Tenerife, Spain – February 7-11, 2016

More videos

  • button-facebook
  • button-twitter
  • button-instagram

Book our TRAININGS early and get a discount on SAS conference pricing!


About the Security Analyst Summit

The Kaspersky Security Analyst Summit (SAS) is an annual event connecting anti-malware researchers and developers, global law enforcement agencies and CERTs and members of the security research community.   The goal is to learn, debate, share and showcase cutting-edge research, new technologies and discuss ways to improve collaboration in the fight against cyber-crime.

The previous events were joined by members of leading global companies, such as Samsung, Adobe, Microsoft, BlackBerry, Boeing, Interpol, the World Bank, Team Cymru, The ShadowServer Foundation, ICSA Labs and Fidelis Cybersecurity Solutions.

The event provides two full days of learning opportunities and networking with industry experts and covers all aspects of the global threat landscape.


Cyber-espionage and Advanced Threat Actors


Attacks against mobile platforms


Threats against banks and financial institutions


Government surveillance issues


Cross-border law-enforcement coordination and information sharing


Botnets and Web-based attacks


Vulnerability discovery and responsible disclosure


Critical infrastructure protection (SCADA/ICS)


Attending Speakers

Who will share the experiences

  • Sergey Golovanov

    Sergey Golovanov

    Principal Security Researcher, GReAT, Kaspersky Lab

    Sergey started his career at Kaspersky Lab in 2005, joining the company as a Virus Analyst before going on to become Head of the Non-Intel Research Group. He was appointed malware expert for Kaspersky Lab’s Russian Research Center in 2009 and has since risen to the position of Principal Security researcher, conducting research into banking threats and cyber-espionage. Sergey’s areas of expertise also include embedded system security, cybercriminal ‘partner networks’, non-Windows threats (Mac OS, Unix OS), botnets and other aspects of cybersecurity.

  • Paul Vixie

    Paul Vixie

    CEO, Farsight Security

    Dr. Paul VIXIE was inducted as an Innovator into the Internet Hall of Fame in 2014 after earning his Ph.D. in Computer Science from KEIO University in 2010. He is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. He was the founder of the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), the first neutral and commercial Internet exchange (PAIX, 1991), and of Farsight Security (2012), where he now serves as Chairman and Chief Executive Officer.

  • Thomas Rid

    Thomas Rid

    Professor, Department of War Studies, King’s College London

    Rid’s new book, Rise of the Machines, will be out in 2016, as Maschinendämmerung in German. It tells the sweeping story of how cybernetics, a late-1940s theory of machines, came to incite anarchy and war half a century later. His recent research article, “Attributing Cyber Attacks,” was designed to explain, guide, and improve the identification of network breaches. Rid’s book Cyber War Will Not Take Place analysed political computer network intrusions; a Chinese translation is forthcoming with the People’s Publishing House. His text “Deterrence Beyond the State” opened a fresh conceptual angle on the deterrence debate by exploring Israel’s experience with non-state militants. His articles appeared in major English, French, and German peer-reviewed journals as well as magazines and news outlets.

  • Kymberlee Price

    Kymberlee Price

    Senior Director of Researcher Operations, Bugcrowd

    With over 11 years’ experience in the information security industry, Kymberlee pioneered the first security researcher outreach program in the software industry, was a principal investigator in the Zotob criminal investigation, and analyzed APT’s at Microsoft. She then spent 4 years investigating product vulnerabilities at BlackBerry.
    Most recently the Director of the Synack Red Team, Kymberlee is responsible for optimizing Bugcrowd’s performance for both its customers and researchers and helping its more than 13,200 Crowd members with ongoing skill development, education and overall participation in Bugcrowd’s programs.

  • Chris Rouland

    Chris Rouland

    Chairman, Founder and CTO, Bastille

    Chris Rouland is a 25-year veteran of the information security industry and has founded several cyber security companies including Endgame and Bastille. He is currently Chairman, Founder and CTO of Bastille. Prior to becoming an entrepreneur Rouland served as the original Director of the ISS X-Force, and subsequently CTO of ISS, leading the discovery of 100s of vulnerabilities.

