Cancun, Mexico – March 7-11, 2018

More videos

  • button-facebook
  • button-twitter
  • button-instagram

About the Security Analyst Summit

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

The previous events were joined by members of leading global companies, such as Samsung, Adobe, Microsoft, BlackBerry, CISCO, Boeing, Interpol, the World Bank, Team Cymru, The ShadowServer Foundation, ICSA Labs and Fidelis Cybersecurity Solutions. 

The conference provides an exclusive atmosphere that encourages debate, information sharing and display of cutting-edge research, new technologies, and ways to improve collaboration in the fight against cyber-crime.


Nation state cyber-espionage and advanced threat actors
Internet of Things


Government surveillance issues and privacy rights


Threats against banks, financial institutions


Mobile Malware


Critical infrastructure protection (SCADA/ICS)


Cross-border law-enforcement coordination and information sharing


Vulnerability discovery and responsible disclosure


Web SAS 2018

Web SAS is online series of webinars, held by leading Kaspersky Lab security experts, that will cover the major findings at SAS. This is a unique opportunity to be acquainted with the latest researches, evolutions of known trends, details of critical tools and techniques, and much more – even if you don’t have a chance to visit SAS itself.

March 13. Webinar 1. Recently discovered sophisticated cyberthreats – are you ready?

March 13, 8:30 AM
Speaker – Costin Raiu, Head of Global Research & Analysis Team
To join the webinar, please go to this link.

March 13. Webinar 2. IT security vulnerabilities in healthcare. How to avoid losing patient records

March 13, 10:00 AM
Speaker – Denis Makrushin, security researcher at Kaspersky Lab
To join the webinar, please go to this link.

March 14. Webinar 3. The end of cyber-threat intelligence. Can we keep pace with criminals’ developing tactics?

March 14, 8:30 AM
Speaker – Vicente Diaz, security researcher at Kaspersky Lab
To join the webinar, please go to this link.

March 14. Webinar 4. How underground intelligence could save financial services

March 14, 10:00 AM
Speaker- Sergey Lozhkin, security researcher at Kaspersky Lab
To join the webinar, please go to this link.

March 15. Webinar 5. A arte e o jeitinho brasileiro da clonagem de cartão de crédito.

March 15, 9:00 AM
Speakers – Fabio Assolini, Thiago Marques, analistas de segurança, Kaspersky Lab
To join the webinar, please go to this link.

Attending Speakers

Who will share the experiences

  • Brandon Dixon

    Brandon Dixon


    Brandon has spent his career in information security performing analysis, building tools, and refining processes. As VP of Product, he is responsible for managing the direction of all RiskIQ offerings. Prior to RiskIQ, Brandon was the co-founder of PassiveTotal (acquired by RiskIQ) where he led development and product direction. Throughout the years, Brandon has developed several public tools, most notably PDF X-RAY, and NinjaJobs. His research and development on various security topics have gained him accolades from many major security vendors and peers in the industry.

  • Paul Vixie

    Paul Vixie

    Farsight Security

    Dr. Paul VIXIE was inducted as an Innovator into the Internet Hall of Fame in 2014 after earning his Ph.D. in Computer Science from KEIO University in 2010. He is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. He was the founder of the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), the first neutral and commercial Internet exchange (PAIX, 1991), and of Farsight Security (2012), where he now serves as Chairman and Chief Executive Officer.

  • Vitaly Kamluk

    Vitaly Kamluk

    Kaspersky Lab

    Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation.

  • Jay Rosenberg

    Jay Rosenberg

    Intezer Labs

    Jay Rosenberg is a Senior Security Researcher at Intezer Labs. Originally from New York, he is now currently based in Tel Aviv. He is 25 years old and begun programming as well as reverse engineering at the age of 12. Expertise and specializing in malware analysis, x86 assembly, memory analysis, and Windows system internals. Having worked on everything from analyzing and attributing the largest cyber attacks in the past year to being in charge of the research behind our products focusing on code reuse detection at Intezer.

