SAS@home

#SASatHome took place on 28-30, April.

You'll find all the videos from conference here http://y2u.be/9lXiqPL9PyY

Next online event from SAS Crew and kaspersky GReAT will take place on 17 June, 14.00 GMT

‘GReAT Ideas. Powered by SAS’ is a series of talks held by GReAT and aimed at sharing their latest expertise on hot tech topics. Inspired by the regular team internal meet-ups, as well as by the Security Analyst Summit’s friendly atmosphere of exchanging knowledge, this series will empower you with information about the threat landscape, the most recent cases and techniques used in the cybersecurity world, directly from the experts themselves.

 

Register for the event here: https://kas.pr/uqf6

Abstracts

GReAT Ideas. Powered by SAS: an online series of high-caliber threat talks launched

Speakers: Costin Raiu Kurt Baumgartner Denis Legezo Dan Demeter Marco Preuss

Speakers:

Costin Raiu

Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky

Kaspersky
Kurt Baumgartner

Principal researcher at Kaspersky’s GReAT. He researches and reports on targeted attack activity, complex intrusions, and advanced malware.

Kaspersky’s GReAT
Denis Legezo

Senior security researcher at Kaspersky GReAT

Kaspersky GReAT
Dan Demeter

Security Researcher at Kaspersky GReAT

Kaspersky GReAT
Marco Preuss

Director, Global Research & Analysis Team, Europe

Kaspersky GReAT

Register for the event here: https://kas.pr/uqf6

Get the inside scoop on GReAT, Kaspersky’s Global Research and Analysis Team, which works on uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world.

‘GReAT Ideas. Powered by SAS’ is a series of talks held by GReAT security researchers throughout the summer and is aimed at sharing their latest expertise on hot tech topics. Inspired by the regular team meet-ups held internally, as well as by the Security Analyst Summit’s friendly atmosphere of exchanging knowledge, this series of events will empower you with information about the threat landscape, including the most recent cases and techniques used in the cybersecurity world, directly from the experts themselves.

The events will leverage recent and freshly discovered APT cases, insights, custom in-house tools, real-world examples of using threat intelligence and Kaspersky products, and much more. Each talk will include four 15-20 minute presentations on cutting edge tools, current projects and the most recent APTs discovered by GReAT.

Here is what you will learn during the first webinar of the series:

  • Linking attacks to threat actors: case studies by Kurt Baumgartner, principal researcher
  • Threat hunting with Kaspersky’s new malware attribution engine by Costin Raiu, GReAT director
  • Microcin-2020: GitLab programmers ban, async sockets and the sock by Denis Legezo, senior security researcher
  • The next generation IoT honeypots by Kaspersky’s Honeypots Team

Register for the event here: https://kas.pr/uqf6

 

Linking attacks to threat actors: case studies

Speakers: Kurt Baumgartner

Speakers:

Kurt Baumgartner

Principal researcher at Kaspersky’s GReAT. He researches and reports on targeted attack activity, complex intrusions, and advanced malware.

Kaspersky’s GReAT

Being able to quickly examine and understand malware and its potential baggage is highly valuable to defenders. Sometimes, without the right resources, it is a pipe dream. On the other hand, what has sometimes taken months or years, or is otherwise unattainable, can be done in seconds with the right tools.

 

With high levels of malware activity and reporting, it is difficult to quickly assess relevance or sometimes even understand the discussion around various malware and APT monikers. Digging through YARA rules and results that spring false positives eternal, and trying to organize a strategy when so many unknowns linger, simply can be counterproductive.

In this talk, Kurt Baumgartner, Kaspersky’s GReAT principal security researcher, will examine recent APT alerts and discussions, and how to get the jump on how or why this malware is connected with past activity. He will also demonstrate how a new tool developed by Kaspersky can quickly form multiple reported malware families, confused indicators, and YARA rules into a cohesive thread on which to build informed discussions and decisions.

Threat hunting with Kaspersky’s new malware attribution engine

Speakers: Costin Raiu

Speakers:

Costin Raiu

Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky

Kaspersky

By understanding the threat actors and their goals, defenders can quickly come up with the most effective and straightforward incident response plan. However, unveiling the actor behind the attack is usually a very challenging task, which requires not only a large amount of collected threat intelligence (TI) but also the right skills to interpret it.

At Kaspersky, we’ve been working to make this process faster and simpler, and now we are ready to share this expertise with the others. Our state of the art malware attribution engine, developed in-house by Kaspersky’s Global Research and Analysis Team (GReAT) has helped us to research many renowned APT campaigns. It was leveraged internally by our teams during the investigations of TajMahal, ShadowHammer, ShadowPad and Dtrack, to name a few. You can learn how to use this tool most effectively directly from Costin G. Raiu, the director of GReAT. During this webinar, Costin will show how to use the new Kaspersky malware attribution engine to make threat identification, attribution and defense more effective.

 

Microcin-2020: GitLab programmers ban, async sockets and the sock

Speakers: Denis Legezo

Speakers:

Denis Legezo

Senior security researcher at Kaspersky GReAT

Kaspersky GReAT

SixLittleMonkeys, a.k.a. Microcin, is a threat actor whose interests remain in espionage on diplomatic entities. While they are still using steganography to deliver modules and configuration data from a legitimate public resource, we have spotted updates in their programming. The threat actor now uses API-like architecture and asynchronous work with sockets, which we consider possible experience by the developer in high-loaded server-side backend programming.

During this talk, Denis will dissect this case and show the decryption tool for configuration and last-stagers.

 

The next generation IoT honeypots

Speakers: Dan Demeter Marco Preuss

Speakers:

Dan Demeter

Security Researcher at Kaspersky GReAT

Kaspersky GReAT
Marco Preuss

Director, Global Research & Analysis Team, Europe

Kaspersky GReAT

In our latest blogpost, Kaspersky’s Honeypot Team presented its honeypots infrastructure and ideas on how to run distributed honeypots. Since then, Kaspersky continued to improve their projects and is now ready to present the newest additions, as well as some results for the first half of 2020.

The main findings suggest that criminal activity didn’t stop during these pandemic times, and by leveraging our newest honeypot types, we are starting to collect more and more data which can be used to block malicious attacks. In this talk, the team will discuss different types of attacks, as they can help other researchers build their own honeypots, alongside the most predominant attack trends, which are important when running large scale projects. The talk will conclude with a discussion of challenges of building reliable honeypots, mostly due to new vulnerabilities being discovered nearly daily.

 

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.