Program
- Nurdaulet Kaldybek
“Bug Bounty Without Secrets: What Legal Hacking Looks Like from the Inside”
A talk on how the bug bounty industry operates and who bug hunters are. The speaker will demonstrate how professionals legally identify vulnerabilities in company systems, responsibly disclose them, and receive rewards. The presentation will also briefly address legal aspects and the rules that make ethical hacking possible. The main focus is on real-world experience and the internal workflow of a bug hunter.
- M. Nurakunov
TBA - M. Saymanov
Logical Boolean Functional Form of a Steganographic Algorithm
Abstract: This talk explores the use of microinstructions in the form of graph diagrams, algebraic, and matrix forms for steganographic encryption algorithms. When writing microinstructions, especially encryption algorithms, in devices, a pressing issue is their optimal form. The more optimally an algorithm is written, the more energy and memory resources the device saves, and the higher its operating speed. Analysis of graph diagrams, algebraic, and matrix forms of microinstructions allows us to determine the optimal (minimal) form of microinstructions. The optimal form of microinstructions for steganographic encryption algorithms is determined.
- Aymgul Toktarbayeva
Steppe by Steppe, Hunting Like a Tazy: Tracking UAC-0063 TTPs
Abstract: This workshop is dedicated to analyzing the APT28 (UAC-0063) attacks that affected Central Asian countries. I detail the attack stages—from encrypted macros and obfuscated HTA files to the use of the HATVIBE and CHERRYSPY malware families—and share practical ideas for threat hunting. I also pay special attention to the specifics of Sysmon logging, where positional properties can shift when Rule Names are enabled. I also present my Format-WinEvent tool, which solves this problem by normalizing logs and significantly simplifies their analysis.
5. Olzhas Alseitov
Applying Large Language Models (LLM) to Blue Team Tasks: From Log Analysis to Response Automation
Abstract: With the increasing number of cyberattacks and increasing telemetry volumes, traditional Blue Team approaches face challenges in scalability and response speed. This talk examines the use of large language models (LLM) to automate security analysis tasks: from log processing and anomaly detection to incident investigation assistance.
Special attention is given to integrating LLM into existing infrastructure (SIEM, audit logs, monitoring systems), as well as security issues of the AI systems themselves. Practical use cases, architectural approaches (including RAG and local inference servers), as well as the limitations and risks associated with using AI in cybersecurity tasks will be discussed.
This talk is intended for information security specialists, DevOps specialists, and architects interested in implementing AI approaches into Blue Team processes.
6. Tusupova Madina
Asymmetry by Design: Empowering the Modern Data Officer
Abstract: This talk will explore how the role of the Data Officer is changing in the era of AI and why it is becoming key to corporate cybersecurity. I'll show how we use AI and LLM pipelines to protect data, legally identify data vulnerabilities, and build systems that counter malicious plans before an attack even begins. We'll also cover the legal aspects: from the EU AI Act to the NIST Cyber AI Profile, regulations, and standards that enable businesses to protect themselves effectively and transparently.
7. Zhusupov Zhassulan
Malware Cats and Cryptography
Abstract: "Malware Cats and Cryptography" is a talk on practical malware payload encryption based on my recent research published in my blog and book. The talk examines simple and clear implementations using XOR, TEA, RC5, Camellia, Lucifer, 3DES, and other algorithms, as well as lightweight algorithms like Speck and A5/1, used to hide the payload and modify its memory representation. The focus is not on cryptographic strength per se, but rather on how the choice of algorithm, key storage method, and decryption timing affect the observability of artifacts for modern AV/EDR. The talk demonstrates why even "simple" cryptography remains an important element of offensive tooling and, at the same time, a source of detectable errors that can be exploited by defensive teams.
8. Erkin Asqar
From Wi-Fi to Complete Compromise: How Attackers Penetrate Infrastructure
Abstract: This report describes a scenario in which corporate infrastructure is compromised via a Wi-Fi wireless network. It analyzes how insufficient access point security, weak authentication mechanisms, and configuration errors can become the initial entry point for an attack. It describes the typical incident chain: from gaining unauthorized access to the network to further penetration of the infrastructure and compromising critical systems. Particular attention is paid to identifying key vulnerabilities and protective measures to prevent such attacks. The paper emphasizes the importance of a comprehensive approach to information security and the role of wireless networks as a potential threat vector.
9. Zhumashev Dias - VIBE CODING VIBE HACKING
VIBE CODING VIBE HACKING
Abstract: The theme of Vibe Coding and Vibe Hacking reflects a shift from the traditional, strictly formalized approach to system development and research toward a more intuitive, creative, and exploratory interaction with technology. While Vibe Coding is associated with rapid prototyping and flow-based coding, Vibe Hacking is about the same flow-based approach, but in the context of cybersecurity: analysis, searching for unconventional attack vectors, understanding system logic, and identifying hidden vulnerabilities.
10. Gabituly Mukhamedzhan
One-Click Admin: How Over-Reliance on Data Breaks Business Logic
Abstract: Many developers blindly trust incoming data, assuming that users will only submit the fields they see in the form. Using a real-world example from an educational platform, we'll examine how adding just one additional field to the registration request allows users to instantly gain complete control over the system: changing course prices, editing content, and managing other users' balances. This "hack without hacking" critically disrupts the application's business logic and often goes unnoticed. Finally, we'll examine architectural solutions (allowlist approach, DTO, explicit mapping) that reliably mitigate this class of vulnerabilities.
