Kaspersky®

Security Analyst Summit

Singapore,
Coming Soon

Sponsors

Chronicle
+360
Talos
Qintel
Microsoft
Anomali
BlackBerry
Avast
Baidu
VirusBulletin
Infosec in the city
Div0
Coseinc
Shack
United
Airfrance/KLM
SkyTeam
kaspersky
ThreatPost

Singapore

,

The Kaspersky Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

More information about SAS 2019 you'll find here

SAS 2019 Teaser

SAS 2019 CFP Open

Agenda

Monday – Arrival Day Monday, April 8

Arrivals and Registration

Session host: SAS Crew
Tuesday – Conference Day 1 - SAS Tuesday, April 9

SESSION 1: Arise

Session host: Sergey Novikov
9:30 - 9:45

Welcome and Introductions

Eugene Kaspersky ; Kaspersky Lab
9:45 - 10:15

Supply Chain Security: A Brief Overview

Andrew “bunnie” Huang ; Independent Researcher
10:15 - 10:45

A Measured Response to a Grain of Rice: An Implant in the Shell

Joe FitzPatrick ; Securing Hardware
10:45 - 11:15

Finding a Big Supply Chain Attack: an Illustrated Guide

Costin Raiu, Vitaly Kamluk, Alexander Liskin, Boris Larin ; Kaspersky Lab
8:00 - 9:30

Breakfast

none ; none

SESSION 2: Stand Alone Complex

Session host: Sergey Novikov
11:40 - 12:10

Opaque at Both Ends: How the Internet Blew Up Information Warfare

The Grugq
12:10 - 12:35

Who Is GG?

Juan Andres Guerrero-Saade, Silas Cutler ; Chronicle Security
12:35 - 13:00

Zebrocy’s Multi-Language Malware Salad

Kurt Baumgartner ; Kaspersky Lab
13:00 - 13:20

The SAS 2019 MVP Award

13:20 - 14:20

Lunch

SESSION 3: Solid State Society

Session host: Sergey Novikov
14:20 - 14:50

Chamois: The Most Impactful Android Botnet of 2018

Maddie Stone ; Google
14:50 - 15:20

Spouseware and Stalkerware: Where Do We Go from Here?

Eva Galperin, Michael Flossman, Andrew Blaich ; Electronic Frontier Foundation; LookOut
15:20 - 15:40

Doppelgangers Unlimited

Sergey Lozhkin ; Kaspersky Lab
15:45 - 16:05

The Coordinated Takedown of [...]

Peter Kruse, Benoit Ancel ; CSIS Security Group
16:05 - 16:30

Coffee break

SESSION 4: Alternative Architecture

Session host: Sergey Novikov
16:30 - 16:55

Next-Gen HID Offensive Devices: How to Bypass an ICS Air-Gapped Environment with a Plasma Ball

