Kaspersky®

Security Analyst Summit

Cancun, Mexico,
Coming Soon

Sponsors

Qintel
Avast
Telstra
Microsoft
ThreatBook
Talos
Security Week
Austrian
Brussels Airlines
Eurowings
Lufthansa
Swiss Airlines
Airfrance
kaspersky
ThreatPost

Cancun, Mexico

,

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

#TheSAS2018

See you next World!

#TheSAS2018: It's not always what you see

SAS X-World

#TheSAS2018: What's Your Storyline?

#TheSAS2018: "Doesn't look like anything to me"

Learn with #TheSAS2018

#TheSAS2018 Teaser

Agenda

Wednesday – Arrival Day Wednesday, March 7

Arrivals and Registration

Session host: SAS Crew
Thursday – Conference Day 1 Thursday, March 8

SESSION 1: “You can't play God without being acquainted with the devil.”

Session host: Sergey Novikov
8:00 - 8:00

Breakfast

9:30 - 9:45

Welcome and introductions

Eugene Kaspersky ; Kaspersky Lab
9:45 - 10:15

A Brief History of Disinformation, and What to Do About It

Matt Tait ; University of Texas
10:15 - 10:40

Dark Caracal part I: Introducing Dark Caracal

Cooper Quintin, EFF ; Mike Flossman, Lookout
10:40 - 11:00

Dark Caracal part II: Where in the world is Dark Caracal?

Eva Galperin, EFF ; Andrew Blaich, Lookout
11:00 - 11:00

Coffee break

SESSION 2: “Mozart, Beethoven and Chopin never died. They simply became music.”

Session host: Ryan Naraine
11:30 - 12:00

10 Years of Being GReAT

Costin Raiu, Vitaly Kamluk ; Kaspersky Lab
12:00 - 12:20

Surprise keynote

Surprise keynote
12:20 - 12:45

Supply-chain and Corporate Espionage: Attacking the Masses to Target the Few

Martin Hron ; Avast
12:45 - 13:10

All Your Cloud Are Belong To Us – Hunting Compromise in Azure

Nate Warfield ; Microsoft
13:10 - 13:30

The SAS 2018 MVP Award

13:30 - 14:30

Lunch

SESSION 3: “No matter how dirty the business, do it well.”

Session host: Costin Raiu
14:30 - 14:55

How to Become a Dark Market Admin?

Marinus Boekelo, Gert Ras ; NHTCU, The Netherlands
14:55 - 15:20

The Criminal Hall of Shame

Peter Kruse, Jan Kaastrup ; CSIS Security Group
15:20 - 15:40

Conversations with Guccifer 2.0: What I Learned About Election Influence Operations

John Bambenek ; Bambenek Consulting
15:40 - 16:00

Cryptocurrency Enabled Crime

Jonathan Levin ; Chainalysis
16:00 - 16:30

Coffee break

SESSION 4: "Doesn't look like anything to me."

Session host: David Jacoby
16:30 - 16:30

Hacking Cars for Fun and Profit - A Walkthrough of Car Vulns and the State of the Auto Industry

Marc Rogers ; Cloudflare
16:30 - 17:10

The Hardware Pivot

Joe FitzPatrick ; SecuringHardware.com
17:10 - 18:00

“Hey, what happens here, stays here.”

Live debates
18:00 - 22:00

Dinner

Friday – Conference Day 2 Friday, March 9

Breakfast

Session host: SAS Crew
8:00 - 9:30

Breakfast

SESSION 5: “Free. Here. Under my control.”

Session host: Juan Andres Guerrero-Saade
8:00 - 9:30

Breakfast

9:30 - 10:00

The Infinite Loop of Information Security in China

Christopher Ahlberg ; Recorded Future
10:00 - 10:20

Territorial Dispute: A Peek into NSA's Knowledge of APT Attacks of Others

Boldizsár Bencsáth ; CrySyS Lab
10:20 - 10:40

New Sophisticated Targeted Cyber Espionage Framework: Back to Kernel

Sergey Yunakovsky, Alexey Shulmin ; Kaspersky Lab
10:40 - 11:00

The Chaos & Malicious Dragon behind the Clouds

Steve Su, Sung-Ting Tsai ; Team T5
11:00 - 11:30

Coffee break

SESSION 6: "Hell is empty, and all the devils are here."

