Kaspersky®

Security Analyst Summit

St. Maarten,
April 2-6, 2017

Sponsors

ThreatPost
kaspersky
BlackBerry
Talos
Microsoft
Qintel
Telstra
pwc
ThreatBook
Carbonite
hackerone
the Digi Trust group
Alien Vault
BMW Motorrad
Security Week
Airfrance/KLM
SkyTeam

St. Maarten

April 2-6, 2017

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

 

SAS 2017

#TheSAS2017 Chipmunks

Agenda

Conference Day 1 Monday, April 3

Session 1: SESSION 1: Intellect

Session host: Sergey Novikov
9:30 - 9:30

Welcome and Introductions

Eugene Kaspersky
9:40 - 10:10

The (memory corruption) safety dance

Mark Dowd ; Azimuth Security
10:10 - 10:35

Threat intelligence threatening intel operations

Catherine Lotrionte, ; Georgetown University
10:35 - 11:00

When will the future of cybersecurity get here?

Ron Gula, ; Gula Tech Adventures
11:00 - 11:20

From defending an organization to defending a country

Buky Carmeli ; Israeli National Cyber Security Authority

Session 2: SESSION 2: Intuition

Session host: David Jacoby
11:40 - 12:10

A link to the past: Connecting the birth of cyberespionage

Thomas Rid, Daniel Moore, King’s College London; ; Juan Andres Guerrero-Saade, Costin Raiu, Kaspersky
12:10 - 12:35

The seven year itch

Kris McConkey, ; PwC
12:35 - 13:00

Cyber in a world of cloud

John Lambert ; Microsoft

Session 3: SESSION 3: Energy

Session host: Ryan Naraine
14:00 - 14:40

Chasing bad guys from Bangladesh to Costa Rica

Vitaly Kamluk, Aleks Gostev, Kaspersky Lab; ; Adrian Nish, Sergei Shevchenko, BAE Systems; Dries Watteyne, SWIFT
14:40 - 15:05

Attacking the hospitality and gaming industries: Tracking an attacker around the world in 8 years

Preston Lewis, Jacob Christie, ; Mandiant
15:05 - 15:30

Hunting an IT-criminal gang from Romania

Peter Kruse, Jan Kaastrup, ; CSIS Security Group
15:30 - 15:55

Live in the ATM malware trenches

Sergey Golovanov, Igor Soumenkov, ; Kaspersky

Session 4: SESSION 4: Agility

Session host: Costin Raiu
16:30 - 16:55

Breaking Tizen

Amihai Neiderman
16:55 - 17:20

Elephant and monkey

Peter Zinn, Erik Johansson
17:20 - 17:45

Time to grow up: Counterproductive security behaviors that must end

Chris Eng ; Veracode
17:45 - 18:30

The digital frontier

Live debates
Conference Day 2 Tuesday, April 4

Session 1: SESSION 5: Stamina

Session host: Chris Eng
9:30 - 10:10

Hunting bugs for humanity

David Jacoby, Kaspersky Lab; ; Frans Rosén, Detectify
10:10 - 10:20

Wassenaaren’t you glad I didn’t say banya?

Katie Moussouris, ; Luta Security
10:20 - 10:40

Stop hacking me bro! Changing behavior through gamification and behavior modification principles

Kymberlee Price, ; Microsoft
10:40 - 11:00

Lessons from the hacker front lines

Alex Rice, HackerOne; ; Ryan Naraine, Kaspersky Lab
11:00 - 11:20

15+ years of disclosures: The good, the bad and the worst

Cesar Cerrudo, ; IOActive Labs

Session 2: SESSION 6: Flexibility

Session host: Inbar Raz
9:30 - 10:10

A bad guy’s dream coming true: The hijack of an entire bank operation

Dmitry Besthuzhev, Fabio Assolini; ; Kaspersky
10:10 - 10:20

From hot tubs to thousands of booze bottles: Real world PoS system mass pwnage

Domingo Montanaro, Ventura Enterprise Risk Management; ; Cyllas Elia, Sao Paulo State Police
10:20 - 10:40

Malicious traders

Aleks Gostev, ; Kaspersky
10:40 - 11:00

Exploit kit redux: What happens when kits disappear

Nick Biasini, ; Cisco Talos
11:00 - 11:20

Behind enemy lines: Funny bugs and exploits from inside a criminal's infrastructure

