Kaspersky

SECURITY ANALYST SUMMIT

Singapore – April 8-11, 2019

More videos

  • button-facebook
  • button-twitter
  • button-instagram
icon
08 April 2019
icon
Singapore
days
0
0
0
hours
0
0
minutes
0
0
seconds
0
0

About the Security Analyst Summit

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

The previous events were joined by members of leading global companies, such as Samsung, Adobe, Microsoft, BlackBerry, CISCO, Boeing, Interpol, the World Bank, Team Cymru, The ShadowServer Foundation, ICSA Labs and Fidelis Cybersecurity Solutions. 

The conference provides an exclusive atmosphere that encourages debate, information sharing and display of cutting-edge research, new technologies, and ways to improve collaboration in the fight against cyber-crime.


 

Nation state cyber-espionage and advanced threat actors
Internet of Things

 

Government surveillance issues and privacy rights

 

Threats against banks, financial institutions

 

Mobile Malware

 

Critical infrastructure protection (SCADA/ICS)

 

Cross-border law-enforcement coordination and information sharing

 

Vulnerability discovery and responsible disclosure

 

Call for papers

Would you like to become a speaker?

Security Analyst Summit 2019 is an invite-only conference. We are especially looking for presentations and research showcasing the following areas:

  • Advanced malware threats
  • Mobile device exploitation
  • Threats against banks, financial institutions:
    • PoS systems
    • ATMs
    • Crypto-currencies
    • E-commerce data breaches
  • Critical infrastructure protection (SCADA/ICS)
  • Internet of Things:
    • Autonomous transportation (self-driving cars, drones)
    • Smart homes and smart devices
    • Smart cities
  • Attacks on medical devices
  • Threats to Gaming industry:
    • Game cheats and defense mechanisms
    • Server and client-side vulnerabilities
    • Industrial espionage targeting gaming industry
    • Mass infections via gaming vendor breach
  • Cross-border law-enforcement coordination and information sharing
  • Vulnerability discovery and responsible disclosure
  • Techniques for development of secure software and systems
  • Side Channel and Physical Attacks
  • Blockchain and smart contracts

Individual proposals should be no more than 350 words in length (final presentations will be no more than 20 minutes). Proposals should include the title of the paper and should clearly spell out the focus and goal of the presentation.

You can send your abstract directly to sasCFP@kaspersky.com. The deadline for submissions is December 10, 2018.

SAS 2019 Program Committee

Attending Participants

Join us

This is an event connecting security professionals from companies and law enforcement partners who are involved in the fight against cyber-crime.

The audience includes representatives from software vendors, anti-malware/anti-spam researchers, law enforcement professionals, vulnerability researchers and security response teams.

Attendees include trusted, high-profile journalists from New York Times, Reuters, Washington Post, Wired Magazine, Ars Technica, CNET News, Bloomberg, Forbes, Dark Reading and The Economist.

Whether you are an IT professional charged with defending your organization’s systems and data or a vendor-based security researcher, Security Analysts Summit offers opportunities to learn from the best in the industry, discuss methods and technologies, and build contacts.

If you are interested in attending SAS 2019 please contact us.

Sponsorship Opportunities

Security Analyst Summit is offering an attractive range of sponsorship opportunities for SAS 2017 at Platinum, Gold and Silver sponsorship levels. If you are interested in becoming a sponsor of SAS 2017 or exhibiting at the event please contact us for more details.

Click here to download sponsorship information.

Training

Book early and get a discount on SAS conference pricing!
Any questions? Just let us know!

Hunt APTs with Yara like a GReAT Ninja

Trainers: 

Costin Raiu, Director, Global Research & Analysis Team, Kaspersky Lab

Sergey Mineev, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team: Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

Early-bird deal! $2500 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

Have you ever wondered how Kaspersky Lab discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. This training will lead you through one of the essential tools for the APT hunter: the Yara detection engine.

If you’ve wondered how to master Yara and how to achieve a new level of knowledge in APT detection, mitigation and response, it all breaks down to a couple of secret ingredients. One of them is our private stash of Yara rules for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does. During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with Yara.