Session host: Dmitry Bestuzhev
9:30 - 10:00

Goodfellas, the Brazilian Carding Scene Is After You

Santiago Pontiroli, Thiago Marques ; Kaspersky Lab
10:00 - 10:20

It’s a Small World After All: The Evolution of Small POS RAM Scrapers

Matt Bromiley, Courtney Dayter ; Kroll Inc
10:20 - 10:40

Stopping the Fireball - How We Took Down a Global Threat Operation, Step by Step

Maya Horowitz ; Check Point
10:40 - 11:00

Miners on the Rise

Anton Ivanov, Evgeny Lopatin ; Kaspersky Lab

SESSION 7: “Being a survivor is just another loop.”

Session host: Dewan Chowdhury
9:30 - 10:00

How to Save the Industrial World. OPC UA Vulnerability Research

Pavel Cheremushkin, Sergey Temnikov ; Kaspersky Lab
10:00 - 10:20

SCADA Intellectual Property: a Red Teaming mission

Matteo Beccaro ; Opposing Force S.r.l.
10:20 - 10:40

TRITON: The attack path to ICS safety systems

Dan Caban, Marina Krotofil ; FireEye
10:40 - 11:00

How {Goilbarco Veeder} Root a Gas Station

Ido Naor, Kaspersky Lab ; Amihai Neiderman

Coffee break - 1

Session host: SAS Crew
11:00 - 11:30

Coffee break

SESSION 8: “Time undoes even the mightiest creatures.”

Session host: Vitaly Kamluk
11:30 - 12:00

APT Street Creds: How Modern Credential Theft Goes Horribly Wrong

Michael Matonis ; FireEye
12:00 - 12:20

Masha and These Bears

Kurt Baumgartner ; Kaspersky Lab
12:20 - 12:40

Surprise Supplies!

Warren Mercer, Paul Rascagneres ; Talos
12:40 - 13:00

Finding a Monster by Its Shadow

Noushin Shabab ; Kaspersky Lab
13:00 - 14:00

Lunch

SESSION 9: "Everything you do, it's because the engineers upstairs programmed you to do it."

Session host: Kymberlee Price
11:30 - 12:00

Android Anti-RE Choosing a Different Path

Łukasz Siewierski ; Google
12:00 - 12:20

9Tail: Proactive Security Assessment

Rob Ragan, Oscar Salazar ; Bishop Fox
12:20 - 12:40

Alphathreat Soup: Burning Threat Actors with Data

Brandon Dixon, RiskIQ ; Brian Candlish, Telstra
12:40 - 13:00

Privacy Preservation in DNS Analytics

Paul Vixie ; Farsight Security

SESSION 10: "The maze isn't meant for you."

Session host: Mike Lennon
11:30 - 12:00

Hey! I’m Spying on YOU! – How We’ve Found a Backdoor in Popular Smart-cam

Vladimir Dashchenko, Andrey Muravitsky ; Kaspersky Lab
12:00 - 12:20

Things Attack: Peek into a 18 Months IoT Honeypot

Tan Kean Siong ; The Honeynet Project
12:20 - 12:40

Time of Death? A Therapeutic Postmortem for Medical Infrastructure

Denis Makrushin, Yury Namestnikov ; Kaspersky Lab
12:40 - 13:00

Yet Another Useful Blockchain Application for Security

Andrey Nikishin ; Kaspersky Lab

Lunch

Session host: SAS Crew
13:00 - 14:00

Lunch

SESSION 11: “Maybe you got more of an appetite for this than you think.”

