Security professionals and incident responders are in many cases unaware of how the cyber insurance process works when there is a data breach and do not understand the requirements that can affect the incident response process.

    Free
    Government & Business
    HIghlight Talks
    Where
    Ballroom C

  • The era of Cloud Computing is often synonymous with simplicity, user friendliness, pay per use models and anything-as-a-service. But what appears at first sight as such an appealing way to conduct computing reveals itself often after a while as a complex world. Securing this complex world across services, providers and architectures can become quit complex and challenging.
    Free
    Government & Business
    HIghlight Talks
    Where
    Ballroom C

  • Do you know what a career in cybersecurity looks like? A career in cyber security is an exciting one, and this session explains the many options available to guide you on the right path. This will also deep dive into the technical and soft skills required at a high level. VIEW DETAILS
    University & High Schools
    Where
    Stage

  • Join us at a personality development workshop where we provide you with the tips and guidance related to resume writing, opportunities for internships, and shaping your digital persona and social media profile. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • 16th Oct – Wednesday


  • A malware evasion and penetrating testing challenge for machine learning and AI enthusiasts with US$100,000 up for grabs! We initiated this competition to spur the development of defensive security solutions using advances in machine learning to detect and protect against vulnerabilities and malicious exploits. We have a bold ambition: to accelerate progress in automated cyber defense processes and contribute to the development of the first generation of autonomous and real-time models applied to cyber security problems.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    AI Village

  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Who?

    25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.

    What?

    A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.

    VIEW DETAILS

    Competitions & Activities
    Free
    Where
    CTF Arena

  • We’re bringing the best bug hunters and research hackers to one destination for the UAE’s first bug bounty bazaar. It's one event with many bounties exploiting a variety of targets with a range of cash pots in a combined $1.5 million pool. Also, the best bug hunters and ethical hackers are competing in an all-new coordinated bug bounty contest with a total of $1.5 million in bounty to be won.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    D2P Arena

  • The Standoff will take place non-stop during HITB+ CyberWeek, starting right after the forum opens and lasting until the end of the forum.

    Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    Main Foyer

  • Did you know that you can monitor the actions of a hacker inside your network? Learn about the various tools that organizations and individuals can use to defend against cyber attacks. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Is it possible for a power plant that runs an entire city to be brought down by a cyber attack? Well, let’s find out! VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Do you have what it takes to crack the Cyber Escape Room? Put on your investigative hats as you will be tasked with solving a ransomware attack! VIEW DETAILS
    Free
    University & High Schools
    Where
    Escape Room

  • Meet with leading cybersecurity recruiters from the industry and get ready to face a mock interview to test your wits under pressure. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • How much do you really know about cybersecurity? Test your knowledge with this challenging quiz. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • HITC runs classes, labs and workshops for kids between 8 to 18 years old. Topic modules can range from cyber hygiene to programming and hacking labs. In cyber hygiene we cover the basics such as: what is a hacker? Are you aware of your online presence, such as social media? What is a good password? We teach students how they can protect themselves online. Our session is always finished by hacking away (with our permission!) in our very own kids-friendly hacking environment. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Training Rooms

  • Rub shoulders and network with leading recruiters in the field of cybersecurity. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Do you know what a career in cybersecurity looks like? A career in cyber security is an exciting one, and this session explains the many options available to guide you on the right path. This will also deep dive into the technical and soft skills required at a high level. VIEW DETAILS
    University & High Schools
    Where
    Stage

  • Join us at a personality development workshop where we provide you with the tips and guidance related to resume writing, opportunities for internships, and shaping your digital persona and social media profile. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • 17th Oct – Thursday


  • Have you ever wondered if your home can be hacked? Learn through a live demonstration about what you can do to prevent it. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • Who?

    25 winning teams (3 - 5 members per team) from various Capture the Flag contests from around the world.

    What?

    A new style of attack and defense CTF contest over 3 days with an IoT ‘real world hacking’ bonus contest.

    VIEW DETAILS

    Competitions & Activities
    Free
    Where
    CTF Arena

  • Learn about cybersecurity by getting into the heart of the action with our state-of-the-art VR equipment and immerse yourself in a virtual reality cyber learning experience. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Booth

  • We’re bringing the best bug hunters and research hackers to one destination for the UAE’s first bug bounty bazaar. It's one event with many bounties exploiting a variety of targets with a range of cash pots in a combined $1.5 million pool. Also, the best bug hunters and ethical hackers are competing in an all-new coordinated bug bounty contest with a total of $1.5 million in bounty to be won.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    D2P Arena

  • A malware evasion and penetrating testing challenge for machine learning and AI enthusiasts with US$100,000 up for grabs! We initiated this competition to spur the development of defensive security solutions using advances in machine learning to detect and protect against vulnerabilities and malicious exploits. We have a bold ambition: to accelerate progress in automated cyber defense processes and contribute to the development of the first generation of autonomous and real-time models applied to cyber security problems.

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    AI Village

  • Meet with leading cybersecurity recruiters from the industry
    Family & Kids
    Free
    University & High Schools
    Where
    Exhibition Area

  • Did you know that you can monitor the actions of a hacker inside your network? Learn about the various tools that organizations and individuals can use to defend against cyber attacks. VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • The Standoff will take place non-stop during HITB+ CyberWeek, starting right after the forum opens and lasting until the end of the forum.

    Teams consist of five or more people. Each team can play for one side—attackers, defenders, or SOC—only. A single company may not put up teams for opposing sides (for example, one team for attackers and another team for defenders or SOC). Teams can work locally at the venue, remotely, or mixed (some team members at the venue and others remotely).

    VIEW DETAILS

    Competitions & Activities
    Free
    Security Professionals
    University & High Schools
    Where
    Main Foyer

  • Is it possible for a power plant that runs an entire city to be brought down by a cyber attack? Well, let’s find out! VIEW DETAILS
    Free
    University & High Schools
    Where
    Booth

  • Do you have what it takes to crack the Cyber Escape Room? Put on your investigative hats as you will be tasked with solving a ransomware attack! VIEW DETAILS
    Free
    University & High Schools
    Where
    Escape Room

  • HITC runs classes, labs and workshops for kids between 8 to 18 years old. Topic modules can range from cyber hygiene to programming and hacking labs. In cyber hygiene we cover the basics such as: what is a hacker? Are you aware of your online presence, such as social media? What is a good password? We teach students how they can protect themselves online. Our session is always finished by hacking away (with our permission!) in our very own kids-friendly hacking environment. VIEW DETAILS
    Family & Kids
    Free
    University & High Schools
    Where
    Training Rooms

  • Panel discussion to address the different constituents of the smart city ecosystems, the inherent challenges in developing the ecosystems and pragmatic solutions on overcoming the key issues and challenges. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • Panel discussion to address the different constituents of the smart city ecosystems, the inherent challenges in developing the ecosystems and pragmatic solutions on overcoming the key issues and challenges. VIEW DETAILS
    Free
    University & High Schools
    Where
    Stage

  • AI at scale requires a perfect mix of data, algorithms and computing infrastructure. I will describe how the deep-learning revolution brought synergies along with all three facets. I will then discuss about future of AI and design of algorithms to support the next generation applications.
    Free
    Government & Business
    HIghlight Talks
    Security Professionals
    Where
    Ballroom A

  • Come and hear all about innovative and original research ideas focused on Cybersecurity threats to Smart Cities. VIEW DETAILS
    Free
    University & High Schools
    Where
    Exhibition Area