Black Hat MEA cybersecurity conference continued in Riyadh on 03 December 2025 with its second day focused on competitive hacking challenges and practical threat simulations. The event, according to organizers, hosts what they describe as the world’s largest Capture the Flag (CTF) competition alongside hands-on maritime security exercises and executive-level strategy sessions.

Key Takeaways

  • Three-day CTF competition tests ethical hacking skills across web exploitation, forensics, and cryptography categories
  • Ship Spoofing simulation demonstrates vulnerabilities in maritime navigation systems
  • Industry leaders emphasize AI’s evolving role as critical infrastructure requiring new security frameworks

CTF Competition Enters Second Day

Thousands of cybersecurity specialists are participating in a three-day jeopardy-style CTF tournament at Black Hat MEA, according to event organizers Tahaluf. The competition tests skills across multiple categories including web exploitation, PWN, forensics, reverse engineering, and cryptography. The finale is scheduled for 04 December, with remaining challenges potentially determining final rankings.

Running concurrently, the Bug Bounty Cup allows participants to identify vulnerabilities in live targets. Competitors are racing to surface critical security flaws, with final results expected on the event’s closing day.

Maritime Security Takes Center Stage

The Ship Spoofing simulation emerged as a major attraction on day two. Participants received briefings on how navigation systems on modern vessels can be manipulated through corrupted data streams. Additionally, the simulation demonstrated how single injected signals can redirect or disable critical systems.

Inside the live environment, attendees observed ships deviating from courses in real time as spoofed coordinates altered route logic. The exercise highlighted maritime transport as a high-value target for cyberattacks and exposed gaps in sector defenses.

AI Security and Defense Modernization

Anne Marie Zettlemoyer of the National Security Institute addressed AI’s transformation into critical infrastructure. “The systems we defend and the speed at which we defend them have changed more in the past couple of years than in the previous twenty,” she said during her session. Furthermore, she challenged attendees to define responsible AI security frameworks.

Charles Forte, Director General and CIO at the UK Ministry of Defence, outlined defense priorities for expanding attack surfaces. He emphasized three focus areas: process discipline, investment in AI-era defense capabilities, and supply chain scrutiny equivalent to internal system oversight.

Derek Cheng, CISO at Deliveroo, led a session on the CISO Maturity Model. He explored how security leaders measure influence, scale governance, and evolve from technical operators into board-level decision-makers.

What’s Next

Black Hat MEA concludes on 04 December with advanced research presentations, final CTF and Bug Bounty Cup rounds, and strategy discussions. The closing day will determine competition winners and feature new security disclosures, according to organizers.

Steve Durning, Portfolio Director of Black Hat MEA at Tahaluf, said the activity-led experiences demonstrate how hands-on environments pressure-test theoretical concepts against real attack scenarios.