Program
- Nurdaulet Kaldybek
“Bug Bounty Without Secrets: What Legal Hacking Looks Like from the Inside”
A talk on how the bug bounty industry operates and who bug hunters are. The speaker will demonstrate how professionals legally identify vulnerabilities in company systems, responsibly disclose them, and receive rewards. The presentation will also briefly address legal aspects and the rules that make ethical hacking possible. The main focus is on real-world experience and the internal workflow of a bug hunter.
- M. Nurakunov
TBA - M. Saymanov
Logical Boolean Functional Form of a Steganographic Algorithm
Abstract: This talk explores the use of microinstructions in the form of graph diagrams, algebraic, and matrix forms for steganographic encryption algorithms. When writing microinstructions, especially encryption algorithms, in devices, a pressing issue is their optimal form. The more optimally an algorithm is written, the more energy and memory resources the device saves, and the higher its operating speed. Analysis of graph diagrams, algebraic, and matrix forms of microinstructions allows us to determine the optimal (minimal) form of microinstructions. The optimal form of microinstructions for steganographic encryption algorithms is determined.
- Aymgul Toktarbayeva
TBA - Olzhas Alseitov
TBA - Nurzhan Bazhaev
TBA - Zhusupov Zhassulan
Malware Cats and Cryptography
Abstract: "Malware Cats and Cryptography" is a talk on practical malware payload encryption based on my recent research published in my blog and book. The talk examines simple and clear implementations using XOR, TEA, RC5, Camellia, Lucifer, 3DES, and other algorithms, as well as lightweight algorithms like Speck and A5/1, used to hide the payload and modify its memory representation. The focus is not on cryptographic strength per se, but rather on how the choice of algorithm, key storage method, and decryption timing affect the observability of artifacts for modern AV/EDR. The talk demonstrates why even "simple" cryptography remains an important element of offensive tooling and, at the same time, a source of detectable errors that can be exploited by defensive teams.