Luca Bongiorni ; Bentley Systems
16:55 - 17:15

Surprise Keynote

Surprise Keynote
17:15 - 18:00

Live Debates

Wednesday - Conference Day 2 - SAS Wednesday, April 10

SESSION 5: The Making of a Cyborg

Session host: Sergey Novikov
8:00 - 10:00

Breakfast/Coffee break

10:00 - 10:30

Skeletons in the supply chain

Kris McConkey ; PwC
10:30 - 10:50

Agent Drable and stolen certificates: Sloppy means to a precarious end

Quentin Fois, Stefano Ortolani ; Lastline
10:50 - 11:10

Approaching the adversaries behind Trojan.Enfal

Steve Su, Sung-Ting Tsai ; Team T5
11:10 - 11:30

A mysterious framework

Alexey Shulmin, Andrey Dolgushev ; Kaspersky Lab
11:30 - 12:00

Coffee break

SESSION 6: Junk Jungle

Session host: Sergey Novikov
10:00 - 10:30

The art of the cashout: the evolution of attacks on payment systems

Saher Naumaan, Irving Méreau ; BAE Systems; SWIFT
10:30 - 10:50

The King is Dead. Long Live The King

Felix Aime, Yury Namestnikov ; Kaspersky Lab
10:50 - 11:10

Magecart: Beyond the Proxies and into the Plumbing

Paul Alderson ; FireEye
11:10 - 11:10

The enemy in your pocket: Large-scale SIM swap fraud

Fabio Assolini, André Tenreiro ; Kaspersky Lab; CERT-MZ
11:30 - 12:00

Coffee break

SESSION 7: Revolt of the Robots

Session host: Sergey Novikov
12:00 - 12:30

The ever-evolving arsenal of APT10

Adrien Bataille ; Mandiant
12:30 - 12:50

Espionage Framework: Fanning the flames in the Middle East

Ido Naor, Alexey Firsh ; Kaspersky Lab
12:50 - 13:10

Domestic Kitten: An Iranian Surveillance Program

Aseel Kayal, Lotem Finkelsteen ; Check Point
13:10 - 13:30

Unveil the devil

Felix Aime, Ivan Kwiatkowski ; Kaspersky Lab
13:30 - 14:30

Lunch

SESSION 8: Ghost Coast

Session host: Sergey Novikov
12:00 - 12:30

TRITON Attribution: Russian Government-Owned Research Institute Built Custom Tools for Attackers

Nathan Brubaker ; FireEye
12:30 - 12:50

Hacking Microcontroller Firmware through a USB

Boris Larin ; Kaspersky Lab
12:50 - 13:10

Another Place, another Time - GPS threats and countermeasures

Stephan Gerling ; ROSEN Group
13:10 - 13:30

Back in Black: the mysterious SCADA exploitation

Maria Garnaeva, Sergey Temnikov ; Kaspersky Lab
13:30 - 14:30

Lunch

SESSION 9: Public Security Section 9

Session host: Sergey Novikov
14:30 - 15:00

Absolutely Positively NOT 'Hacking Back' with Pcap

Steven Miller ; FireEye
15:00 - 15:20

The King Crab threat actor: IoCs for basic testing of anti-APT products and for training activities

Boldizsar Bencsath ; CrySyS Lab
15:20 - 15:40

Designed by geniuses, implemented by morons: An analysis of nation-state APT doctrines during geopolitical conflicts

Vicente Diaz ; Kaspersky Lab
15:40 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)
18:00 - 22:00

END OF PROGRAM

Gala Dinner

SESSION 10: Brainhack

Session host: Sergey Novikov
14:30 - 15:00

The Good, The Bad, & The Bounty - Learning When & How to Use Bounties Safely

Katie Moussouris ; Luta Security
15:00 - 15:20

Catching multilayered zero-day attacks on MS Office

Boris Larin, Vladislav Stolyarov ; Kaspersky Lab; independent researcher
15:20 - 15:40

Funky Malware Formats

Aleksandra Doniec, Mark Lechtik ; Malwarebytes; Check Point
15:40 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)
18:00 - 22:00

END OF PROGRAM

Gala Dinner
Wednesday – Conference Day 2 - SAS Unplugged Wednesday, April 10

SESSION 11: Laughing Man

Session host: Sergey Novikov
10:00 - 10:30

In a search for the poisonous seed

Noushin Shabab, Negar Shabab ; Kaspersky Lab; PS&C Group
10:30 - 10:50

DNSpionage

Warren Mercer, Paul Rascagneres ; Cisco Talos
10:50 - 11:10

Looking through Muddy Waters: Insight into TTPs of a Middle Eastern threat actor

Jaromir Horejsi, Daniel Lunghi ; Trend Micro
11:10 - 11:30

Behind the mask of ScarCruft

Seongsu Park ; Kaspersky Lab
11:30 - 12:00

Coffee break

SESSION 12: Robot Rondo

Session host: Sergey Novikov
10:00 - 10:30

Evolution of IoT Botnets, Torii and why your smart home is my smart home

Vladislav Iliushin ; Avast
10:30 - 10:50

Next Gen IoT Botnets - owning 450,000 devices from a single vendor

Alex “Jay” Balan ; BitDefender
10:50 - 11:10

IoT - a Malware story

Marco Preuss, Dan Demeter ; Kaspersky Lab
11:10 - 11:30

Under Pressure Real world damage with TPMS spoofing

Inbar Raz, Raziel Einhorn ; Argus Cyber Security
11:30 - 12:00

Coffee break

SESSION 13: Project 2501

Session host: Sergey Novikov
12:00 - 12:30

The lawful intercept software you've never heard of

Adam Bauer ; Lookout
12:30 - 12:50

Where are my journalists? Gaza cybergang attacks, command center and arsenal exposed

Amin Hasbini, Maher Yamout ; Kaspersky Lab
12:50 - 13:10

You’ve Got Mail!

