SAS videos – Securelist https://securelist.com Tue, 04 Apr 2023 09:32:58 +0000 en-US hourly 1 https://wordpress.org/?v=6.2.2 https://securelist.com/wp-content/themes/securelist2020/assets/images/content/site-icon.png SAS videos – Securelist https://securelist.com 32 32 SAS 2021 workshop: Asset Discovery and Monitoring for Bug Hunters 101 https://securelist.com/webinars/sas-2021-workshop-asset-discovery-and-monitoring-for-bug-hunters-101/ https://securelist.com/webinars/sas-2021-workshop-asset-discovery-and-monitoring-for-bug-hunters-101/#respond Mon, 18 Oct 2021 16:30:43 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104633

Grab a cup of coffee and boot up Kali Linux! In the workshop “Asset Discovery and Monitoring for Bug Hunters 101”, independent researcher Denis Makrushin will share tools, tactics and techniques that security researchers, software engineers and pentesters will find invaluable.

]]>
https://securelist.com/webinars/sas-2021-workshop-asset-discovery-and-monitoring-for-bug-hunters-101/feed/ 0 full large medium thumbnail
SAS 2021 workshop: Company-wide SAST https://securelist.com/webinars/sas-2021-workshop-company-wide-sast/ https://securelist.com/webinars/sas-2021-workshop-company-wide-sast/#respond Mon, 18 Oct 2021 16:00:40 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104628

Static Application Security Testing (SAST) is an important part of the software development cycle, especially when it comes to application security. During SAS 2021, Aleksei Meshcheriakov and Evgenii Protsenko shared their experience of implementing SAST techniques at Yandex, a Russian IT company known for its services and applications. What tools to use, how to improve the analysis quality, how to write rules to automate processes – these questions and many others are covered in the “Company-wide SAST” workshop.

]]>
https://securelist.com/webinars/sas-2021-workshop-company-wide-sast/feed/ 0 full large medium thumbnail
SAS 2021: How do you say “Chinese Supply Chain Attack” in Farsi https://securelist.com/webinars/sas-2021-how-do-you-say-chinese-supply-chain-attack-in-farsi/ https://securelist.com/webinars/sas-2021-how-do-you-say-chinese-supply-chain-attack-in-farsi/#respond Mon, 18 Oct 2021 15:30:07 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104612

Why did threat actor UNC215 start to write in Farsi? Security researchers Stav Shulman (Mandiant) knows the answer. In her “How do you say ‘Chinese Supply Chain Attack’ in Farsi” talk, she observes a new targeted campaign against multiple Israeli targets in the government, hi-tech and IT sectors. One of the interesting features of this campaign was the presence of false flags – in the malware code there were comments written in Farsi.

]]>
https://securelist.com/webinars/sas-2021-how-do-you-say-chinese-supply-chain-attack-in-farsi/feed/ 0 full large medium thumbnail
SAS 2021 workshop: Zero-knowledge Go Reverse-engineering https://securelist.com/webinars/sas-2021-workshop-zero-knowledge-go-reverse-engineering/ https://securelist.com/webinars/sas-2021-workshop-zero-knowledge-go-reverse-engineering/#respond Thu, 14 Oct 2021 19:34:17 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104582

The Go language is increasingly used by malware authors, and its binaries cannot be tackled with the usual approach. This combination makes Go malware a tough nut to crack for a reverse engineer. In his ‘Zero-knowledge Go Reverse-engineering’ workshop Ivan Kwiatkowski, Kaspersky’s senior security researcher, shares his experience in dissecting Go binaries and demonstrates how to analyze a real life malware sample.

]]>
https://securelist.com/webinars/sas-2021-workshop-zero-knowledge-go-reverse-engineering/feed/ 0 full large medium thumbnail
SAS 2021 workshop: Writing Better YARA Rules https://securelist.com/webinars/sas-2021-workshop-writing-better-yara-rules/ https://securelist.com/webinars/sas-2021-workshop-writing-better-yara-rules/#respond Thu, 14 Oct 2021 19:28:09 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104578

YARA is a famous tool for malware researchers helping them to identify and classify malware samples. However, what exactly can a specialist do with YARA? In their workshop ‘Writing Better YARA Rules’ Costin Raiu (Kaspersky) and Vicente Diaz (VirusTotal) discuss the effective usage of YARA rules and share some hands-on experiences, including disassembling some real YARA rules and analyzing good and bad examples of them.

Bonus: introduction of KLARA – an open source YARA instrumentation framework.