  • Marc Rogers

    Marc Rogers


    Marc Rogers is Principal Security Researcher at CloudFlare. Rogers is a Whitehat hacker who has worked in the security industry for almost twenty years, including a decade managing security for the UK operator Vodafone. As well as his work in the telecoms industry, he has been a CISO in South Korea and founded a disruptive Bay Area startup. He is a security evangelist, who has a positive outlook on how security should be implemented in today’s global organizations. It’s this outlook that he used when he helped put together the award winning BBC series “The Real Hustle”. He is also the Head of Security at DEF CON, the world’s largest Hacker conference.

  • Peter Kruse

    Peter Kruse

    CSIS security Group A/S

    Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.
    Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.

  • John Bambenek

    John Bambenek

    Bambenek Consulting

    John Bambenek is the President of Bambenek Consulting and a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign. He is also one of the incident handlers at the SANS Internet Storm Center. He has over 18 years experience in information security and leads several international investigative efforts tracking cybercriminals, some of which have lead to high profile arrests and legal actions. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He produces some of the largest bodies of open-source intelligence used by thousands of entities across the world.

  • Santiago Pontiroli

    Santiago Pontiroli

    Kaspersky Lab

    Santiago Pontiroli joined Kaspersky Lab as Security Researcher in October 2013. His principal responsibilities include the analysis and investigation of security threats in the South of Latin America (SOLA), web application security, the development of automatization tools stemming from threat intelligence studies and the reverse engineering of programs with malicious code.
    Before joining Kaspersky Lab, Santiago served as Development Leader at Accenture for projects such as Site Concept Studio and Avanade Connected Methods, where he supervised all technical aspects of his teams, developed and presented demos on the different platforms and offered technical support to the sales team. Prior to Accenture, Santiago worked as a consultant for several companies, providing support on access control software, system and network administration, server hardening and web application security.

  • Eva Galperin

    Eva Galperin


    Eva Galperin is EFF’s Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF’s Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.

  • Andrew Blaich

    Andrew Blaich


    Andrew Blaich is a security researcher and the head of device intelligence at Lookout where he is focused on threat hunting and vulnerability research. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a Ph.D. in computer science, and engineering from the University of Notre Dame in enterprise security and wireless networking. Andrew has presented at conferences including BlackHat, RSA, ShmooCon, and SAS.
    In his free time he loves to run.

  • Jakub Kroustek

    Jakub Kroustek


    Jakub is Threat Lab Team Lead at Avast Software, and was AVG Virus Lab Team Lead before AVG was acquired by Avast.
    Jakub is a passionate malware hunter and researcher with a love of reverse engineering. His expertise lies in ransomware, botnets, IoT hacking, darknet, and cryptocurrencies.
    Jakub hates malware, but enjoys analyzing it and spreading the word about his findings by presenting at conferences, like Virus Bulletin, CARO, or Botconf.
    He holds a Ph.D. degree in Computer Science and Engineering from the Brno University of Technology.

  • Maria 'Azeria' Markstedter

    Maria 'Azeria' Markstedter

    Azeria Labs

    Azeria is an independent security researcher and penetration tester with a passion for Arm exploitation. Recognizing the central role of Arm in the proliferation of computing, she has set her sights on advancing Arm security and defense beyond its current constraints through vulnerability research, and has founded Azeria Labs to help others with a similar interest by filling the wide gap in educational material about the art of Arm exploitation through workshops and tutorials.

Attending Participants

Join us

This is an event connecting security professionals from companies and law enforcement partners who are involved in the fight against cyber-crime.

The audience includes representatives from software vendors, anti-malware/anti-spam researchers, law enforcement professionals, vulnerability researchers and security response teams.

Attendees include trusted, high-profile journalists from New York Times, Reuters, Washington Post, Wired Magazine, Ars Technica, CNET News, Bloomberg, Forbes, Dark Reading and The Economist.

Whether you are an IT professional charged with defending your organization’s systems and data or a vendor-based security researcher, Security Analysts Summit offers opportunities to learn from the best in the industry, discuss methods and technologies, and build contacts.

If you are interested in attending SAS 2018 please contact us.

Sponsorship Opportunities

Security Analyst Summit is offering an attractive range of sponsorship opportunities for SAS 2018 at Platinum, Gold and Silver sponsorship levels.   If you are interested in becoming a sponsor of SAS 2018 or exhibiting at the event please contact us for more details.