Dan Caban ; Mandiant
13:10 - 13:30

The Politics of Public Attribution

Florian Egloff ; Center for Security Studies
13:30 - 14:30

Lunch

SESSION 14: Cyberbrain

Session host: Sergey Novikov
12:00 - 12:30

Exercising Network Defense on a (very) hostile Wi-Fi guest environment

Luiz Eduardo dos Santos, Dmitry Bestuzhev ; Aruba Threat Labs; Kaspersky Lab
12:30 - 12:50

Using Machines to exploit Machines - harnessing AI to accelerate exploitation

Ezra Caltum, Guy Barnhart-Magen ; Intel Corp
12:50 - 13:10

Wake up Neo: detecting virtualization through speculative execution

Innokentiy Sennovskiy ; BiZone LLC
13:10 - 13:30

ILlest of the IL

Jordan Wiens ; Vector 35
13:30 - 14:30

Lunch

SESSION 15: Doll without a Ghost

Session host: Sergey Novikov
14:30 - 15:00

Ghost in the Browser: Broad-Scale Espionage with Bitsquatting

Rob Ragan, Oscar Salazar ; Bishop Fox
15:00 - 15:20

Troll hunting using behavioural analytics

Staffan Truvé ; Recorded Future
15:20 - 15:40

A Cacophony of Disparate Internet Whispers: Clustering Internet-Wide Scan and Attack Traffic to Identify Who Controls What

Andrew Morris ; GreyNoise
15:40 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)
18:00 - 18:10

END OF PROGRAM

SESSION 16: The Master of Puppets’ Game

Session host: Sergey Novikov
14:30 - 16:10

QUIZ SHOW

15:40 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)
18:00 - 18:10

END OF PROGRAM

Wednesday – Conference Day 2 - SAS Unplugged WORKSHOPS Wednesday, April 10

Workshops - Stream 1

Session host: Sergey Novikov
10:00 - 11:30

Azeria’s Arm Exploitation Labs

Maria 'Azeria' Markstedter ; Azeria Labs
11:30 - 12:00

Coffee break

12:00 - 13:30

VirusTotal for Investigators

Juan Infantes Diaz, Jose Martin, Brandon Levene ; VirusTotal, Chronicle Security
13:30 - 14:30

Lunch

14:30 - 16:00

Unpacking 101

Jay Rosenberg ; Kaspersky Lab
16:00 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)

Workshops - Stream 2

Session host: Sergey Novikov
10:00 - 11:30

Social Networks IOCs Hunting

Ido Naor; Dani Goland ; Kaspersky Lab; VirusBay
11:30 - 12:00

Coffee break

12:00 - 13:30

Hunting using DNS

Irena Damsky ; Damsky.tech
13:30 - 14:30

Lunch

14:30 - 16:00

Proactive Threat Intelligence and Countermeasures

Denis Makrushin ; Ingram Micro
16:00 - 16:10

Coffee break

SWITCH TO BIG ROOM FOR CLOSING SESSION (see below)
Wednesday – Conference Day 2 - SAS Closing Session Wednesday, April 10

SESSION 17: SAS In The Shell

Session host: Sergey Novikov
16:10 - 17:00

PECHA KUCHA (20 x 20 presentations)

16:10 - 16:17

The Top-Secret Powers of Yara

Vitaly Kamluk ; Kaspersky Lab
16:18 - 16:25

Internet Balkanization – Learning from Our Past to Secure Our Future

Stefan Tanase ; Ixia
16:26 - 16:33

Traveler’s Guide to Protect Your Space - Low-Tech Physical OPSEC for High-Life Work and Life