]]>
https://securelist.com/webinars/sas-2021-workshop-writing-better-yara-rules/feed/ 0 full large medium thumbnail
SAS 2021 workshop: Prevent & Detect Security Threats in the Kubernetes Era https://securelist.com/webinars/sas-2021-workshop-prevent-detect-security-threats-in-the-kubernetes-era/ https://securelist.com/webinars/sas-2021-workshop-prevent-detect-security-threats-in-the-kubernetes-era/#comments Thu, 14 Oct 2021 19:20:38 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104573

The popular container orchestration platform Kubernetes is not secure by default, and there are many ways to compromise it. At the same time, the platform has native capabilities to make it secure. For over an hour Diego Comas, Security Engineering manager from Sourcegraph, will be

  • discussing the threat matrix and the security aspects of Kubernetes,
  • showing statistics of security incidents related to Kubernetes,
  • demonstrating how to prevent the platform-related threats,
  • sharing useful tips and tricks.

Join him in the ‘Prevent & Detect Security Threats in the Kubernetes Era’ workshop!

]]>
https://securelist.com/webinars/sas-2021-workshop-prevent-detect-security-threats-in-the-kubernetes-era/feed/ 1 full large medium thumbnail
SAS 2021: Time to Make the Donuts https://securelist.com/webinars/sas-2021-time-to-make-the-donuts/ https://securelist.com/webinars/sas-2021-time-to-make-the-donuts/#respond Wed, 13 Oct 2021 13:11:20 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104562

As we suggested in the SAS 2021 announcement, the ‘Time to Make the Donuts’ presentation isn’t about actual doughnuts. It is about a much more interesting and complicated topic – supply-chain attacks.
What is a supply-chain attack? Why do cybercriminals choose this type of attack? What are the typical tactics and processes of supply-chain attacks? Kurt Baumgartner of Kaspersky GReAT has prepared a smart overview of major attacks of 2021 and recent years. On the menu there are both famous names, like SolarWinds/Sunburst, ExPetr and Shadowpad, and less known ones, such as MonPass/BountyGlad.

]]>
https://securelist.com/webinars/sas-2021-time-to-make-the-donuts/feed/ 0 full large medium thumbnail
SAS 2021: Learning to ChaCha with APT41 https://securelist.com/webinars/sas-2021-learning-to-chacha-with-apt41/ https://securelist.com/webinars/sas-2021-learning-to-chacha-with-apt41/#respond Wed, 13 Oct 2021 09:25:09 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104555

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth (PwC) will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 (Red Apollo), the presentation will dance you through the malware used by APT41 – the Motnug loader and its descendant, the ChaCha loader, to some thoughts on the actor’s attribution and the payload, including the infamous CobaltStrike.

Indicators of compromise, YARA rules, and Python scripts for the Kaspersky TheSAS2021 talk “Learning to ChaCha with APT41“: https://github.com/PwCUK-CTO/TheSAS2021-Red-Kelpie

]]>
https://securelist.com/webinars/sas-2021-learning-to-chacha-with-apt41/feed/ 0 full large medium thumbnail
SAS 2021: Fireside chat with Chris Bing https://securelist.com/webinars/sas-2021-fireside-chat-with-chris-bing/ https://securelist.com/webinars/sas-2021-fireside-chat-with-chris-bing/#respond Wed, 13 Oct 2021 09:20:57 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104551

How to build up a fascinating story from a hardcore APT report? Where to find details and how to work with information sources? Sitting by the virtual fireside, Brian Bartholomew (Kaspersky GReAT) and Christopher Bing (Reuters) will discuss how malware researchers and investigative journalists can help each other in their work.

]]>
https://securelist.com/webinars/sas-2021-fireside-chat-with-chris-bing/feed/ 0 full large medium thumbnail
SAS 2021: Operation Software Concepts https://securelist.com/webinars/sas-2021-operation-software-concepts/ https://securelist.com/webinars/sas-2021-operation-software-concepts/#respond Wed, 13 Oct 2021 09:12:32 +0000 https://kasperskycontenthub.com/securelist/?post_type=webinars&p=104549

During the ‘Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon‘ talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security (Japan) will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting Russian and Mongolian governments and defense sector with droppers, RAT and other malware. The researches will also show some connections between the campaign and various APT groups, such as APT31, Tonto and Mofang.

]]>
https://securelist.com/webinars/sas-2021-operation-software-concepts/feed/ 0 full large medium thumbnail