  • Dr. Christopher Ahlberg

    Dr. Christopher Ahlberg

    CEO, Recorded Future, Inc.

    Dr. Christopher Ahlberg is the CEO of Recorded Future, Inc. and Chairman of Hult International Business School. He also advises a series of startup companies. Earlier Ahlberg was the president of the Spotfire Division of TIBCO, which he founded in 1996 and in 2007 sold to TIBCO (Nasdaq: TIBX) for $195M. Spotfire was founded based on his ground-breaking research on information visualization.
    Dr. Ahlberg earned his doctorate from Chalmers University of Technology, worked as a visiting researcher at the University of Maryland, and has lectured and consulted extensively for industry, academia, military, and intelligence communities. In addition, he has published & lectured in computer science, cyber security, psychology, linguistics, biology, and chemistry.

  • John Lambert

    John Lambert

    General Manager, Threat Intelligence Center, Microsoft

    John Lambert has been at Microsoft for 15 years. He is the General Manager of the Microsoft Threat Intelligence Center. The Center is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers. Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary based threats through security research, threat intelligence, forensics, and data science. Previously at Microsoft, Lambert worked in the Trustworthy Computing group for ten years and the Windows Security group on features related to cryptography and security management.
    He joined Microsoft after three years at IBM as a developer in their software group. Lambert holds a bachelor’s degree in computer science from Tulane University and is named on more than nine software patents and seven pending applications.

  • Adam Boulton

    Adam Boulton

    Vice President, Head of Product Security, BlackBerry

    Adam Boulton is the Vice President, Head of Product Security for BlackBerry. Adam is responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs. He has extensive experience in designing and implementing robust systems as well as detecting, containing and remediating attacks. He has spent his career at BlackBerry developing an industry leading security strategy focused on security standards, education and assessments.
    Adam has over 10 years of experience in security engineering and continues to provide assurances for critical systems. He holds a first class BSc in Software Engineering and is certified for conducting security assessments on Government systems.

Attending Participants

Join us

This is an event connecting security professionals from companies and law enforcement partners who are involved in the fight against cyber-crime.

The audience includes representatives from software vendors, anti-malware/anti-spam researchers, law enforcement professionals, vulnerability researchers and security response teams.

Attendees include trusted, high-profile journalists from New York Times, Reuters, Washington Post, Wired Magazine, Ars Technica, CNET News, Bloomberg, Forbes, Dark Reading and The Economist.

Whether you are an IT professional charged with defending your organization’s systems and data or a vendor-based security researcher, Security Analysts Summit offers opportunities to learn from the best in the industry, discuss methods and technologies, and build contacts.

If you are interested in attending SAS 2016 please contact us for more details by emailing sas2016@kaspersky.com or calling us on +7 (903) 961-05-60.

Sponsorship Opportunities

Security Analyst Summit is offering an attractive range of sponsorship opportunities for SAS 2016 at Platinum, Gold and Silver sponsorship levels.   If you are interested in becoming a sponsor of SAS 2016 or exhibiting at the event please contact us for more details by emailing sas2016@kaspersky.com or calling us on +7 (903) 961-05-60.



Book early and get a discount on SAS conference pricing!
Any questions? Send them to sas2016@kaspersky.com

Hunt APTs with Yara like a GReAT Ninja


Costin Raiu, Director, Global Research & Analysis Team, Kaspersky Lab

Vitaly Kamluk, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Sergey Mineev, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Team: Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.  The team specializes in the analysis of APTs and military-grade malware attacks.

Price: $2500 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2016 pass)

“Mess with the best, be exposed like the rest” – is a saying we’ve mentioned so many times following our discoveries of advanced threats such as Equation and Careto. During the last years, Kaspersky’s renowned elite group GReAT has identified and analysed hundreds of APT actors operating across the world. If you’ve wondered how that was possible, it all reduces to a couple of secret ingredients. One of them is our private Yara rules stash for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does.  During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT hunting strategies with Yara.

Have you ever wondered how to catch a big APT fish? This training will lead you through one of the essential tools for APT hunter: Yara detection engine.