Maciej Kotowicz, ; CERT Polska

Session 3: SESSION 7: Focus

Session host: Dewan Chowdhury
9:30 - 10:10

Trust no one or how to survive in a world of total mistrust

Andrey Nikishin, ; Kaspersky
10:10 - 10:20

ICS cybersecurity programs for multi-national corporations

Vladimir Vylkov, Siemens Industry USA; ; Melissa Crawford, Siemens AG
10:20 - 10:40

The ultimate tips to implement a secure Smart City municipal drone program

Amin Hasbini, ; Kaspersky
10:40 - 11:00

Eight crazy ways to foil hardware attacks, for all budgets

Joe Fitzpatrick, ; SecuringHardware.com
11:00 - 11:20

Fuzz me gently… Catch my crashes!

Sergey Temnikov, Vladimir Dashchenko, ; Kaspersky

Session 4: SESSION 8: Persistence

Session host: Brian Bartholomew
11:40 - 12:10

Inside an active APT incident response

Brian Candlish, Christian Teutenberg, ; Telstra
12:10 - 12:30

Ransomware in targeted attacks

Anton Ivanov, ; Kaspersky
12:30 - 12:50

China’s evolving cyber operations: A look into APT19’s shift in tactics

Ben Withnell, Erica Eng, ; FireEye
12:50 - 13:10

Finding Shamoon

Amin Hasbini, ; Kaspersky
13:10 - 13:30

Endless gunfire in South Korea

Seongsu Park, Kaspersky Lab; ; Donghee Lee, SK Infosec TopCERT

Session 5: SESSION 9: Passion

Session host: Vicente Diaz
11:40 - 12:10

Winning the battle by design: The art of security engineering in safety critical systems

Campbell Murray, ; BlackBerry
12:10 - 12:30

Hardening Android against ransomware, one dessert at a time

Elena Kovakina, ; Google
12:30 - 12:50

Mobile espionage in the wild: Pegasus and nation-state level attacks

Andrew Blaich, ; Lookout
12:50 - 13:10

Do-it-yourself spy program: Abusing Apple's Call Relay Protocol

Martin Vigo, ; Salesforce
13:10 - 13:30

Do Tinder bots dream of electric toys?

Inbar Raz, ; PerimeterX

Session 6: SESSION 10: Expertise

Session host: Mike Lennon
11:40 - 12:10

Back to the IoT Future: Where Marty controls all your routers

Dan Demeter, Costin Raiu, ; Kaspersky
12:10 - 12:30

IoT security nightmares - 20 minutes, 10 devices

Jan Hoersch, ; Securai GmbH
12:30 - 12:50

Trade controls impact on industrial Internet of Things

Harsha Banavara, ; Schneider Electric
12:50 - 13:10

BackConnect’s suspicious BGP hijacks

Doug Madory, ; Dyn
13:10 - 13:30

What zombies know about ICS

Kirill Kruglov, Vyacheslav Kopeitsev, ; Kaspersky

Session 7: SESSION 11: Collaboration

Session host: Brian Candlish
14:30 - 15:00

Destructive malware: When money isn't a motive

Muks Hirani, ; Mandiant
15:00 - 15:20

The open source APT

Kurt Baumgartner, ; Kaspersky
15:20 - 15:40

High stakes evidence tampering and the failure of digital forensics

Mark Spencer, ; Arsenal Consulting
15:40 - 16:00

Undocumented MS Word features abused by attackers

Alexander Liskin, Anton Ivanov, ; Kaspersky
16:00 - 16:20

Infecting a computer by browsing is harder than you think

Boldizsar Bencsath, ; CrySyS Lab
16:20 - 16:40

Battle of hunters: Attacking the weakest link of the strongest chain?