INTENDED AUDIENCE

Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff. The training is suitable for both beginners and experienced Yara users.

TOPICS COVERED

* Brief intro into Yara syntax
* Tips & tricks to create fast and effective rules
* Using Yara-generators
* Testing Yara rules for false positives
* Hunting new undetected samples on VT
* Using external modules within Yara for effective hunting
* Anomaly search
* Lots (!) of real-life examples
* A set of exercises for improving your Yara skills

CLASS REQUIREMENTS

Level: medium and advanced

Prerequisites: knowledge of the Yara language and basic rules

Class: limited to max 15 participants

Hardware: Own laptop

Minimum Software to install: Yara v. 3.6.0

Duration: 2 days

Date: April 7-8, 2019

Book now

The God-Mode Practical Training in Static Analysis of APT Malware

Trainers:

Igor Soumenkov, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Sergey Lozhkin, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team:Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

Early-bird deal! $2500 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

Every flashy new computer incident involving previously unseen malicious code boils down to one question: ‘what are the attackers trying to do?’ Answering this question requires a keen investigative mind and skills to match in order to determine the functionality of that code and boil it down into actionable artifacts: either a basic set of IOCs or a complete technical description that reveals the TTPs of the attackers. With these products in hand, an organization can proactively defend against the most cutting-edge attackers.

Easier said than done. Organizations affected by a true APT-level attack will require a deep understanding of the APT toolkit to truly understand the extent of the capabilities and intentions of the determined intruders. Only with this can they ever be sure that their damage assessment and incident response efforts are accurate and effective. The only way to reach this level of understanding with true fidelity is to statically analyze the malicious code (no “if’s”, “and’s”, or dynamic “but’s” about it).

Unlike easier dynamic analysis techniques, Advanced Static Analysis allows to produce high fidelity descriptions of the executable code regardless of execution flow and tricky runtime checks. It allows analysts to produce an extensive set of actionable items, including lists of C&C servers, file and memory signatures, crypto implementations and more. A combined understanding of unique code sequences and algorithm employed by the malware developers is key in malware classification, toolset attribution, and the creation of the most advanced hunting signatures.

This course will cover most of the steps required to analyze a modern APT toolkit, from receiving the initial sample, all the way to producing a deep technical description with IOCs. The course material is based on many years of experience analysing the most complex threats ever discovered in-the-wild, including: Equation, Red October, Sofacy, Turla, Duqu, Carbanak, ShadowPad, and many more. It’s time to set your static analysis game to God-Mode.

TOPICS COVERED

* Unpacking
* Decryption
* Developing own decryptors for common scenarios
* Byte code decompilation
* Code decomposition
* Disassembly
* Reconstruction of modern APT architectures
* Recognizing typical code constructs
* Identification of cryptographic and compression algorithms
* Classification and attribution based on code and data
* Class and structure reconstruction
* APT plugin architectures (based on recent APT samples)

PREREQUISITES

* Understanding of x86 and x86_64 assembly, Python
* Basic knowledge of C/C++
* Experience with analysing code in IDA Pro

Level: medium and advanced

Hardware & Software requirements:

* Laptop with VMWare / VirtualBox virtualization solution
* Legitimate copy of IDA Pro (latest version preferred)
* Working C/C++ compiler toolset: clang, g++, mingw

Class: limited to max 15 participants

Duration: 2 days

Date: April 7-8, 2019

Book now

The Good and the GReAT— Stepping up your Threat Intelligence Game

Trainers: 

Brian Bartholomew, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Brian Candlish, Principal Threat Researcher, Telstra Threat Labs

Early-bird deal! $2500 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

In the past decade, ‘threat intelligence’ has become one of the hottest commodities in the infosec market for companies to either purchase or create. As a threat intel analyst, one must be a Jack-Of-All-Trades, without over-specializing in any one thing. Unfortunately, there are few guidelines and fewer training courses for analysts to obtain a solid foundation. Even seasoned threat intel analysts find themselves creating specific tools to accomplish a task, only to find out that someone else has already done so. And in those rare cases where expert analysts are stumped, who can they turn to for guidance? This course is designed to serve threat intel analysts of all levels of experience, providing a solid foundation for beginner-to-intermediate intel analysts, as well as showing more advanced analysts how the Global Research and Analysis Team (GReAT) conducts their research in special fringe cases.

