Zoom Logo

GReAT Ideas. Powered by SAS: threat hunting and new techniques - Shared screen with speaker view
Costin Raiu
36:34
hi all! good morning from Bucharest, Romania!
kurt baumgartner
36:47
good morning guys! where's the hat dan
vicente diaz
36:57
Hi everyone from Barcelona !
Brian Bartholomew
37:30
Hey all, glad to see everyone here :)
Mauricio Tapia
37:46
Buenos días a todos, desde Chile !!!
Oleg Bil
37:59
Hello from Kazakhstan!
Sercan Azizoglu
38:25
Greetings from Turkey.
vicente diaz
38:27
Dan, you are sitting in the same swing I have ni my garden
Gonzal Pereyra
38:35
Greetings from Poland!
Brian Bartholomew
38:52
Nice to see John Belushi is here :)
Kennnedy Githaiga
39:15
Greetings from Kenya!
Pratheek Menon
39:32
Hello from India ! :)
Angelo Recalde Monar
39:34
Good morning from Ecuador
Brian Bartholomew
39:39
No palinka Juan sorry
Brian Bartholomew
39:44
Virtual palinka
Brian Bartholomew
40:06
@Marcelo in English
kurt baumgartner
40:20
palinka pancakes for today's meeting
Dani Creus
40:26
Virtual Palinka ©
Abdullah A
41:06
greetings
kurt baumgartner
41:08
oh we KNOW what you mean
kurt baumgartner
43:00
dig dig
kurt baumgartner
45:12
starter level access
Dan.Demeter
45:51
Heya! Please make sure you submit your (serious) questions using the Q&A tab :)If you ask it here, I might miss it while I moderate :)
Dan.Demeter
47:00
=> If you’re interested to have a speech or provide a workshop please contact the conference organizers at thesascon@thesascon.com
Dan.Demeter
47:49
Greetings all! Thanks for joining! Cheers from Romania
Marc Rivero
47:51
Great presentation! Hello everyone!
kurt baumgartner
49:17
pandas are more like cats btw
Dan.Demeter
56:52
@gil elliot: I think this is the link you are looking for: https://www.botconf.eu/wp-content/uploads/2018/12/2018-Y-Ishikawa-S-Nagano-Lets-go-with-a-Go-RAT-_final.pdf
kurt baumgartner
01:10:41
very interesting info on that c2 turnover
Noushin Shabab
01:11:07
very interesting presentation Brian! thanks
J A G-S
01:11:57
ooh! Greg is here
Irena Damsky
01:11:58
the bears look like they are part of the family <3
Gonzal Pereyra
01:13:50
Great presentation!
Brian Bartholomew
01:20:19
I will check about sharing slides and if OK with mgmt I’ll post shortly.
Brian Bartholomew
01:20:26
Thanks for the questions folks
Oleg Bil
01:20:57
Thanks a lot, Brian!
Ivan Aleksandrov
01:21:40
Great, thanks a lot, Brian! :)
qweqwe qweqwe
01:27:20
MAKE MEMES GREAT AGAIN
Dan.Demeter
01:27:45
Corrected that for you: MAKE MEMES GReAT AGAIN
J A G-S
01:31:38
Is there a way for individual researchers to get access to KTAE?
kurt baumgartner
01:32:09
send that over to Q&A, sir
J A G-S
01:33:39
Thank you for answering the questions.
kurt baumgartner
01:33:52
:)
Brian Bartholomew
01:35:02
intelreports@kaspersky.com
Brian Bartholomew
01:35:10
@Parth
Brian Bartholomew
01:36:01
Yes
Brian Bartholomew
01:36:13
How do the French get such good Mohawks?
Dan.Demeter
01:36:23
LOL
Jeff Espo
01:36:27
You need hair to have one Brian
Brian Bartholomew
01:36:30
He’s got Vitaly beat I think
Dani Creus
01:36:38
xDDDD
Brian Bartholomew
01:38:23
Sad Panda
Dan.Demeter
01:44:52
Broke Panda
Dan.Demeter
01:48:28
AUdio is ok for me
Marcio Silva
01:50:52
audio is wierd
Sercan Azizoglu
01:51:31
Are you saying about the accent? I've NP.
Brian Bartholomew
01:52:05
@Dan your rooster is telling you something ;)
J A G-S
01:52:06
I think I just heard a rooster
J A G-S
01:52:25
Cause linux is lame… <.<
Noushin Shabab
01:52:44
very interesting presentation! Thanks Pierre
Brian Bartholomew
01:53:14
Is @Dan on a pontoon boat?
Brian Bartholomew
01:53:22
“Nature”
Brian Bartholomew
01:53:29
Rooster will be dinner later ;)
Cristiana Kittner
01:53:32
What other animals are in grandma’s backyard?
