nice music

Who invited St Myers?

Dan Melcher???

Jesus, the music was so loud, it annihilated by ears. Gone %100 deaf.

EHLO

Are these brain washing waves?

Welcome everyone!

Dan, your hat is 146% more sexy and applicable here

100 10x musicians

Hey all

Howdy Brian. Three ? is a bit dramatic!

Maybe at SAS :)

hey all

that background though...

The Heat Principle™

at the over 9000 mark ^.^

I feel the taste of SAS a bit now. Anyone else does?

+1

Hulquist brings taste of SAS.

Like a SAS dry rub

Awesome con, highly recommended

Hey JAGS!

one of the best conferences out there

:D

Make all the cons online?!?!

and their trainings ;)

Maaan, I so much miss SAS, with all the people and all the palinka

Take two shots, answer quick questions

I miss SAS too! :/

<.<

Take us back to Punta Cana

No Ted Cruz

Cancun was a super good location for sas

There were 3 amazing SASes in Cancun, this is true T_T

(Maybe 4?)

*clap clap clap* Seongsu!

Hi Seongsu!

If you want to read more about ThreatNeedle, check out the report we released today: https://securelist.com/lazarus-threatneedle/100803/

How many Microsoft engineers does Lazarus have on staff?

Assistant Attorney General John Demers described the three hackers [...] as "the world's leading bank robbers" and "a criminal syndicate with a flag.".

so, about ~3000

😂

1000 thousand AI robots to change a bulb.

Ishimaru-san, ieeeeei

Thanks for Good Presentation +_+

Great presentation on ThreatNeedle, thank you for sharing your research and what you observed :)

+1

Love listening to Suguru. Always a good time!

Ishimaru-san, cool!!

Maeda-san!!!

Thank you for showing ThreatNeedle to us!

Is McConkey in here?

+1000 Dave

A41APT41

Oh it makes sense definitely

Vitaly-san~~~ :)

:) Many APTs are not real APTs too

Just confusing to see without context

@Brian, Kris told me to relay that he wishes he could have attended! Instead his analysts are here taking notes, sorry :')

this is a great slide

Thanks Brian!

Can we get a timeline of exploits used like that last slide?

interesting they use blind key exchange!

Is that normal for Chinese groups?

(Assuming I Read that last slide correctly)

Provocative export function name :)

Please direct your Qs regarding the presentation to the Q&A box so we do not miss any of them :)

Do we ever see "stolen credentials" that would have been gotten only from SIGINT networks?

We say "Delete the eventlog" - do they do a full wipe or a selected entries delete?

Sounds like they yeet the logs.

Yeet!

I wonder how good the Lazarus group is at Starcraft2

That's a really good finding

and I wish it had a bullet-point on the slide

so we could share it more widely

Its been a while since I've played StarCraft 2

"I wonder how good the Lazarus group is at Starcraft2" => they still play starcraft 1.04 for sure

(Real world attacker finding Kerberos hosts that are due to be decommissioned but hanve't yet)

SC1 is hardcore <.<

Here is the link to the slide deck of the A41APT presentation: https://twitter.com/kaspersky/status/1364952544221495301

Sergio must be sooo happy right now :)

Diamond FTW

Yes, The attacker delete secutity logs for each works.

Great job! Thanks!

Thanks for the very nice A41APT research results! Otsukare-sama!

Oh damn Vitality is on

Great presentation!

Dont disconnect!

No no, we love your IDA Pro kung-fu

I am deifinitely disconnecting

midnight commander for the win :D

vmprotect is so annoying

What is he using to get this on the screen?

Can you unpack the riotgames valiant kernel module?

clicky clicky

@Anthony the video will be made available after ;)

What is the programs name here on the last section

Master Vitaly’s presentation magic is unparalleled

IDA TIME

@Keld, he’s using x64dbg (https://x64dbg.com/#start) which has Scylla built in if that’s what you were asking. Not sure if that was your question.

Thanks

Magic

Amazing

Ugg vmprotect

Is it possible to provide the samples, or the hashes, so that we can try by ourself? Thanks

I find it useful!

Super secret solution…Ask Vitaly to find a solution ;)

<3

Awesome job Master V

Thanks Vitaly

activate windows :))

Amazing presentations everyone!

hahaha

Will you share the IDApython script?

Yes

Yes!

Bloggie awards!

Yes please

MOAR for Securelist

+1

Awesome presentation! Thanks Vitaly!

Yes~ Thanks you !!!

Thank you, Vitaly! Great presentation!

Awesome demo!

You told them to disconnect!

50 people don’t know IDA / x64dbg

Brian, when are we getting a BITTER / Moses report?

Thank you all speakers, good night

Thank you all for the awesome presentations!

Thanks guys!

This week / early next

thanks for everything :)

<3

Thanks!

thanks to you all

Thanks, great presantation!

Great talks! Great conference as always! Thanks Kaspersky :)

thx!

I expect Dan to be dressed as the hamburgler for the US edition

stay tuned for more rumours about Hybrid-SAS.... later this year

Thank you guys!

thanks everybody!

thank you!

Thank you!

respect to all the speakers!!!!

If you interested in Reversing Malware training we are launching one at xtraining.kaspersky.com later this year. Stay tuned!

Reversing Malware Training - YEEESSS

"I expect Dan to be dressed as the hamburgler for the US edition " => 1 BTC , downpayment