If you’ve wondered how to master Yara for your own perfect catch, it all reduces to a couple of secret ingredients. One of them is our private Yara rules stash for hunting advanced malware.


Security researchers and incident response personnel, malware analysts, security engineers, network security analysts, APT hunters and IT security staff. The training is suitable for both beginners and experienced Yara users.


* Brief intro into Yara syntax

* Tips & tricks to create fast and effective rules

* Yara-generators

* Testing Yara rules for false positives

* Hunting for new, undetected samples

* Using external modules within Yara for effective hunting

* Anomaly search

* Lots of real-life examples

* Set of exercises for fixing skills


Level: medium and advanced

Prerequisites: knowledge of the Yara language and basic rules

Class: limited to max 15 participants

Hardware: Own laptop

Minimum Software to install: Yara v. 3.4.0

Duration: 2 days

Date: February 6-7, 2016

Malware Reverse Engineering course


Nico Brulez, Principal Security Researcher, Global Research & Analysis Team, Kaspersky Lab

Bio: Nico joined Kaspersky Lab as a senior malware researcher in 2009. His responsibilities include analyzing malware and carrying out security research.

Prior to joining Kaspersky Lab, Nico worked as a senior virus researcher for Websense Security Labs and Digital River/Silicon Realms. He is also known for his work on the Software Passport/Armadillo protection system. Here, he served as head of software security and was in charge of the anti-reverse engineering techniques used in the system.

Over the last 15 years, Nico has authored numerous articles and papers on reverse engineering. He is a regular speaker at computer engineering schools and international security conferences.

Price: $4500 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2016 pass)

Day 1: Manually unpacking Malware

During the first day, students will focus on unpacking files manually in order to get working executables. Most famous packers will be covered in order to introduce various techniques that can be used on unknown packers. Also known as: How to unpack properly. Once completed, students will work on “malicious packers” and learn how to unpack samples of famous malware families. Nowadays, malware uses custom polymorphic packers to slow down analysis and thwart detection.

Day 2: Static Shellcode Analysis and IDA Primer

The second day focus on extracting shell codes from malicious documents and to reverse engineer them statically. The day focuses on tricks and shortcuts to use in IDA Pro for efficient static analysis, as well as introduction to IDA Python scripts used to speed up static reverse engineering.

A special approach to handle import by hash will be presented to the students, which can be used in many other scenarios.

Day 3-4: APT Reverse Engineering

Using the information learned in the first two days, students will work on several APT samples.

The goal of those two days is to be able to identify the actions of the threats, to be able to document their features and understand how they interact with C&C servers to receive commands.


This class is intended for students who have been working with malware and doing reverse engineering in the past. Professionals doing Forensics Investigations, Incident Response, Malware Analysis can benefit from the course as long as they have the prerequisites listed below.


Level: medium and advanced

Prerequisites: Students should be familiar with Debugging and IDA Pro: The class is not an introduction to reverse engineering. Students should be familiar with Assembly: We won’t cover assembly basics during the class. Students should have a laptop with required software installed before attending the class. Students should be familiar with VMware Workstation (or the VM of their choice).

Minimum Software to install:

* Legit version of IDA Pro (latest version preferred as the instructor uses the latest version)

* Virtual Machine with XP SP3 installed (to avoid troubleshooting tools problems during the class)

* OllyDbg

* Python 2.7 should be installed in both the host and on the guest machine.

* PE Editor (eg: LordPE or your favorite PE editor)

* Hex Editor (eg: Hiew of your favorite hex editor)

* Import Reconstructor/fixer: Imprec, Universal Import Fixer 1.2


Class: limited to max 20 participants

Duration: 4 days

Date: February 4-7, 2016

Digital Intelligence Gathering Using Maltego


Paul Richards, Lead Developer, Paterva

Bio: Paul Richards recently joined the Paterva team as a junior software-developer/tea maker. Since Paul joined Paterva the quality of tea consumed by the company’s employees has improved drastically resulting in improved productivity and overall morale. Paul has a BSc in Electrical Engineering from the University of Cape a Town and is currently completing MSc in dissertation in low-cost mobile health-care. Paul works part-time at Paterva handling the company’s technical support and developing new transforms to extend the capabilities of Maltego.

