Singapore – April 8-11, 2019


The SAS 2020 is here


More videos

  • button-facebook
  • button-twitter
  • button-instagram

About the Security Analyst Summit

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

The previous events were joined by members of leading global companies, such as Samsung, Adobe, Microsoft, BlackBerry, CISCO, Boeing, Interpol, the World Bank, Team Cymru, The ShadowServer Foundation, ICSA Labs and Fidelis Cybersecurity Solutions. 

The conference provides an exclusive atmosphere that encourages debate, information sharing and display of cutting-edge research, new technologies, and ways to improve collaboration in the fight against cyber-crime.


Nation state cyber-espionage and advanced threat actors
Internet of Things


Government surveillance issues and privacy rights


Threats against banks, financial institutions


Mobile Malware


Critical infrastructure protection (SCADA/ICS)


Cross-border law-enforcement coordination and information sharing


Vulnerability discovery and responsible disclosure


Attending Speakers

Who will share the experiences

  • Maddie Stone

    Maddie Stone


    Maddie Stone is a Security Engineer on the Android Security team at Google. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including REcon Montreal, DerbyCon, and the Women in Cybersecurity Conference.

  • Joe Fitzpatrick

    Joe Fitzpatrick


    Joe is a Trainer and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks courses, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

  • Saher Naumaan

    Saher Naumaan

    BAE Systems

    Saher is a Threat Intelligence Analyst at BAE Systems Applied Intelligence and a rising star in the industry. She currently researches state-sponsored cyber espionage with a focus on threat groups and activity in the Middle East. Saher specialises in analysis covering the intersection of geopolitics and cyber operations, and regularly speaks at public and private conferences around the world. Prior to working at Applied Intelligence, Saher graduated from King’s College London with a Master’s in Intelligence and Security, where she received the Barrie Paskins Award for Best MA dissertation in War Studies.

  • Staffan Truvé

    Staffan Truvé

    Recorded Future

    Staffan is the Co-founder and CTO of Recorded Future. Previous to that, he was CEO of the Swedish Institute of Computer Science (SICS) and Interactive Institute.
    Staffan has co-founded or helped launch more than a dozen high tech start-ups, including Spotfire, Appgate, SmartEye, PilotFish, Makewave, Gavagai, Peerialism, Axiomatics, and Recorded Future. He holds a PhD in computer science from Chalmers University of Technology, has been a visiting Fulbright Scholar at MIT and holds an MBA from Göteborg University. His research interests include parallel and distributed computing, artificial intelligence, information visualization, and open source intelligence.
    Staffan is a member of the Royal Swedish Academy of Engineering Sciences.

  • Haroon Meer

    Haroon Meer


    Haroon Meer is the founder of Thinkst, the company behind the awesome Thinkst Canary. Haroon has contributed to several books on information security and has published a number of papers and tools on various topics related to the field. Over the past decade (and a half) he has delivered research, talks, and keynotes at conferences around the world.

  • Juan Andres Guerrero-Saade

    Juan Andres Guerrero-Saade

    Chronicle Security

    Juan Andrés is Staff Security Researcher at Chronicle Security tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of specialized research in Philosophical Logic. His publications include ‘The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage’, ‘Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and ‘Walking in your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell’.

  • Kurt Baumgartner

    Kurt Baumgartner

    Kaspersky Lab

    Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team at Kaspersky Lab. He’s worked out of Boulder, Colorado, focused on targeted attacks since 2010. He supports research efforts with reversing and analysis, and authors private APT intelligence reports and external publications.

  • Aleksandra Doniec

    Aleksandra Doniec


    Aleksandra is passionate about IT since early teenage years. From that time she collected a wide range of experience – working as a scientific researcher, programmer, pentester and analyst. Currently works as a malware intelligence analyst for Malwarebytes, sharing knowledge about the current threats it in technical blog posts, as well as on a private YouTube channel. She is an author and active maintainer of several free and open-source tools, mostly related to malware analysis, i.e. PE-bear, PE-sieve.

  • Andrew 'bunnie' Huang

    Andrew 'bunnie' Huang

    Independent Researcher

    Bunnie is best known for his work hacking the Microsoft Xbox, as well as for his efforts in designing and manufacturing open source hardware, including the chumby (app-playing alarm clock), chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop). He received his PhD in EE from MIT in 2002. He currently lives in Singapore where he runs Kosagi, a private product design studio. bunnie actively mentors several startups and students of the MIT Media Lab.

