xorl %eax, %eax

Kaspersky SAS ’23

leave a comment »

I’m always seeking to learn and experience different cyber security events since each one of them gives you a different perspective of our industry (and the world), and Kaspersky’s Security Analyst Summit (SAS), was in my “to do” list for a long time.

I planned to attend SAS in 2018-2019 but due to some competing priorities, I couldn’t. Then, in 2020 I applied to do a presentation titled “cyber-crime ecosystem in the travel industry” which was accepted, but the conference was cancelled due to the pandemic, and in 2023 it was the first time since the pandemic that SAS was back. So, after 5 years, I finally managed to attend the SAS ’23 which took place in Phuket, Thailand and was a wonderful, small, security conference.

It was a relatively small event with a couple of hundred of people or so. But the content was incredible. From all sorts of APTs that you rarely hear about, to innovative research, and of course having the ability network and chat with professionals from national CERTs as well as security researchers from countries rarely present in the well-known US and European cyber security events, with a truly amazing organisation, lots of activities and surprises.

As security professionals it’s imperative that we understand the threat landscape globally, and this event was a remarkable place to gain that insight for anyone coming from US or EU background. Both from the defenders and the attackers’ perspective, the event included very interesting TTPs and content that I hadn’t seen before.

Lastly, as Eugene Kaspersky put it in one of the conference activities, a great security conference needs to have: 1) new and innovative security research/content; 2) be hosted in a nice environment/location that allows people to disconnect from their day-to-day work; and 3) be fun. SAS ’23 managed to cover all three areas successfully.

It’s hard to choose my favourite talks from this event, but if I had to pick 5 (in no particular order), based on the knowledge I acquired from them, those would be:

  • StripedFly: Traversing the Blue Expanse in Search of Eternal Wonders
    • by Sergey Belov and Sergey Lozhkin (Kaspersky GReAT)
  • How Many Gates to the Temple of Space? Shapes of Tunnels Drilled by Desecrators
    • by Askar Dyussekeyev (KZ-CERT)
  • Unearthing TetrisPhantom: Discovering secrets of an intricate cyber threat campaign
    • by Noushin Shabab (Kaspersky GReAT)
  • Operation Triangulation: Сonnecting the Dots
    • by Igor Kuznetsov (Kaspersky)
  • Space Pirates: raiders of privacy
    • by Denis Kuvshinov (Positive Technologies)

Written by xorl

February 1, 2024 at 14:45

Posted in conferences/trainings

«
»

Leave a comment