The course will span two full days and cover the entire gamut of threat intelligence. Some of the topics covered include:

* Concepts of threat intelligence
* Intelligence life cycle
* Defining intelligence requirements
* Collecting and processing data
* Maximizing data through automation
* Open source / custom tools
* Threat hunting in large security datasets
* Intelligence reporting
* Dealing with biases
* Using estimative language
* Each day will end with large hands-on labs (approx. 2 hrs each)

CLASS REQUIREMENTS

Level: Intermediate or above

Prerequisites:
Students should be interested in learning about the many aspects of threat intelligence. Preferably, the student should be part of a threat intel team as an analyst or lead. Familiarity with commercial and open source tools such as VirusTotal, PassiveTotal, or DomainTools is helpful. Experience hunting threats and analyzing malware considered a plus.

Each student should have their own laptop with access to whatever tools they use on a daily basis. Students will be provided access to other tools as needed during the class.

Class: limited to max 15 participants

Hardware: Laptop with a minimum 20GB free space HD and 8GB RAM capable of running VMs.

Minimum Software to install: Windows / MacOS / Linux equivalent. VMWare / Virtualbox

Duration: 2 days

Date: April 7-8, 2019

Book now

Remote Forensics for the Modern Malware Hunter

Trainers: 

Vitaly Kamluk, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Nicolas Collery, Head of Offensive Security Services, DBS Bank

Early-bird deal! $2500 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

The increased frequency and complexity of advanced cyberattacks require swift response and silent navigation through compromised assets of sometimes large distributed networks. One of most popular approaches today relies on EDR or other live agent-based solutions. This is useful when responding to attacks by low skilled or below-average adversaries. However, the activation of security agents and activities on live compromised systems may trigger the attacker’s alerts, which may lead to a massive cleanup operation and destruction of evidence. Offline system analysis, on the other hand, may not be easy due to physical distance to the compromised system or scale of the network. This is where remote offline digital forensics becomes an incredible useful approach.

This training introduces the free, open-source forensics tool Bitscout. Attendees will learn how to build their own remote analysis tool, package with their own arsenal and how to handle customizations.

The training will be conducted by the author of the tool.

PREREQUISITES
* Familiarity with digital forensics principles
* Malware analysis and basic reversing skills
* Understanding of virtualization, networking, OS architecture, coding and scripting

Class plan:

1. Introduction and theory
2. Building your own remote ninja tool
3. Exercises:
-> Discovering malware remotely
-> Finding attack infection vectors
-> Remote disk image acquisition methods
-> Virtualization-based wizardry
-> Breaking through proprietary disk encryption
-> Analyzing non-Windows platforms
-> Converting compromised host into safe honeypot

Class: limited to max 15 participants

Hardware & Software requirements: Laptop or VM with Debian-based Linux, i.e. Ubuntu

Duration: 2 days

Date: April 7-8, 2019

Book now

KL ICS CERT Hands-on: IoT vulnerability exploitation

Trainers:

Pavel Cheremushkin, Security Researcher, Kaspersky Lab ICS CERT, Kaspersky Lab
Roland Sako, Security Researcher, Kaspersky Lab ICS CERT, Kaspersky Lab
Andrew Muravitsky, Senior Security Researcher, Kaspersky Lab ICS CERT, Kaspersky Lab

Early-bird deal! $2500 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)
Kaspersky Lab ICS CERT is conducting a practical course in IoT vulnerability research. This class provides a deep dive into hardware analysis, firmware extraction and analysis, vulnerability research and exploitation.