  • Aseel Kayal

    Aseel Kayal

    Check Point

    Aseel is a malware analyst at Check Point Research. She joined Check Point as a security analyst in 2016. She received her bachelor’s degree in Computer Science and English Literature, and speaks Arabic, Hebrew and English. Aseel’s research mainly focuses on threat groups and cyberattacks in the Middle East. Some of her work was presented at security conferences such as Virus Bulletin and Botconf.

  • Kris McConkey

    Kris McConkey


    Kris leads our Cyber Threat Detection and Response team which comprises of highly specialised cyber security professionals. He is responsible for the delivery of our cyber threat response capabilities which enables clients to resist, detect and respond to advanced cyber attacks. Focusing on cyber crime, espionage investigations and technical countermeasures, his team is regularly called on to investigate and contain network intrusions and provide actionable threat intelligence to clients in crisis situations.

  • Vitaly Kamluk

    Vitaly Kamluk

    Kaspersky Lab

    Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation. He remains a Principal Security Researcher at Kaspersky Lab.

SAS Unplugged

Hey, Singaporean community, wanna join?

#TheSAS2019 is thrilled to introduce a new component – SAS Unplugged – as a way to give back to the security research community. SAS Unplugged is an adjoining mini-conference providing workshops, presentations, technical classes, career advice, and interactive games and challenges.
We are welcoming students, young talents and researchers, who just started their career in IT Security as well as matured enthusiasts who thrilled to learn what SAS is.

Check the agenda for SAS Unplugged and register for the event right HERE!

Sponsorship Opportunities

Security Analyst Summit is offering an attractive range of sponsorship opportunities for SAS 2019 at Platinum, Gold and Silver sponsorship levels. If you are interested in becoming a sponsor of SAS 2019 or exhibiting at the event please contact us for more details.

Click here to download sponsorship information.


Book early and get a discount on SAS conference pricing!
Any questions? Just let us know!

Hunt APTs with Yara like a GReAT Ninja - SOLD OUT!


Costin Raiu, Director, Global Research & Analysis Team, Kaspersky Lab

Sergey Mineev, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team: Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

$2800 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

Have you ever wondered how Kaspersky Lab discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. This training will lead you through one of the essential tools for the APT hunter: the Yara detection engine.

If you’ve wondered how to master Yara and how to achieve a new level of knowledge in APT detection, mitigation and response, it all breaks down to a couple of secret ingredients. One of them is our private stash of Yara rules for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does. During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with Yara.


Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff. The training is suitable for both beginners and experienced Yara users.


* Brief intro into Yara syntax
* Tips & tricks to create fast and effective rules
* Using Yara-generators
* Testing Yara rules for false positives
* Hunting new undetected samples on VT
* Using external modules within Yara for effective hunting
* Anomaly search
* Lots (!) of real-life examples
* A set of exercises for improving your Yara skills


Level: medium and advanced

Prerequisites: knowledge of the Yara language and basic rules

Class: limited to max 15 participants

Hardware: Own laptop

Minimum Software to install: Yara v. 3.6.0

Duration: 2 days

Date: April 7-8, 2019

The God-Mode Practical Training in Static Analysis of APT Malware - SOLD OUT!


Igor Soumenkov, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Sergey Lozhkin, Senior Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team:Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

$2800 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

Every flashy new computer incident involving previously unseen malicious code boils down to one question: ‘what are the attackers trying to do?’ Answering this question requires a keen investigative mind and skills to match in order to determine the functionality of that code and boil it down into actionable artifacts: either a basic set of IOCs or a complete technical description that reveals the TTPs of the attackers. With these products in hand, an organization can proactively defend against the most cutting-edge attackers.

Easier said than done. Organizations affected by a true APT-level attack will require a deep understanding of the APT toolkit to truly understand the extent of the capabilities and intentions of the determined intruders. Only with this can they ever be sure that their damage assessment and incident response efforts are accurate and effective. The only way to reach this level of understanding with true fidelity is to statically analyze the malicious code (no “if’s”, “and’s”, or dynamic “but’s” about it).