Ido Naor, ; Kaspersky

Session 8: SESSION 12: Safety

Session host: Peter Zinn
14:30 - 15:00

Scaling properties of software and system security

Paul Vixie, ; Farsight Security
15:00 - 15:20

Building inferences of guilt, attribution, and data visualization with semantic graphs

Dan Hubbard, Thibault Reuille, ; OpenDNS
15:20 - 15:40

Don't push the button or I will Yara you down

Markus Neis, ; Swisscom
15:40 - 16:00

Hidden treasure: Detecting intrusions with ETW

Kyle Reed, ; Microsoft
16:00 - 16:20

Research of using steganalysis and countermeasures against steganography in Anti-APT products

Alexey Shulmin, Evgeniya Krylova, ; Kaspersky
16:20 - 16:40

Ponce: One-click concolic execution in IDA Pro

Alberto Garcia Illera, Francisco Oca, ; Salesforce

Session 9: SESSION 13: Reliability

Session host: Andrey Nikishin
16:20 - 16:40

How to get good seats in the security theater: Hacking boarding passes for fun and profit

Przemek Jaroszewski, ; CERT Polska
14:30 - 15:00

Industrial malware: The automated way to take down the grid or plants in seconds

Marina Krotofil, Honeywell; ; Chris Sistrunk, Mandiant
15:00 - 15:20

Through the eyes of the attacker: Data integrity attacks in the power sector

Marina Krotofil, Honeywell; ; Chris Sistrunk, Mandiant
15:20 - 15:40

Smart medicine breaches its “First Do No Harm” principle

Denis Makrushin, ; Kaspersky
15:40 - 16:00

Security incidents in ICS/SCADA organizations

Alexey Polyakov, ; Kaspersky
16:00 - 16:20

When smart medical devices become our worst nightmare

Stephen Chavez, Lani Rupp, ; Omega Intelligence & Security Solutions

Session 10: SESSION 14: Velocity

Session host: Sergey Novikov
17:00 - 17:10

ICS transforms in Maltego

Roelof Temmingh, ; Paterva
17:10 - 17:20

Analyzing APT artifacts - 1000 at a time

Marco Preuss, Vicente Diaz, ; Kaspersky
17:20 - 17:30

Injection without needles: A detailed look at the data being injected into our web browsers

Paul Alderson ; FireEye
17:30 - 17:40

Ghosts in the WMI

Yury Namestnikov, ; Kaspersky
17:40 - 17:50

PowerShell threats: Why they work so well and why they will develop further

Candid Wüest, ; Symantec
17:50 - 18:00

The secret power of Yara

Vitaly Kamluk, ; Kaspersky

Session 11: SESSION 15: Creativity (Open Microphone)

Session host: Stefan Tanase

Session 12: SESSION 16: Leadership (Quiz show)

Session host: Kirill Kruglov

Speakers

Mark Dowd

Azimuth Security

Mark Dowd is a veteran of the security industry who has spent his career focusing on application security research. Over the course of his career, Mark has found numerous software vulnerabilities in widely deployed operating systems and software. 

Mark Dowd is a veteran of the security industry who has spent his career focusing on application security research. Over the course of his career, Mark has found numerous software vulnerabilities in widely deployed operating systems and software. He has found vulnerabilities in critical software components in server operating systems, client-side software and, more recently, smart phones. He has spoken at numerous industry conferences, and is a member of the BlackHat Review Board. He is also the co-author of “The Art of Software Security”, published by Addison Wesley.

Catherine Lotrionte

Georgetown University

Professor Catherine Lotrionte is the Director of the Institute for Law, Science and Global Security and Visiting Assistant Professor of Government and Foreign Service at Georgetown University. Professor Lotrionte teaches courses on national security law, US intelligence law, and international law. In addition to teaching, Professor Lotrionte coordinates research projects and events for the Institute for Law, Science and Global Security at Georgetown.

Professor Catherine Lotrionte is the Director of the Institute for Law, Science and Global Security and Visiting Assistant Professor of Government and Foreign Service at Georgetown University. Professor Lotrionte teaches courses on national security law, US intelligence law, and international law. In addition to teaching, Professor Lotrionte coordinates research projects and events for the Institute for Law, Science and Global Security at Georgetown. She is the Institute Liaison for the Program on Nonproliferation Policy and Law, funded by the Defense Threat Reduction Agency, in cooperation with the Monterey Institute for International Studies’ James Martin Center for Nonproliferation Studies. Professor Lotrionte is also the Director of the CyberProject. Professor Lotrionte and the Institute focus on the role of international and domestic law in recent and upcoming developments in cyber-technology and cyber-threats.

Ron Gula

Gula Tech Adventures

Ron Gula started his cyber-security career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking’s team of penetration testers and incident responders.