Andrew Macpherson, Engineer, Paterva

Bio: Andrew Macpherson is the lead developer at Paterva. He completed a degree in Information Science (BiS) at the University of Pretoria in 2006 and set out into the world building web applications. This experience gave him an excellent understanding of how they work and opened his eyes as to how they can be leveraged for information. It was during this time that Roelof Temmingh flagged him as someone that would be a valuable asset to Paterva and picked him up in 2007/8. Since then he has been coding transforms, improving the open source intelligence and making tea. Andrew was recently nominated as one of the top 200 young South Africans to watch by the South African newspaper the Mail and Guardian.

Price: $2500 (price includes hotel accommodation, breakfast, lunch and coffee breaks, and does not include SAS 2016 pass)


The IT security and intelligence community love Maltego – whether it be mapping a target’s infrastructure or profiling a person’s sphere of influence.

During this course we will help you unlock the true potential and raw power of Maltego – from helping you to understand the underlying technologies to exploring the full potential of Maltego’s analytic capabilities. Join us and we’ll show you how to navigate and map the Internet’s darkest rivers…

From stalking, finding people and who influence them to uncovering internal IP addresses and technology used at major corporations this course will propel you into the world of open source intelligence feet first. Expect to be shocked out at how much data is ‘out there’ and what people can do with it as well as how you can reach this data for both defending and attacking.

This is a two-day hands-on course packed with practical exercises using real world data, giving participants real world experience with the tool whilst being trained by the very people that developed the tool. Bring your overalls and expect to get your hands dirty!


This course offers skillets that apply to almost anyone interested in gathering information and gaining intelligence. Specifically people in the following industries will benefit greatly:

* Open source intelligence

* IT security

* Law enforcement or intelligence

* Data mining

Level: advanced


* Notebook (PC or Mac) with at least 2GB of RAM, a decent resolution display and some space to install the latest version of Maltego.

* External mouse

* Enthusiasm to learn about open source intelligence and what you can do with it

Prerequisites: Students are required to know common Internet services (like HTTP, DNS), Search engines (basic ‘Google hacking’), basic IT security principles (port scanning etc), some scripting or programming experience (Python, PERL) is definitely an advantage!

Class: limited to max 15 participants

Duration: 2 days

Date: February 6-7, 2016

Venue Details

The Kaspersky Security Analyst Summit 2016 will be held on February 7-11 at The Ritz-Carlton Abama, Tenerife, Spain.


Situated in the tranquil enclave of Guía de Isora, this resort in Tenerife, Spain exemplifies the delicate harmony that can exist between man and nature. From its highest point upon the smooth slopes of The Teide, to its exclusive stretch of sandy beaches, the beauty of nature abounds at The Ritz-Carlton, Abama.

At the hotel, lush vegetation flourishes throughout its majestic, Moorish-inspired hotel grounds, imparting an entrancing floral fragrance to the fresh ocean air. Under the shining sun, hotel’s gardens add cheerful warmth, while in the evenings they create an air of romance and mystique.

Meticulously maintained grounds feature one of the finest golf courses of all of the luxury resorts in Spain, which boasts stunning ocean views and a challenging terrain. Off the course, the world-class spa soothes the mind, body, and spirit with an array of pampering treatments derived from the purest botanical ingredients.

For more information please visit http://www.ritzcarlton.com/

SAS in the media


Previously on Security Analyst Summit

Kaspersky Security Analyst Summit, 2015
Kaspersky Security Analyst Summit, 2015

When: February 16-17, 2015

Where: Cancun, Mexico

Click here for more details

Kaspersky Security Analyst Summit, 2014
Kaspersky Security Analyst Summit, 2014

When: February 9-13, 2014

Where: Punta Cana, Dominican Republic

Click here for more details

Contact Us

Email: sas2016@kaspersky.com

Tel: +7 (903) 961-05-60 (Russian Federation)

Follow SAS 2016 on Twitter with the hashtag #TheSAS2016. We’ll also be live tweeting many of the talks during SAS.

Follow @kaspersky and @threatpost now!