February 13th, 2026 | 18h00 – 22h30 | OASIS Café, Casablanca
| Time | Talk | Speaker |
|---|---|---|
| 18:00 – 18:45 | Welcome & Introduction | ||
| 18:45 – 19:15 | Recovering Flight Data From The React2Shell Crash | Saad El Jebbari |
| Break & Networking | ||
| 19:30 – 20:00 | Malware Configuration Extraction And Other Stuff | Zakariaa Hamid |
| Break & Networking | ||
| 20:15 – 20:45 | IoT Security 101: How Cybercriminals Turn Your Smart Devices Into Weapons | Mohammed Amine Moulay |
| Break & Networking | ||
| 21:00 – 21:30 | Shadow Boxing Or How To Fight The New Windows Security Boundary | Mouad Abouhali |
| Closing Remarks | ||
A deep dive into CVE-2025-55182 (React2Shell), a critical vulnerability in React Server. The talk walks through how the bug works, demonstrates exploitation via a live flight protocol app, and covers remediation. Slides were built with reveal.js; a Docker-based proof-of-concept app is included in the repository.
Covers techniques for extracting embedded configuration data from malware samples — including unpacking, memory analysis, and decryption approaches — along with other reverse engineering tidbits.
An introductory tour of IoT attack surfaces — from insecure defaults and unencrypted protocols to botnet recruitment. The talk includes live demos powered by the companion scanning tool below.
Examines the evolving Windows security boundary — exploring how modern mitigations (VBS, Hypervisor-Protected Code Integrity, Secure Kernel) shift the attack surface and what that means for offensive and defensive security practitioners.