Online

Next #SASatHome will take place in October 6 - 8, 2020, stay posted to find out more information

GReAT Ideas. Powered by SAS: threat hunting and new techniques

Register here: https://kas.pr/44rb

We are happy to return to you with the second edition of ‘GReAT Ideas. Powered by SAS’, a series of talks held by security researchers from Kaspersky’s GReAT (Global Research and Analysis Team) throughout the summer and aimed at sharing their latest expertise on hot tech topics. The event will take place on July 22 at 14:00 GMT.

‘GReAT Ideas’ will arm you with information about the threat landscape, including the most recent cases and techniques used in the cybersecurity world, directly from the experts themselves. Enjoy over two hours of presentations and discussions on cutting edge tools, current projects and the most recent APTs discovered by GReAT.

You can check out videos from the first event on demand here: https://kas.pr/uqf6

Abstracts

GReAT Ideas. Powered by SAS: an online series of high-caliber threat talks launched

Speakers: Brian Bartholomew Ariel Jungheit Pierre Delcher Dmitry Bestuzhev Fabio Assolini Boris Larin

Speakers:

Brian Bartholomew

Principal security researcher, Kaspersky’s GReAT

kaspersky
Ariel Jungheit

Senior security researcher, Kaspersky’s GReAT

Kaspersky
Pierre Delcher

Senior security researcher, Kaspersky’s GReAT

Kaspersky
Dmitry Bestuzhev

Head of GReAT LatAm

Kaspersky
Fabio Assolini

Senior security researcher at Kaspersky GReAT

Kaspersky
Boris Larin

Recently joined Global Reasearch and Analysis Team in Kaspersky as a Senior Security Researcher

Kaspersky

Register for the event here: https://kas.pr/44rb

GReAT Ideas. Powered by SAS: threat hunting and new techniques We are happy to return to you with the second edition of ‘GReAT Ideas. Powered by SAS’, a series of talks held by security researchers from Kaspersky’s GReAT (Global Research and Analysis Team) throughout the summer and aimed at sharing their latest expertise on hot tech topics. The event will take place on July 22 at 14:00 GMT.

Just like the last time ‘GReAT Ideas’ will arm you with information about the threat landscape, including the most recent cases and techniques used in the cybersecurity world, directly from the experts themselves. Enjoy over two hours of presentations and discussions on cutting edge tools, current projects and the most recent APTs discovered by GReAT.

Here is what has been planned for the second webinar series:

14:00 Clearing the WellMess: a technical look at recent attacks by Brian Bartholomew

14:25 Threat hunting in new kicks: using VirusTotal code similarity with KTAE by Ariel Jungheit

14:50 Cloud Snooper – detecting a Linux rootkit at scale by Pierre Delcher

15:15 GReAT thoughts: Awesome IDA Pro Plugins by Boris Larin

15:40 Unmasking COVID-19 cyber-badness: content filtering at a worldwide level by Dmitry Bestuzhev and Fabio Assolini

16:00 AMA session

16:30 End of program

We have heard your requests and changed the platform for hosting the series. Register for the event here: https://kas.pr/44rb

Clearing the WellMess: a technical look at recent attacks

Speakers: Brian Bartholomew

Speakers:

Brian Bartholomew

Principal security researcher, Kaspersky’s GReAT

kaspersky

For the last few months, GReAT has been actively tracking new C2 servers associated with a piece of malware commonly referred to as WellMess. Rumors have circulated about this recent wave of activity, how it is suspected of targeting the healthcare industry, and who might be behind it. Brian will look into these claims, and try to separate the facts from speculation.

Threat hunting in new kicks: using VirusTotal code similarity with KTAE

Speakers: Ariel Jungheit

Speakers:

Ariel Jungheit

Senior security researcher, Kaspersky’s GReAT

Kaspersky

Before, threat researchers could only interactively hunt on VirusTotal using meta data, such as compilation times, resource names, fuzzy hashes and other static data. Now we can take a step forward and use real code similarity. Working closely with Juan Infantes Diaz from VirusTotal beta-testing, Ariel Jungheit has been enthusiastic about this new VirusTotal feature for quite some time now, as it opens up new detection methods for malware hunters. He will share his experience alongside some open source tools that complement this new practice. 

In this talk, Ariel will showcase the new beta modifier, what it’s capable of and how it can help threat hunters. He will demonstrate a number of cases using homebrewed tools -- a YARA rules generator and a Maltego Transform with this feature -- and explain how to assess the results accomplished using this methodology, as well as tweak and fine tune the process in synergy with Kaspersky’s Threat Attribution Engine (KTAE).

Cloud Snooper – detecting a Linux rootkit at scale

Speakers: Pierre Delcher

Speakers:

Pierre Delcher

Senior security researcher, Kaspersky’s GReAT

Kaspersky

CloudSnooper Linux rootkit and companion backdoor are curious specimens. Aside from their GNU/Linux system targeting, CloudSnooper tools allow for host firewall bypass, thanks to a rather uncommon kernel network filtering hook, and rely on a fully custom command & control network protocol. 

 

In this talk, Pierre Delcher will explain the backdoor and rootkit functionalities, and how they could be uncovered on a server. He will also demonstrate how the analysis of the C2 protocol of the malicious tools enabled GReAT to quickly find infected hosts at scale, using a scanning trick, and what could be learned using this malicious tools family.  

GReAT thoughts: Awesome IDA Pro Plugins

Speakers: Boris Larin Marco Preuss

Speakers:

Boris Larin

Recently joined Global Reasearch and Analysis Team in Kaspersky as a Senior Security Researcher

Kaspersky
Marco Preuss

Director, Global Research & Analysis Team, Europe

Kaspersky GReAT

Sharing insight into cool techniques and useful tools is a must for a cybersecurity organization. There have been a lot of new reverse engineering tools released lately, such as Radare2, Binary Ninja, Ghidra. However, Boris Larin believes that nothing really matches IDA Pro – one of Kaspersky’s favorite tools for reverse engineering.

In this short talk, Boris, one of our top reverse engineers at Kaspersky, will share his reverse engineering experience and his top 10 favorite plugins list for this interactive disassembler.

Unmasking COVID-19 cyber-badness: content filtering at a worldwide level

Speakers: Dmitry Bestuzhev Fabio Assolini

Speakers:

Dmitry Bestuzhev

Head of GReAT LatAm

Kaspersky
Fabio Assolini

Senior security researcher at Kaspersky GReAT

Kaspersky

The pandemic is here and, with it, massive cyber-attacks too. It's affecting all of us: remote workers, people in lockdown, 'ransomwared' hospitals, corporations, and governments. Crooks keep themselves very busy these days. Thousands of open blacklists appeared online, promising to provide data to help filter malicious domains, IPs, phishing, and malware URLs, all of which were related to the COVID-19 pandemic. But haste is the enemy of perfection.

To do it effectively, you need to consider the distinct languages and realities of every country. To attempt to do it automatically, with a worldwide reach, is a huge challenge. In this presentation, Dmitry Bestuzhev and Fabio Assolini will show the most modern content filtering techniques and threat hunting tools to find these cyberattacks and the proper way to use passive DNS, brand monitoring and whois correlation data to help you fight the good fight in this "cyber-pandemic", applying a killing "alcohol gel" that will unmask all the cyberthreats among us.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.