Unlike easier dynamic analysis techniques, Advanced Static Analysis allows to produce high fidelity descriptions of the executable code regardless of execution flow and tricky runtime checks. It allows analysts to produce an extensive set of actionable items, including lists of C&C servers, file and memory signatures, crypto implementations and more. A combined understanding of unique code sequences and algorithm employed by the malware developers is key in malware classification, toolset attribution, and the creation of the most advanced hunting signatures.

This course will cover most of the steps required to analyze a modern APT toolkit, from receiving the initial sample, all the way to producing a deep technical description with IOCs. The course material is based on many years of experience analysing the most complex threats ever discovered in-the-wild, including: Equation, Red October, Sofacy, Turla, Duqu, Carbanak, ShadowPad, and many more. It’s time to set your static analysis game to God-Mode.


* Unpacking
* Decryption
* Developing own decryptors for common scenarios
* Byte code decompilation
* Code decomposition
* Disassembly
* Reconstruction of modern APT architectures
* Recognizing typical code constructs
* Identification of cryptographic and compression algorithms
* Classification and attribution based on code and data
* Class and structure reconstruction
* APT plugin architectures (based on recent APT samples)


* Understanding of x86 and x86_64 assembly, Python
* Basic knowledge of C/C++
* Experience with analysing code in IDA Pro

Level: medium and advanced

Hardware & Software requirements:

* Laptop with VMWare / VirtualBox virtualization solution
* Legitimate copy of IDA Pro (latest version preferred)
* Working C/C++ compiler toolset: clang, g++, mingw

Class: limited to max 15 participants

Duration: 2 days

Date: April 7-8, 2019

The Good and the GReAT— Stepping up your Threat Intelligence Game - SOLD OUT!


Brian Bartholomew, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Brian Candlish, Principal Threat Researcher, Telstra Threat Labs

$2800 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

In the past decade, ‘threat intelligence’ has become one of the hottest commodities in the infosec market for companies to either purchase or create. As a threat intel analyst, one must be a Jack-Of-All-Trades, without over-specializing in any one thing. Unfortunately, there are few guidelines and fewer training courses for analysts to obtain a solid foundation. Even seasoned threat intel analysts find themselves creating specific tools to accomplish a task, only to find out that someone else has already done so. And in those rare cases where expert analysts are stumped, who can they turn to for guidance? This course is designed to serve threat intel analysts of all levels of experience, providing a solid foundation for beginner-to-intermediate intel analysts, as well as showing more advanced analysts how the Global Research and Analysis Team (GReAT) conducts their research in special fringe cases.

The course will span two full days and cover the entire gamut of threat intelligence. Some of the topics covered include:

* Concepts of threat intelligence
* Intelligence life cycle
* Defining intelligence requirements
* Collecting and processing data
* Maximizing data through automation
* Open source / custom tools
* Threat hunting in large security datasets
* Intelligence reporting
* Dealing with biases
* Using estimative language
* Each day will end with large hands-on labs (approx. 2 hrs each)


Level: Intermediate or above

Students should be interested in learning about the many aspects of threat intelligence. Preferably, the student should be part of a threat intel team as an analyst or lead. Familiarity with commercial and open source tools such as VirusTotal, PassiveTotal, or DomainTools is helpful. Experience hunting threats and analyzing malware considered a plus.

Each student should have their own laptop with access to whatever tools they use on a daily basis. Students will be provided access to other tools as needed during the class.

Class: limited to max 15 participants

Hardware: Laptop with a minimum 20GB free space HD and 8GB RAM capable of running VMs.

Minimum Software to install: Windows / MacOS / Linux equivalent. VMWare / Virtualbox

Duration: 2 days

Date: April 7-8, 2019

Remote Forensics for the Modern Malware Hunter


Vitaly Kamluk, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Nicolas Collery, Head of Offensive Security Services, DBS Bank

$2800 (price includes hotel accommodation April 6-8, breakfast, lunch and coffee breaks, and does not include SAS 2019 pass)

The increased frequency and complexity of advanced cyberattacks require swift response and silent navigation through compromised assets of sometimes large distributed networks. One of most popular approaches today relies on EDR or other live agent-based solutions. This is useful when responding to attacks by low skilled or below-average adversaries. However, the activation of security agents and activities on live compromised systems may trigger the attacker’s alerts, which may lead to a massive cleanup operation and destruction of evidence. Offline system analysis, on the other hand, may not be easy due to physical distance to the compromised system or scale of the network. This is where remote offline digital forensics becomes an incredible useful approach.