Click here to download sponsorship information.


Book early and get a discount on SAS conference pricing!
Any questions? Just let us know!

Hunt APTs with Yara like a GReAT Ninja


Costin Raiu, Director, Global Research & Analysis Team, Kaspersky Lab

Vitaly Kamluk, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Sergey Mineev, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team: Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

$2800 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2018 pass)

Have you ever wondered how Kaspersky Lab discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. This training will lead you through one of the essential tools for the APT hunter: the Yara detection engine.

If you’ve wondered how to master Yara and how to achieve a new level of knowledge in APT detection, mitigation and response, it all breaks down to a couple of secret ingredients. One of them is our private stash of Yara rules for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does. During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with Yara.


Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff. The training is suitable for both beginners and experienced Yara users.


* Brief intro into Yara syntax
* Tips & tricks to create fast and effective rules
* Using Yara-generators
* Testing Yara rules for false positives
* Hunting new undetected samples on VT
* Using external modules within Yara for effective hunting
* Anomaly search
* Lots (!) of real-life examples
* A set of exercises for improving your Yara skills


Level: medium and advanced

Prerequisites: knowledge of the Yara language and basic rules

Class: limited to max 15 participants

Hardware: Own laptop

Minimum Software to install: Yara v. 3.6.0

Duration: 2 days

Date: March 6-7, 2018

Book now

The God-Mode Practical Training in Static Analysis of APT Malware


Igor Soumenkov, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Sergey Golovanov, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team:Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

$2800 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2018 pass)

Every flashy new computer incident involving previously unseen malicious code boils down to one question: ‘what are the attackers trying to do?’ Answering this question requires a keen investigative mind and skills to match in order to determine the functionality of that code and boil it down into actionable artifacts: either a basic set of IOCs or a complete technical description that reveals the TTPs of the attackers. With these products in hand, an organization can proactively defend against the most cutting-edge attackers.

Easier said than done. Organizations affected by a true APT-level attack will require a deep understanding of the APT toolkit to truly understand the extent of the capabilities and intentions of the determined intruders. Only with this can they ever be sure that their damage assessment and incident response efforts are accurate and effective. The only way to reach this level of understanding with true fidelity is to statically analyze the malicious code (no “if’s”, “and’s”, or dynamic “but’s” about it).

Unlike easier dynamic analysis techniques, Advanced Static Analysis allows to produce high fidelity descriptions of the executable code regardless of execution flow and tricky runtime checks. It allows analysts to produce an extensive set of actionable items, including lists of C&C servers, file and memory signatures, crypto implementations and more. A combined understanding of unique code sequences and algorithm employed by the malware developers is key in malware classification, toolset attribution, and the creation of the most advanced hunting signatures.

This course will cover most of the steps required to analyze a modern APT toolkit, from receiving the initial sample, all the way to producing a deep technical description with IOCs. The course material is based on many years of experience analysing the most complex threats ever discovered in-the-wild, including: Equation, Red October, Sofacy, Turla, Duqu, Carbanak, ShadowPad, and many more. It’s time to set your static analysis game to God-Mode.


* Unpacking
* Decryption
* Developing own decryptors for common scenarios
* Byte code decompilation
* Code decomposition
* Disassembly
* Reconstruction of modern APT architectures
* Recognizing typical code constructs
* Identification of cryptographic and compression algorithms
* Classification and attribution based on code and data
* Class and structure reconstruction
* APT plugin architectures (based on recent APT samples)


* Understanding of x86 and x86_64 assembly, Python
* Basic knowledge of C/C++
* Experience with analysing code in IDA Pro

Level: medium and advanced

Hardware & Software requirements:

* Laptop with VMWare / VirtualBox virtualization solution
* Legitimate copy of IDA Pro (latest version preferred)
* Working C/C++ compiler toolset: clang, g++, mingw

Class: limited to max 15 participants

Duration: 2 days

Date: March 6-7, 2018

Book now

The Good and the GReAT— Stepping up your Threat Intelligence Game


Brian Bartholomew, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Juan Andres Guerrero-Saade, Principal Security Researcher, Insikt Group, Recorded Future

$2800 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2018 pass)