Marco Preuss, Ariel Jungheit ; Kaspersky Lab
16:34 - 16:41

Detecting 'Gargoyle' code-Hiding via Automated Windows Kernel Analysis

Aliz Hammond ; Countercept
16:42 - 16:49

Exploiting Telco Support Teams for Fun and Profit

David Jacoby ; Kaspersky Lab
16:49 - 16:56

UPnP: Current Threat Landscape

x0rz
17:00 - 17:30

Ending KEYNOTE #1 OPCDE: Empowering the Underserved in Security Communities

Matt Suiche ; Comae Technologies
17:30 - 18:00

Ending KEYNOTE #2 A Peek Into the Future

Costin Raiu ; Kaspersky Lab
18:00 - 22:00

END OF PROGRAM

Gala Dinner
Thursday – Departure Day Thursday, April 11

Departures

Session host: SAS Crew

Speakers

Maddie Stone

Google

Maddie Stone is a Security Engineer on the Android Security team at Google. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. 

Maddie Stone is a Security Engineer on the Android Security team at Google. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including REcon Montreal, DerbyCon, and the Women in Cybersecurity Conference.

Joe Fitzpatrick

SecuringHardware.com

Joe is a Trainer and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers.

Joe is a Trainer and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He has spend the past 5 years developing and leading hardware security related training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks courses, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.

Saher Naumaan

BAE Systems

Saher is a Threat Intelligence Analyst at BAE Systems Applied Intelligence and a rising star in the industry. She currently researches state-sponsored cyber espionage with a focus on threat groups and activity in the Middle East.

Saher is a Threat Intelligence Analyst at BAE Systems Applied Intelligence and a rising star in the industry. She currently researches state-sponsored cyber espionage with a focus on threat groups and activity in the Middle East. Saher specialises in analysis covering the intersection of geopolitics and cyber operations, and regularly speaks at public and private conferences around the world. Prior to working at Applied Intelligence, Saher graduated from King’s College London with a Master’s in Intelligence and Security, where she received the Barrie Paskins Award for Best MA dissertation in War Studies.

Staffan Truvé

Recorded Future

Staffan is the Co-founder and CTO of Recorded Future. Previous to that, he was CEO of the Swedish Institute of Computer Science (SICS) and Interactive Institute.
Staffan has co-founded or helped launch more than a dozen high tech start-ups, including Spotfire, Appgate, SmartEye, PilotFish, Makewave, Gavagai, Peerialism, Axiomatics, and Recorded Future.

Staffan is the Co-founder and CTO of Recorded Future. Previous to that, he was CEO of the Swedish Institute of Computer Science (SICS) and Interactive Institute.
Staffan has co-founded or helped launch more than a dozen high tech start-ups, including Spotfire, Appgate, SmartEye, PilotFish, Makewave, Gavagai, Peerialism, Axiomatics, and Recorded Future. He holds a PhD in computer science from Chalmers University of Technology, has been a visiting Fulbright Scholar at MIT and holds an MBA from Göteborg University. His research interests include parallel and distributed computing, artificial intelligence, information visualization, and open source intelligence.
Staffan is a member of the Royal Swedish Academy of Engineering Sciences.

Haroon Meer

Thinkst

Haroon Meer is the founder of Thinkst, the company behind the awesome Thinkst Canary. Haroon has contributed to several books on information security and has published a number of papers and tools on various topics related to the field.

Haroon Meer is the founder of Thinkst, the company behind the awesome Thinkst Canary. Haroon has contributed to several books on information security and has published a number of papers and tools on various topics related to the field. Over the past decade (and a half) he has delivered research, talks, and keynotes at conferences around the world.

Juan Andres Guerrero-Saade

Chronicle Security

Juan Andrés is Staff Security Researcher at Chronicle Security tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador.