Session host: Brian Bartholomew
14:00 - 14:30

The Rise of Middle East - Blue vs Red

Muks Hirani ; Mandiant
14:30 - 15:00

Weaponizing the Internet: Malware and State-Sponsored Attacks

Jay Rosenberg ; Intezer Labs
15:00 - 15:20

The Limits of Threat Intelligence: Omens Forecasting the End of Threat Hunting as We Know It

Vicente Diaz ; Kaspersky Lab
15:20 - 15:40

APT15 Is Alive and Strong

Kyoung-Ju Kwak ; Financial Security Institute in South Korea
16:00 - 16:30

Coffee break

SESSION 12: “This world doesn’t belong to them; it belongs to us.”

Session host: Chris Eng
14:00 - 14:30

AI & ML in Cyber Security - Why Algorithms Are Dangerous

Raffael Marty ; PixlCloud
14:30 - 15:00

Let Me Yara That for You

Dan Demeter ; Kaspersky Lab
15:00 - 15:20

Is IPv6 Killing Your Privacy?

Paul Alderson ; FireEye iSIGHT Intelligence
15:20 - 15:40

How to Hide Your Browser 0-days

Zoltan Balazs ; MRG Effitas
15:40 - 16:00

Stopping Macro Malware in Its Tracks

Giulia Biagini ; Microsoft

SESSION 13: “I was born. You were made.”

Session host: Andrey Nikishin
14:00 - 14:30

Smart Car Forensics and Vehicle Weaponization

Stefan Tanase, Gabriel Cirlig ; Ixia
14:30 - 15:00

Modern Yacht Hacking

Stephan Gerling ; ROSEN Group
15:00 - 15:20

The Voice of Esau: Hacking Enterprises Through Voice Interfaces

Tal Be’ery, Amichai Shulman ; independent researchers
15:20 - 15:40

Robots threats are challenging our safety

Cesar Cerrudo, Lucas Apa ; IOActive Labs
15:40 - 16:00

Hack Your Robot

Dewan Chowdhury ; MalCrawler

Coffee break - 2

Session host: SAS Crew
16:00 - 16:30

Coffee break

SESSION 14: “This time, I'm never goin' back.” (20 x 20 presentations)

Session host: Sergey Novikov
16:30 - 16:39

Exploring New Depths of Threat Hunting ...or How to Write ARM Shellcode in Six Minutes

Maria 'Azeria' Markstedter ; Azeria Labs
16:39 - 16:48

Fighting RTF Obfuscation

Vladislav Stolyarov ; Kaspersky Lab
16:48 - 16:57

Digital Vengeance: Exploiting Notorious C&C Toolkits

Waylon Grange ; Symantec
16:57 - 17:06

IsraBye - The First Anti-Israeli Wiper

Ari Eitan ; Intezer Labs
17:06 - 17:15

Sifting Through the Dark Sand

Sergey Lozhkin ; Kaspersky Lab
17:15 - 17:24

In​ ​Soviet​ ​Russia,​ ​Vulnerability Finds​ ​You

Inbar Raz ; Hacker of Things
17:30 - 17:40

END OF PROGRAM

19:00 - 0:20

Gala-dinner

SESSION 15: “Take me to where the mountains meet the sea.”

Session host: Stefan Tanase
16:30 - 17:30

Open Microphone

SESSION 16: "Everything in this world is magic, except to the magician"

Session host: Vladimir Dashchenko
16:30 - 17:30

Quiz Show

Friday – Conference Day 2 - Workshops Friday, March 9

Workshops

Session host: SAS Crew
9:30 - 11:00

Deceive to Detect: ‘Cyber Deception’ Strategy for ‘Lateral Movement’ Detection

Denis Makrushin ; Kaspersky Lab
11:00 - 11:30

Coffee break

11:30 - 13:00

Hunting from the Outside - 7 Strategies for Finding Cool Sh!t

John Wetzel ; Recorded Future
13:00 - 14:00

Lunch

14:00 - 16:00

Better Red than Dead: Elegant Weapons for a More Civilized Age

Rob Ragan, Oscar Salazar ; Bishop Fox
16:00 - 16:30

Coffee break

16:30 - 17:30

Internet of Things

David Jacoby, Marco Preuss ; Kaspersky Lab
Saturday – Networking and Teambuilding or Departure Day Saturday, March 10

Networking and Teambuilding/Departures

Session host: SAS Crew
Sunday – Departure Day Sunday, March 11

Departures

Session host: SAS Crew

Speakers

Brandon Dixon

RiskIQ

Brandon has spent his career in information security performing analysis, building tools, and refining processes. As VP of Product, he is responsible for managing the direction of all RiskIQ offerings.

