This session will explore the often-overlooked yet critical issue of Race Condition vulnerabilities in modern applications. While commonly considered a development issue, these flaws can have profound security and operational implications if exploited. This talk aims to raise awareness among developers, security professionals, and business stakeholders about how race conditions arise, how they are exploited, and what organizations can do to mitigate them.

This session will explore the rise of deepfake-related risks and how financial institutions are defending against them and protecting their customers.

Agents move fast. Risk moves faster. This discussion delves into how to make agents useful without ceding control: least privilege by default, observable actions, reversible changes, and governance that survives production.

As organizations grow into complex groups with subsidiaries, joint ventures, and global operations, managing the external attack surface becomes increasingly challenging. This session dives deep into two essential pillars of External Attack Surface Management (EASM): Discovery and Assessment.In the Discovery segment, we introduce practical techniques for identifying unknown digital assets across corporate structures using signals like WHOIS, RDAP, passive DNS, and third-party analytics IDs—tools that help reduce noise and increase coverage across shadow assets.In the Assessment segment, we focus on a critical but often overlooked gap: evaluating vulnerabilities in VPN appliances and other exposed network infrastructure that traditional vulnerability scanners cannot reliably assess. We will share techniques to fingerprint server responses and infer vulnerability status—empowering defenders to spot high-risk exposures missed by common tools. This is EASM in action, straight from the wild.

OT Middle East Community (OTMEC) provides a community for sharing knowledge and best practices in a vendor-neutral environment to better train the workforce, to promote a spirit of collaboration and innovation in the industry, and to advocate for greater public awareness and stronger cybersecurity policies related to critical infrastructure We empower professionals through knowledge-sharing, workforce training, industry collaboration, and policy advocacy to strengthen critical infrastructure resilience with online social groups and regular meetups. Launching OTMEC during BHMEA2025 is a strategic and timely initiative that aligns perfectly with BHMEA’s mission to be the leading global cybersecurity event driving innovation, collaboration, and resilience across critical industries.Given BHMEA’s vast audience including asset owners, government leaders, cybersecurity experts, and technology providers, OTMEC’s presence will maximize engagement and foster meaningful industry collaboration. It will establish a long-term ecosystem for advancing OT security in the region. By launching OTMEC at BHMEA, we are not merely introducing an initiative—we are shaping the future of industrial cybersecurity in the Middle East. This launch will bring together the right stakeholders to drive impactful change. The exclusive opportunity to launch at BHMEA will provide OTMEC with immediate credibility, visibility, and the momentum needed to become a leading force in securing the region’s critical industries.

Email remains vital in most organizations, from user logins to daily communications. Business Email Compromise (BEC) continues to threaten operations as attackers disrupt workflows, perform reconnaissance, or leverage access to target additional organizations.In-the-wild BECs often rely on creating or modifying inbox rules to alter email flow or hide alerts (e.g., bounce-backs from spam runs, MFA enrollment notifications). This research shares real-world examples of these TTPs before exploring multiple categories of previously unseen obfuscation techniques targeting Exchange mailboxes and administration tools.We begin with undocumented functional tricks such as null-character inbox rule names and single-space conditions that filter mail unexpectedly while breaking rule name-ID correlations in runtime logs used for detection. We then examine syntactical obfuscation, highlighting problematic characters (nulls, backspaces, carriage returns, RTL, zero-width spaces) and introducing new character classes with unique evasive qualities.While many homoglyph attacks use look-alike characters, we uncovered undocumented normalizations that transform bizarre Unicode-laden keywords into ASCII counterparts while still logging as Unicode. Beyond visual and logging mismatches, we present functionality-breaking techniques that render Exchange UI and CLI tools ineffective. We conclude with a vulnerability enabling email deletion while bypassing all logging.From subscripts to symbols, come and exchange (ha!) everything you thought you knew about BEC attacks and experience the depths of evasion our Inboxfuscation research and open-source tool reveal to both offensive and defensive professionals.

Danielle Kinsella explains how network intelligence closes visibility gaps across security and observability. Gigamon provides high-fidelity traffic access and deep inspection for investigation workflows. The talk covers integration friction between monitoring stacks, loss of signal in network blind spots, and the evidence required to strengthen detection and response logic.

This session will explore the rise of deepfake-related risks and how financial institutions are defending against them and protecting their customers.

In this session, Martin Sutherland explains why misaligned ZTNA architectures increase cost and slow SOC outcomes. The talk highlights design flaws that trigger traffic detours, break tool integration, and delay incident response timelines. It outlines practical fixes that restore visibility, improve network paths, and reduce operational friction using Appgate principles: direct routing, policy accuracy, and evidence based access decisions.

This session shows how AI agents secure people and data at scale. Elie Eid from Proofpoint outlines how agentic security auto-analyses threats, applies policy, enriches signals, and drives responses with human oversight. The talk focuses on risks across identity compromise, email-borne AI fraud, unstructured data leakage, and misaligned control design.

Where CISOs unpack how organisations can navigate the evolving intersection of risk, regulation, and resilience.

This session explains how digital twin technology can simulate breach scenarios before they occur in real environments. Yousef Basaad outlines how a digital twin mirrors infrastructure, models attacker behaviour, and tests defensive controls without risk to production systems. The talk highlights practical uses for improving readiness, validating response plans, and finding gaps that traditional testing fails to expose.

Initial access isn’t just about phishing anymore. Modern breaches are increasingly rooted in the application layer, where logic flaws, design weaknesses, and overlooked attack surfaces can open paths to compromise.In this talk, we’ll dissect how AppSec-driven tactics can redefine red team operations. We’ll share our methodology for embedding vulnerability research into live engagements, blending code-level analysis, target hunting, and exploit chaining with traditional adversary tradecraft. This isn’t about dropping a pre-packaged exploit—it’s about building one mid-operation.Through case studies against high-profile global targets, we’ll show how this approach surfaced and chained zero-day vulnerabilities to breach external perimeters and operate effectively in mature environments. Whether you’re looking to sharpen your offensive capabilities or expand your initial access playbook, this session delivers hard-earned insights straight from the field.

This session explains how cryptographic posture drives compliance outcomes for national standards. Simon Taylor outlines gaps in certificate inventory, posture drift, key ownership, and lifecycle automation. The talk covers practical controls that improve visibility, policy accuracy, and audit readiness across regulated environments. Entrust

What happens when the math stops working? Inside the uneasy future of an industry struggling to price the unthinkable.

Cybercriminals innovate but evidence still speaks.This session dives into how digital evidence must be handled from the moment it’s discovered, through documentation, imaging, and secure preservation. Attendees will learn the legal and procedural requirements that protect evidence integrity, ensure admissibility in court, and maintain a flawless chain of custody.Through real case-style demonstrations using hardware tools such as Faraday bags, write blockers, and forensic imaging devices, this session reveals how improper handling can compromise an entire cyber investigation and how the right approach strengthens justice in the digital age.

In this session, Bahii Hour explains how zero-trust models must adapt for AI system access and data protection. The talk highlights flaws in role sprawl, over-permissive paths, agent trust assumptions, and evidence collection. It outlines practical controls to enforce identity boundaries, validate access decisions, and preserve detection signal quality. Xage

This panel maps how security, data, product, finance, IT and AI leaders align on decision rights, shared metrics and runbooks to ship safely at scale.

APIDetector v3 is an advanced, high-performance tool built for identifying and validating exposed Swagger/OpenAPI endpoints across domains and subdomains. Designed specifically for security professionals and developers, APIDetector v3 provides a modern web interface offering real-time results, interactive dashboards, automated screenshot captures, and intelligent false-positive detection.