Ron Gula started his cyber-security career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking’s team of penetration testers and incident responders.
As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001.
As CEO and co-founder of Tenable Network Security, Ron led the company’s rapid growth and product vision from 2002 through 2016. He helped the company scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually.

Sergey Golovanov

Kaspersky

Sergey started his career at Kaspersky Lab in 2005, joining the company as a Virus Analyst before going on to become Head of the Non-Intel Research Group. He was appointed malware expert for Kaspersky Lab’s Russian Research Center in 2009 and has since risen to the position of Principal Security researcher, conducting research into banking threats and cyber-espionage.

Sergey started his career at Kaspersky Lab in 2005, joining the company as a Virus Analyst before going on to become Head of the Non-Intel Research Group. He was appointed malware expert for Kaspersky Lab’s Russian Research Center in 2009 and has since risen to the position of Principal Security researcher, conducting research into banking threats and cyber-espionage. Sergey’s areas of expertise also include embedded system security, cybercriminal ‘partner networks’, non-Windows threats (Mac OS, Unix OS), botnets and other aspects of cybersecurity.

Thomas Rid

King’s College London

Rid’s most recent book is Rise of the Machines, out in June 2016, in German as Maschinendämmerung. It tells the sweeping story of how cybernetics, a late-1940s theory of machines, came to incite anarchy and war half a century later. His recent research article, “Attributing Cyber Attacks,” was designed to explain, guide, and improve the identification of network breaches (Journal of Strategic Studies 2015). Rid’s book Cyber War Will Not Take Place (Oxford University Press/Hurst 2013) analysed political computer network intrusions; a Chinese translation is forthcoming with the People’s Publishing House.

Rid’s most recent book is Rise of the Machines, out in June 2016, in German as Maschinendämmerung. It tells the sweeping story of how cybernetics, a late-1940s theory of machines, came to incite anarchy and war half a century later. His recent research article, “Attributing Cyber Attacks,” was designed to explain, guide, and improve the identification of network breaches (Journal of Strategic Studies 2015). Rid’s book Cyber War Will Not Take Place (Oxford University Press/Hurst 2013) analysed political computer network intrusions; a Chinese translation is forthcoming with the People’s Publishing House. His text “Deterrence Beyond the State” (Contemporary Security Policy 2012) opened a fresh conceptual angle on the deterrence debate by exploring Israel’s experience with non-state militants. His articles appeared in major English, French, and German peer-reviewed journals as well as magazines and news outlets.

Buky Carmeli

Israeli National Cyber Security Authority

Currently, Director General of the Israeli National Cyber Security Authority. Former CEO of Sphera Systematic Hedge fund, part of Sphera, the largest Israeli Hedge Funds management group (>$1B AUM). Former Head of M.O.D. Cyber and Technology Defense Authority. Published several academic articles in cyber arena. 

Currently, Director General of the Israeli National Cyber Security Authority. Former CEO of Sphera Systematic Hedge fund, part of Sphera, the largest Israeli Hedge Funds management group (>$1B AUM). Former Head of M.O.D. Cyber and Technology Defense Authority. Published several academic articles in cyber arena. Ex-Officer at one of IDF’s elite technological units. Entrepreneur and founder with over 30 years of experience in leading of large research and development teams. Vast experience in research, development, implementation and practical execution of mathematical algorithms for capital market trading. Engineer, Bachelor of Science in Electronics and Computing (B.Sc.) from Ben-Gurion University; Wide knowledge and experience in parallel and supercomputing engineering.

John Lambert

Microsoft

John Lambert has been at Microsoft for 15 years. He is the General Manager of the Microsoft Threat Intelligence Center. The Center is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers. Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary based threats through security research, threat intelligence, forensics, and data science.

John Lambert has been at Microsoft for 15 years. He is the General Manager of the Microsoft Threat Intelligence Center. The Center is responsible for detecting and disrupting adversary based threats aimed at Microsoft and its customers. Its mission is to drive detective innovations into products and services to raise the ability for every defender to deal with adversary based threats through security research, threat intelligence, forensics, and data science. Previously at Microsoft, Lambert worked in the Trustworthy Computing group for ten years and the Windows Security group on features related to cryptography and security management.
He joined Microsoft after three years at IBM as a developer in their software group. Lambert holds a bachelor’s degree in computer science from Tulane University and is named on more than nine software patents and seven pending applications.