This training introduces the free, open-source forensics tool Bitscout. Attendees will learn how to build their own remote analysis tool, package with their own arsenal and how to handle customizations.

The training will be conducted by the author of the tool.

* Familiarity with digital forensics principles
* Malware analysis and basic reversing skills
* Understanding of virtualization, networking, OS architecture, coding and scripting

Class plan:

1. Introduction and theory
2. Building your own remote ninja tool
3. Exercises:
-> Discovering malware remotely
-> Finding attack infection vectors
-> Remote disk image acquisition methods
-> Virtualization-based wizardry
-> Breaking through proprietary disk encryption
-> Analyzing non-Windows platforms
-> Converting compromised host into safe honeypot

Class: limited to max 15 participants

Hardware & Software requirements: Laptop or VM with Debian-based Linux, i.e. Ubuntu

Duration: 2 days

Date: April 7-8, 2019

Book now

Travel Details

The Security Analyst Summit 2019 will be held on April 8-11 at The Swissôtel The Stamford, 2 Stamford Road, Singapore.


Step into a world of comfort and experience the finest in Swiss hospitality at Swissotel The Stamford, Singapore’s Leading Business Hotel and one of the tallest hotels in Southeast Asia. Strategically located in the heart of Singapore with the City Hall Mass Rapid Transit (MRT) train station and other major transportation nodes at its doorstep, Swissotel The Stamford is an upscale hotel that boasts a prime location amidst world-class shopping, dining, entertainment and business opportunities.

For more information please visit https://www.swissotel.com/hotels/singapore-stamford/

We have partnered with United Airlines to offer travel discounts to our event in Singapore. Visit United Meetings Travel webpage and enter ZG6W627776 in the Offer Code box to book your flight to Singapore!

Please note that travel must be booked between 4/2/2019 – 4/16/2019 in order to receive the discount.


Attractive discounts on a wide range of fares on all Air France and KLM flights worldwide. Click here to book your flight!

Event ID Code to keep for the booking: 34333AF


Book your flights now and take advantage of attractive air fares by simply clicking.

Event ID Code to keep for the booking: 3976S


SAS in the media


Previously on Security Analyst Summit

Kaspersky Security Analyst Summit, 2018
Kaspersky Security Analyst Summit, 2018

When: March 7-11, 2018

Where: Cancun, Mexico

Click here for more details

Kaspersky Security Analyst Summit, 2017
Kaspersky Security Analyst Summit, 2017

When: April 2-6, 2017

Where: St. Maarten

Click here for more details

Code of Conduct

Security Analyst Summit (SAS) is dedicated to providing a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, or religion. We do not tolerate harassment of event participants in any form. Sexual language and imagery is not appropriate for any event venue, including talks. Event participants violating these rules may be sanctioned or expelled from the event without a refund at the discretion of the event organizers.

Harassment includes offensive verbal comments related to gender, sexual orientation, disability, physical appearance, body size, race, religion, sexual images in public spaces, deliberate intimidation, stalking, following, harassing photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention. Participants asked to stop any harassing behavior are expected to comply immediately.

Exhibitors & Sponsors
Exhibitors and sponsors are also subject to the anti-harassment policy. In particular, exhibitors should not use sexualized images, activities, or other material. Booth staff (including volunteers) should not use sexualized clothing/uniforms/costumes, or otherwise create a sexualized environment.

If a participant engages in harassing behavior, the event organizers may take any action they deem appropriate, including warning the offender or expulsion from the event with no refund. If you are being harassed, notice that someone else is being harassed, or have any other concerns, please contact a member of event staff immediately. Event staff can be identified by t-shirts/special badges.

Event staff will be happy to help participants contact hotel/venue security or local law enforcement, provide escorts, or otherwise assist those experiencing harassment to feel safe for the duration of the event. We value your attendance.

Venue & Social Events
We expect participants to follow these rules at all related venues and social events.

*This Code of Conduct was forked from the example policy from the Geek Feminism wiki, created by the Ada Initiative and other volunteers, which is under a Creative Commons Zero license.

Contact Us

Email: sas2019@kaspersky.com

Tel: +7 (903) 961-05-60 (Russian Federation)

Follow SAS 2019 on Twitter with the hashtag #TheSAS2019. We’ll also be live tweeting many of the talks during SAS.

Follow @TheSAScon and @threatpost now!