Juan Andrés is Staff Security Researcher at Chronicle Security tracking cyberespionage groups. Prior to joining Chronicle, he was Principal Security Researcher at Kaspersky’s GReAT team focusing on targeted attacks and worked as Senior Cybersecurity and National Security Advisor to the Government of Ecuador. Juan Andrés comes from a background of specialized research in Philosophical Logic. His publications include ‘The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage’, ‘Wave your False Flags! Deception Tactics Muddying Attribution in Targeted Attacks’, and ‘Walking in your Enemy’s Shadow: When Fourth-Party Collection Becomes Attribution Hell’.

Kurt Baumgartner

Kaspersky Lab

Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team at Kaspersky Lab.

Kurt Baumgartner is a Principal Security Researcher on the Global Research and Analysis Team at Kaspersky Lab. He’s worked out of Boulder, Colorado, focused on targeted attacks since 2010. He supports research efforts with reversing and analysis, and authors private APT intelligence reports and external publications.

Aleksandra Doniec

Malwarebytes

Aleksandra is passionate about IT since early teenage years. From that time she collected a wide range of experience – working as a scientific researcher, programmer, pentester and analyst.

Aleksandra is passionate about IT since early teenage years. From that time she collected a wide range of experience – working as a scientific researcher, programmer, pentester and analyst. Currently works as a malware intelligence analyst for Malwarebytes, sharing knowledge about the current threats it in technical blog posts, as well as on a private YouTube channel. She is an author and active maintainer of several free and open-source tools, mostly related to malware analysis, i.e. PE-bear, PE-sieve.

Andrew 'bunnie' Huang

Independent Researcher

Bunnie is best known for his work hacking the Microsoft Xbox, as well as for his efforts in designing and manufacturing open source hardware, including the chumby (app-playing alarm clock), chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop).

Bunnie is best known for his work hacking the Microsoft Xbox, as well as for his efforts in designing and manufacturing open source hardware, including the chumby (app-playing alarm clock), chibitronics (peel-and-stick electronics for craft), and Novena (DIY laptop). He received his PhD in EE from MIT in 2002. He currently lives in Singapore where he runs Kosagi, a private product design studio. bunnie actively mentors several startups and students of the MIT Media Lab.

Aseel Kayal

Check Point

Aseel is a malware analyst at Check Point Research. She joined Check Point as a security analyst in 2016. She received her bachelor’s degree in Computer Science and English Literature, and speaks Arabic, Hebrew and English.

Aseel is a malware analyst at Check Point Research. She joined Check Point as a security analyst in 2016. She received her bachelor’s degree in Computer Science and English Literature, and speaks Arabic, Hebrew and English. Aseel’s research mainly focuses on threat groups and cyberattacks in the Middle East. Some of her work was presented at security conferences such as Virus Bulletin and Botconf.

Kris McConkey

PwC

Kris leads our Cyber Threat Detection and Response team which comprises of highly specialised cyber security professionals. He is responsible for the delivery of our cyber threat response capabilities which enables clients to resist, detect and respond to advanced cyber attacks.

Kris leads our Cyber Threat Detection and Response team which comprises of highly specialised cyber security professionals. He is responsible for the delivery of our cyber threat response capabilities which enables clients to resist, detect and respond to advanced cyber attacks. Focusing on cyber crime, espionage investigations and technical countermeasures, his team is regularly called on to investigate and contain network intrusions and provide actionable threat intelligence to clients in crisis situations.

Vitaly Kamluk

Kaspersky Lab

Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009.

Vitaly has been involved in malware research at Kaspersky Lab since 2005. In 2008, he was appointed Senior Antivirus Expert, before going on to become Director of the EEMEA Research Center in 2009. He spent a year in Japan focusing on major local threats affecting the region. In 2014 he was seconded to the INTERPOL Global Complex for Innovation in Singapore, where he works in the INTERPOL Digital Crime Center specializing in malware reverse engineering, digital forensics and cybercrime investigation. He remains a Principal Security Researcher at Kaspersky Lab.

Singapore

The Security Analyst Summit 2019 will be held on April 8-11 at The Swissôtel The Stamford, 2 Stamford Road, Singapore.

We use cookies to make your experience of our websites better. By using and further navigating this website you accept that some of your browsing activity can be recorded in cookies. Detailed information about the use of cookies on this website is available by clicking on more information.