Brandon has spent his career in information security performing analysis, building tools, and refining processes. As VP of Product, he is responsible for managing the direction of all RiskIQ offerings. Prior to RiskIQ, Brandon was the co-founder of PassiveTotal (acquired by RiskIQ) where he led development and product direction. Throughout the years, Brandon has developed several public tools, most notably PDF X-RAY, and NinjaJobs. His research and development on various security topics have gained him accolades from many major security vendors and peers in the industry.

Paul Vixie

Farsight Security

Dr. Paul VIXIE was inducted as an Innovator into the Internet Hall of Fame in 2014 after earning his Ph.D. in Computer Science from KEIO University in 2010. He is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC.

Dr. Paul VIXIE was inducted as an Innovator into the Internet Hall of Fame in 2014 after earning his Ph.D. in Computer Science from KEIO University in 2010. He is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. He was the founder of the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), the first neutral and commercial Internet exchange (PAIX, 1991), and of Farsight Security (2012), where he now serves as Chairman and Chief Executive Officer.

Vitaly Kamluk

Kaspersky Lab

Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009.

Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation.

Jay Rosenberg

Intezer Labs

Jay Rosenberg is a Senior Security Researcher at Intezer Labs. Originally from New York, he is now currently based in Tel Aviv. He is 25 years old and begun programming as well as reverse engineering at the age of 12.

Jay Rosenberg is a Senior Security Researcher at Intezer Labs. Originally from New York, he is now currently based in Tel Aviv. He is 25 years old and begun programming as well as reverse engineering at the age of 12. Expertise and specializing in malware analysis, x86 assembly, memory analysis, and Windows system internals. Having worked on everything from analyzing and attributing the largest cyber attacks in the past year to being in charge of the research behind our products focusing on code reuse detection at Intezer.

Marc Rogers

Cloudflare

Marc Rogers is Principal Security Researcher at CloudFlare. Rogers is a Whitehat hacker who has worked in the security industry for almost twenty years, including a decade managing security for the UK operator Vodafone. As well as his work in the telecoms industry, he has been a CISO in South Korea and founded a disruptive Bay Area startup.

Marc Rogers is Principal Security Researcher at CloudFlare. Rogers is a Whitehat hacker who has worked in the security industry for almost twenty years, including a decade managing security for the UK operator Vodafone. As well as his work in the telecoms industry, he has been a CISO in South Korea and founded a disruptive Bay Area startup. He is a security evangelist, who has a positive outlook on how security should be implemented in today’s global organizations. It’s this outlook that he used when he helped put together the award winning BBC series “The Real Hustle”. He is also the Head of Security at DEF CON, the world’s largest Hacker conference.

Peter Kruse

CSIS security Group A/S

Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.

Peter Kruse co-founded the Danish IT-security company CSIS in 2003 and is currently leading the eCrime department, which provides services mainly aimed at the financial sector. His ability to combine a keen appreciation of business needs and a profound technical understanding of malware has made CSIS a valued partner of clients not only in Scandinavia but also in the rest of Europe.
Today, Peter is by far the most quoted IT-security expert in Denmark and considered among the most recognized in Europe. He has a long history of active participation in several closed and vetted top IT-security communities and has numerous international connections in the antivirus- and banking industry, law enforcement and higher education institutions.

John Bambenek

Bambenek Consulting

John Bambenek is the President of Bambenek Consulting and a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign. He is also one of the incident handlers at the SANS Internet Storm Center.

John Bambenek is the President of Bambenek Consulting and a lecturer in the Department of Computer Science at the University of Illinois at Urbana-Champaign. He is also one of the incident handlers at the SANS Internet Storm Center. He has over 18 years experience in information security and leads several international investigative efforts tracking cybercriminals, some of which have lead to high profile arrests and legal actions. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He produces some of the largest bodies of open-source intelligence used by thousands of entities across the world.