In the past decade, ‘threat intelligence’ has become one of the hottest commodities in the infosec market for companies to either purchase or create. As a threat intel analyst, one must be a Jack-Of-All-Trades, without over-specializing in any one thing. Unfortunately, there are few guidelines and fewer training courses for analysts to obtain a solid foundation. Even seasoned threat intel analysts find themselves creating specific tools to accomplish a task, only to find out that someone else has already done so. And in those rare cases where expert analysts are stumped, who can they turn to for guidance? This course is designed to serve threat intel analysts of all levels of experience, providing a solid foundation for beginner-to-intermediate intel analysts, as well as showing more advanced analysts how the Global Research and Analysis Team (GReAT) conducts their research in special fringe cases.

The course will span two full days and provide many hands-on practical exercises to teach the students the many aspects of gathering and creating threat intelligence. We will start with incident investigation techniques, to include finding suspected malware on a system, performing quick forensics analysis to obtain crucial information in the least amount of time, analyzing and understanding the discovered malware, and reconstructing a timeline of events. Using the discovered information, we will then show the students the many ways of discovering more malware samples, identifying as much of the threat actor’s infrastructure as possible, and how to correctly postulate and report on the actor’s origin and intent. Finally, we will finish with showing the students some of the home grown tools GReAT uses in their daily routine to hunt for and discover new threats of interest.

This course strives for a content balance of 30% instructional and 70% hands on. The exercises provide real world examples previously encountered in our work.


Level: medium and advanced

Students should be familiar with IDA Pro and Yara syntax and have a decent grasp of both Python scripting and Intel x86 malware reverse engineering.

Class: limited to max 15 participants

Hardware: Laptop with a minimum 20GB free space HD and 8GB RAM capable of running VMs

Minimum Software to install: Copy of IDA Pro, Yara preinstalled

Duration: 2 days

Date: March 6-7, 2018

Book now

Travel Details

The Kaspersky Security Analyst Summit 2018 will be held on March 7-11 at The Grand Fiesta Americana Hotel, Coral Beach, Cancun, Mexico Km 9.5, Blvd. Kukulcan, Zona Hotelera, 77500.


Cancun’s luxury resort located on a secluded stretch of white sand beach and its 602 all oceanview suites, each with a private terrace facing the magical turquoise waters. This Caribbean resort offers a spacious, heated cascading pool with three swim-up bars and sun loungers, while the private beach provides shaded palapas. Grand Fiesta Americana Coral Beach Cancun resort’s highest two floors are dedicated to the Grand Club, which provides lavish services, a dedicated lounge and personal concierge as well as above-and-beyond amenities available in both the VIP Penthouse lounge and beach side sundeck. A perfect blend of serenity and activity, this Cancun resort is steps away from the destination’s vibrant nightlife, and Luxury Shopping as well as the high speed ferry to colorful and picturesque Isla Mujeres.For more information please visit http://www.coralbeachcancunresort.com/


Attractive discounts on a wide range of fares on all Air France flights to Cancun from any part of the world.

Event ID Code to keep for the booking: 32200AF

Book your flights now!


Lufthansa Group Partner Airlines offer a comprehensive global route network linking major cities around the world. We offer special prices and conditions to participants, visitors, exhibitors, invited guests as well as employees of the Contracting partner and their travel companions.

To make a reservation, please click here and enter the access code RUZJXGQ in the “Access to Your Special Lufthansa Offer” area. This will open an online booking platform that will automatically calculate the discount offered or provide you with an even better offer if another promotional fare is available.


SAS in the media


Previously on Security Analyst Summit

Kaspersky Security Analyst Summit, 2017
Kaspersky Security Analyst Summit, 2017

When: April 2-6, 2017

Where: St. Maarten

Click here for more details

Kaspersky Security Analyst Summit, 2016
Kaspersky Security Analyst Summit, 2016

When: February 7-11, 2016

Where: Tenerife, Spain

Click here for more details

Contact Us

Email: sas2018@kaspersky.com

Tel: +7 (903) 961-05-60 (Russian Federation)

Follow SAS 2018 on Twitter with the hashtag #TheSAS2018. We’ll also be live tweeting many of the talks during SAS.

Follow @TheSAS2018 and @threatpost now!