Class plan:
* Meet the devices. Identifying research surface: input and output interfaces, communication channels and architecture
* Firmware analysis: different practical ways of extraction
* OS identification and analysis
* IoT firmware and binaries static analysis
* IoT firmware and binaries dynamic analysis
* Firmware modification, patching, vulnerability identification, analysis and exploitation

During this course, you will be given a set of real devices and a step-by-step methodology that will help you in vulnerability identification, analysis and exploitation.

PREREQUISITES
* Understanding of ARM architecture
* Basic knowledge of C/C++, script languages
* Basic understanding of Unix-like systems
* Experience with analyzing code in Radare2, IDA Pro

CLASS REQUIREMENTS

Level: medium and advanced
Hardware & Software requirements: Laptop with VMWare / VirtualBox virtualization solution
Class: limited to max 15 participants
Duration: 2 days
Date: April 7-8, 2019

Book now

Travel Details

The Security Analyst Summit 2019 will be held on April 8-11 at The Swissôtel The Stamford, 2 Stamford Road, Singapore.

 

Step into a world of comfort and experience the finest in Swiss hospitality at Swissotel The Stamford, Singapore’s Leading Business Hotel and one of the tallest hotels in Southeast Asia. Strategically located in the heart of Singapore with the City Hall Mass Rapid Transit (MRT) train station and other major transportation nodes at its doorstep, Swissotel The Stamford is an upscale hotel that boasts a prime location amidst world-class shopping, dining, entertainment and business opportunities.

For more information please visit https://www.swissotel.com/hotels/singapore-stamford/

We have partnered with United Airlines to offer travel discounts to our event in Singapore. Visit United Meetings Travel webpage and enter ZG6W627776 in the Offer Code box to book your flight to Singapore!

Please note that travel must be booked between 4/2/2019 – 4/16/2019 in order to receive the discount.

2009065E-LOGO-AFKLMTO-RVB

Attractive discounts on a wide range of fares on all Air France and KLM flights worldwide. Click here to book your flight!

Event ID Code to keep for the booking: 34333AF

sky

Book your flights now and take advantage of attractive air fares by simply clicking.

Event ID Code to keep for the booking: 3976S

 

SAS in the media

Videos

Previously on Security Analyst Summit

Kaspersky Security Analyst Summit, 2018
Kaspersky Security Analyst Summit, 2018

When: March 7-11, 2018

Where: Cancun, Mexico

Click here for more details

Kaspersky Security Analyst Summit, 2017
Kaspersky Security Analyst Summit, 2017

When: April 2-6, 2017

Where: St. Maarten

Click here for more details

Code of Conduct

Security Analyst Summit (SAS) is dedicated to providing a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of event participants in any form. Sexual language and imagery is not appropriate for any event venue, including talks. Event participants violating these rules may be sanctioned or expelled from the event without a refund at the discretion of the event organizers.

Harassment
Harassment includes offensive verbal comments related to gender, sexual orientation, disability, physical appearance, body size, race, religion, sexual images in public spaces, deliberate intimidation, stalking, following, harassing photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.

Exhibitors & Sponsors
Exhibitors and sponsors are also subject to the anti-harassment policy. In particular, exhibitors should not use sexualized images, activities, or other material. Booth staff (including volunteers) should not use sexualized clothing/uniforms/costumes, or otherwise create a sexualized environment.

Participants
If a participant engages in harassing behavior, the event organizers may take any action they deem appropriate, including warning the offender or expulsion from the event with no refund. If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact a member of event staff immediately. Event staff can be identified by t-shirts/special badges.

Event staff will be happy to help participants contact hotel/venue security or local law enforcement, provide escorts, or otherwise assist those experiencing harassment to feel safe for the duration of the event. We value your attendance.

Venue & Social Events
We expect participants to follow these rules at all related venues and social events.

*This Code of Conduct was forked from the example policy from the Geek Feminism wiki, created by the Ada Initiative and other volunteers, which is under a Creative Commons Zero license.

Contact Us

Email: sas2019@kaspersky.com

Tel: +7 (903) 961-05-60 (Russian Federation)

Follow SAS 2019 on Twitter with the hashtag #TheSAS2019. We’ll also be live tweeting many of the talks during SAS.

Follow @TheSAScon and @threatpost now!