Peter Kruse

CSIS

Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department which provides services mainly aimed at the financial sector.
His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients in both Scandinavia and the rest of Europe.

Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department which provides services mainly aimed at the financial sector.
His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients in both Scandinavia and the rest of Europe.
Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions. He is also a member of CARO.

Katie Moussouris

Luta Security

Katie Moussouris is a noted authority on vulnerability disclosure and bug bounties, and the founder and CEO of Luta Security, Inc. Katie helped the US Department of Defense start the government’s first bug bounty program, called “Hack the Pentagon,” and “Hack the Army”, as well as helped advise on the DoD’s ongoing vulnerability disclosure program. Katie created Microsoft’s bug bounty programs, and started Microsoft Vulnerability Research. She is also a subject matter expert for ISO standards in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034).

Katie Moussouris is a noted authority on vulnerability disclosure and bug bounties, and the founder and CEO of Luta Security, Inc. Katie helped the US Department of Defense start the government’s first bug bounty program, called “Hack the Pentagon,” and “Hack the Army”, as well as helped advise on the DoD’s ongoing vulnerability disclosure program. Katie created Microsoft’s bug bounty programs, and started Microsoft Vulnerability Research. She is also a subject matter expert for ISO standards in vuln disclosure (29147), vuln handling processes (30111), and secure development (27034). Katie is a visiting scholar with MIT Sloan School, doing research on the vulnerability economy and exploit market. She is a New America Foundation Fellow and Harvard Belfer Affiliate. Katie is also part of the official US Wassenaar delegation. She is on various CFP review boards, and is an adviser to the Center for Democracy and Technology.

Kris McConkey

PwC

Kris leads PwC’s Cyber Threat Detection and Response team which comprises of highly specialised cyber security professionals. He is responsible for the delivery of our cyber threat response capabilities which enables clients to resist, detect and respond to advanced cyber attacks. Focusing on cyber crime, espionage investigations and technical countermeasures, his team is regularly called on to investigate and contain network intrusions and provide actionable threat intelligence to clients in crisis situations.

Kris leads PwC’s Cyber Threat Detection and Response team which comprises of highly specialised cyber security professionals. He is responsible for the delivery of our cyber threat response capabilities which enables clients to resist, detect and respond to advanced cyber attacks. Focusing on cyber crime, espionage investigations and technical countermeasures, his team is regularly called on to investigate and contain network intrusions and provide actionable threat intelligence to clients in crisis situations.
Since joining PwC, Kris has led complex and multinational civil and criminal investigations that require advanced digital forensics and data mining. He also has a strong background working closely with legal counsel on strategies for data retention, collection, analysis and disclosure on a number of high profile regulatory compliance investigations involving both structured and unstructured data. Kris has a wealth of experience in malware reverse engineering and secure systems and network architecture design.

Chris Eng

Veracode

Chris Eng has over 15 years of application security experience. As Vice President of Research at Veracode, he leads the team responsible for integrating security expertise into Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies.

Chris Eng has over 15 years of application security experience. As Vice President of Research at Veracode, he leads the team responsible for integrating security expertise into Veracode’s technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world’s largest companies.
Chris is a frequent speaker at premier industry conferences, such as BlackHat, RSA, OWASP, and CanSecWest, where he has presented on a diverse range of application security topics, including cryptographic attacks, agile security, mobile application security, and security metrics. Chris has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets regarding security trends and noteworthy events. Additionally, he has served on the advisory board of the SOURCE Boston conference since its inception.
Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California. Chris is an unabashed supporter of the Oxford comma and hates when you use the word “ask” as a noun.

Nick Biasini

Cisco Talos

Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents brand new 486SX PC. Ever since he has been tinkering with computers in one way or another. In his time with Talos Nick has been responsible for exposing new details to major threats, with a focus on crimeware.

Nick Biasini’s interest in computers and technology started at a young age when he tore apart his parents brand new 486SX PC. Ever since he has been tinkering with computers in one way or another. In his time with Talos Nick has been responsible for exposing new details to major threats, with a focus on crimeware. This includes exposing the Angler exploit kit, identifying new techniques like Domain Shadowing, helping to stop a large scale Nuclear exploit kit campaign, and revealing clever spam campaigns delivering ransomware. Nick has a master’s degree in digital forensics from the University of Central Florida and has worked for government and private sector environments in his career.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.