Santiago Pontiroli

Kaspersky Lab

Santiago Pontiroli joined Kaspersky Lab as Security Researcher in October 2013. His principal responsibilities include the analysis and investigation of security threats in the South of Latin America (SOLA), web application security, the development of automatization tools stemming from threat intelligence studies and the reverse engineering of programs with malicious code.

Santiago Pontiroli joined Kaspersky Lab as Security Researcher in October 2013. His principal responsibilities include the analysis and investigation of security threats in the South of Latin America (SOLA), web application security, the development of automatization tools stemming from threat intelligence studies and the reverse engineering of programs with malicious code.
Before joining Kaspersky Lab, Santiago served as Development Leader at Accenture for projects such as Site Concept Studio and Avanade Connected Methods, where he supervised all technical aspects of his teams, developed and presented demos on the different platforms and offered technical support to the sales team. Prior to Accenture, Santiago worked as a consultant for several companies, providing support on access control software, system and network administration, server hardening and web application security.

Eva Galperin

EFF

Eva Galperin is EFF’s Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU.

Eva Galperin is EFF’s Director of Cybersecurity. Prior to 2007, when she came to work for EFF, Eva worked in security and IT in Silicon Valley and earned degrees in Political Science and International Relations from SFSU. Her work is primarily focused on providing privacy and security for vulnerable populations around the world. To that end, she has applied the combination of her political science and technical background to everything from organizing EFF’s Tor Relay Challenge, to writing privacy and security training materials (including Surveillance Self Defense and the Digital First Aid Kit), and publishing research on malware in Syria, Vietnam, Kazakhstan. When she is not collecting new and exotic malware, she practices aerial circus arts and learning new languages.

Andrew Blaich

Lookout

Andrew Blaich is a security researcher and the head of device intelligence at Lookout where he is focused on threat hunting and vulnerability research. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security.

Andrew Blaich is a security researcher and the head of device intelligence at Lookout where he is focused on threat hunting and vulnerability research. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a Ph.D. in computer science, and engineering from the University of Notre Dame in enterprise security and wireless networking. Andrew has presented at conferences including BlackHat, RSA, ShmooCon, and SAS.
In his free time he loves to run.

Jakub Kroustek

Avast

Jakub is Threat Lab Team Lead at Avast Software, and was AVG Virus Lab Team Lead before AVG was acquired by Avast.
Jakub is a passionate malware hunter and researcher with a love of reverse engineering. His expertise lies in ransomware, botnets, IoT hacking, darknet, and cryptocurrencies.

Jakub is Threat Lab Team Lead at Avast Software, and was AVG Virus Lab Team Lead before AVG was acquired by Avast.
Jakub is a passionate malware hunter and researcher with a love of reverse engineering. His expertise lies in ransomware, botnets, IoT hacking, darknet, and cryptocurrencies.
Jakub hates malware, but enjoys analyzing it and spreading the word about his findings by presenting at conferences, like Virus Bulletin, CARO, or Botconf.
He holds a Ph.D. degree in Computer Science and Engineering from the Brno University of Technology.

Maria 'Azeria' Markstedter

Azeria Labs

Azeria is an independent security researcher and penetration tester with a passion for Arm exploitation. Recognizing the central role of Arm in the proliferation of computing, she has set her sights on advancing Arm security and defense beyond its current constraints through vulnerability research...

Azeria is an independent security researcher and penetration tester with a passion for Arm exploitation. Recognizing the central role of Arm in the proliferation of computing, she has set her sights on advancing Arm security and defense beyond its current constraints through vulnerability research, and has founded Azeria Labs to help others with a similar interest by filling the wide gap in educational material about the art of Arm exploitation through workshops and tutorials.

Cancun, Mexico

The Kaspersky Security Analyst Summit 2018 will be held on March 7-11 at The Grand Fiesta Americana Hotel, Coral Beach, Cancun, Mexico Km 9.5, Blvd. Kukulcan, Zona Hotelera, 77500.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.