Kaspersky Security Analyst Summit: a few words about training

Kaspersky Security Analyst Summit is planned for next February. Among the highlights of SAS 2016 are trainings for the attending participants, with top Kaspersky Lab’s researchers and other security experts at the helm.

Kaspersky Security Analyst Summit is planned for next February. Among the highlights of SAS 2016 are training sessions for the attending participants, with top Kaspersky Lab’s researchers and other security experts at the helm.

Hunt APTs with Yara like a GReAT Ninja

This training will be led by the top brass of Global Research & Analysis Team with Kaspersky Lab – Costin Raiu, Vitaly Kamluk and Sergey Mineev.

If anyone knows a thing or two about APTs, it is these gentlemen. Kaspersky Lab’s Global Research and Analysis Team is credited with the discovery and analysis of several major cyberespionage campaigns, including Stuxnet, Duqu, Flame, Gauss, Red October, MiniDuke, Turla and more recently, the Careto/TheMask, Carbanak and Duqu2.

In fact, there are hundreds of APTs discovered and analyzed by GReAT, and during the training they are willing to share one of their specific recipes – “a secret ingredient”, which happens to be Yara rules for detection of APT-related malware. Lots of real-life examples are promised, which really helped to discover the actual threats.

The class will take two days and is limited to 15 participants max. The only requirements are your own laptop with Yara v. 3.4.0 installed – and, of course, knowledge of the Yara language.

Malware Reverse Engineering course

Over the four days the participants will be unpacking malware, extracting shell codes, and reverse engineering the malware (there will be a few real-world APT samples).

The class is limited to 20 participants; the list of prerequisites is rather long, but it is worth it.

Security of cellular communications in embedded systems

As the Internet of Things is upon us, a multitude of connected embedded devices arrive with lots of possible flaws – flaws that are as exploitable as any other software bug, but such exploitation may stay unseen for a very long time.

During this training, Alexey Osipov, Senior Expert with Kaspersky Lab’s Penetration Testing Team, will offer his insights into possible security issues in cellular communications used in automotive vehicles and equipment that needs on-demand communications in remote sites.

Participants will learn various methods of gaining access to cellular-connected devices, overall approach to security assessment and vulnerability identification in such systems. Acquired knowledge will help participants to conduct their own security assessments of GSM-based communication infrastructure for such targets as SCADA RTU/PLC, transportations systems, automotive vehicles, ATMs and various IoT devices.

The training is targeting telecom specialists, security engineers, penetration testers, and vulnerability researchers.

Software Exploitation Via Hardware Exploitation

Stephen Ridley is a Principal Researcher with Xipiter, with more than 10 years of experience in software development, software security, and reverse engineering.

His course is also dealing with IoT and its flaws: over the two days, participants will learn how to reverse engineer and exploit software on embedded systems – via hardware.

It teaches all of this against real-world Commercial Off The Shelf (COTS) products such as routers, game systems, and other appliances.

This course has the widest intended audience: penetration testers, forensic investigators, reverse engineers, software security auditors/analysts, software exploitation engineers, “makers”, tinkerers, developers, IT pros, mobile developers, hackers, jailbreakers, and anyone interested.

All the participants will need a laptop with a few operational USB ports, a 3-button mouse, and a VMWare workstation installed.

WINDOWS Kernel Rootkits Techniques and Analysis

As the most popular OS in the world, Windows is also the most targeted OS. Introducing a kernel rootkit is a dream-come-true for cybercriminals, and the source of the most tremendous headache for security pros.

This class is tailored for malware analysts, system developers, forensic analysts, incident responders, or enthusiasts who want to analyze Windows kernel rootkits or develop software for similar tasks. It explains how the rootkits exploit Windows architecture, hiding processes, files, network connections, etc. The participants will delve into the kernel programming environment, implementing some kernel-mode utilities to aid understanding.

The class will contain, of course, many hands-on labs and exercises using real-world rootkits. There are no made-up examples in the class.

A laptop with VMWare and a number of other specific software will be required to participate.

Digital Intelligence Gathering Using Maltego

This course is built around capabilities of special intelligence-gathering software Maltego, developed by Paterva company. Appropriately, Paterva’s engineers will be the trainers here. Their motto reads:” “Join us and we’ll show you how to navigate and map the Internet’s darkest rivers…”

Trainers promise to “shock out” the audience, showing how much data is “out there” and what people can do with it as well as how you can reach this data for both defending and attacking.

Attacked businesses often ask security researchers to help them to find out “whodunnit”, although in the most cases it is not their job. This training may help in-house IT staff to perform the “intelligence” task, if it necessary.

In fact, all of these training sessions can help businesses’ in-house IT professionals to perform tasks that are non-standard, but occasionally may become critical to protect the company’s data from advanced threats.

More details on SAS 2016 is available here.

Tips