Brian Bartholomew
01:53:58
G-Hydra
Brian Bartholomew
01:54:00
haha
J A G-S
01:54:06
Gee dra
Brian Bartholomew
01:54:13
Geedrah
Brian Bartholomew
01:54:17
haha
J A G-S
01:54:19
Giiii druh
Renato C
01:54:22
Save those chickens for dinner!
Costin Raiu
01:54:25
Gee-do-rah in the original anime :)
Noushin Shabab
01:54:26
we should have listened to the nature instead of the opening music! :)
J A G-S
01:54:41
The rooster doesn’t like ghidra.
Mauricio Tapia
01:54:59
We have chicken for lunch!
Brian Bartholomew
01:55:04
TIL, never play Boris in PS4
J A G-S
01:55:24
IDA PRO WOOO
Brian Bartholomew
01:56:14
I only use IDA Elite version. Dang
J A G-S
01:59:43
IDA Eyleet
J A G-S
02:02:18
Option D: Whatever plugin still works after each update.
J A G-S
02:06:28
Building Karta sucks <.<
Brian Bartholomew
02:09:41
Alleycat rocks
J A G-S
02:11:03
Give us all the plugin, man.
J A G-S
02:11:25
Plugin idea: KLUVE2IDA
Noushin Shabab
02:11:42
that was wonderful, Boris! :)
Brian Bartholomew
02:12:28
KLUVE2IDA: Um there might be a slight problem with that one ;)
Brian Bartholomew
02:13:18
Oooh blue sky in Mijammy
Boris Larin
02:13:50
Instruction highlighting - https://github.com/oct0xor/highlight2Collection of IDA Pro F.L.I.R.T. files - https://github.com/Maktm/FLIRTDBIDB2PAT - https://github.com/fireeye/flare-ida/blob/master/python/flare/idb2pat.pyBinDiff - https://www.zynamics.com/software.htmlDiaphora - https://github.com/joxeankoret/diaphoraKarta - https://github.com/CheckPointSW/Kartafindcrypt-yara - https://github.com/polymorf/findcrypt-yaraalleycat - https://github.com/devttys0/ida/tree/master/plugins/alleycatIDA StringCluster - https://github.com/Comsecuris/ida_strclusterIPyIDA - https://github.com/eset/ipyidaIdaRef - https://github.com/nologic/idaref
J A G-S
02:14:17
Thank you, Boris! Amazingly useful talk :)
Boris Larin
02:14:36
Thank you! Glad you like it! :)
Mauricio Tapia
02:14:49
Successes Dima and Fabio! 🇨🇱
Brian Bartholomew
02:28:04
In other news…WTF? https://twitter.com/msuiche/status/1285805525083598850
Cristiana Kittner
02:30:35
We needed something new, cyberthreat cube..maybe if we refer to it as C2 it’ll make things so much easier
Brian Bartholomew
02:31:41
We need to get a kick ass Kaspersky video on “The CyberCube”
Ivan Kwiatkowski
02:34:54
I think the 3D war is already lost. We need to focus on 4D models now.
Jeff Espo
02:36:24
By rain, he means he is scared of roosters
Brian Bartholomew
02:36:35
Roosters are a-holes
Ariel Jungheit
02:36:41
Dan got raided by roosters
Brian Bartholomew
02:37:24
Online Yara! Woot!
Alexander Steinbrecher
02:37:32
The YARA Training from Kaspersky is really great!
Brian Bartholomew
02:37:35
You get Costin all to yourself :)
Nadia Kashchenko
02:39:43
LGPD is Brazilian GDPR
Brian Bartholomew
02:42:38
That hair!
Costin Raiu
02:42:50
For the Kaspersky Yara training: https://xtraining.kaspersky.com/
Brian Bartholomew
02:44:44
Mr Robot @wxs makes an appearance :)
Ivan Kwiatkowski
02:45:04
He does? That's awesome!
Brian Bartholomew
02:45:13
Hes my background ;)
Ivan Kwiatkowski
02:45:24
Oh, I though, in the Yara training
Brian Bartholomew
02:45:25
Someone take a screen and tweet him
Boris Larin
02:45:39
https://github.com/x64dbg/x64dbgida
Boris Larin
02:46:20
https://github.com/bootleg/ret-sync one more
Costin Raiu
02:47:52
very interesting -> https://unit42.paloaltonetworks.com/acidbox-rare-malware/
J A G-S
02:48:13
MILLUM!
Costin Raiu
02:48:27
Very interesting from Brian -> https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
Costin Raiu
02:49:51
check our friends website -> https://www.epicturla.com/
Dani Creus
02:51:04
https://securelist.com/big-threats-using-code-similarity-part-1/97239/
J A G-S
02:53:24
Thank you, gents <3.
Brian Bartholomew
02:54:10
Regarding LightSpy as well: https://securelist.com/ios-exploit-chain-deploys-lightspy-malware/96407/
J A G-S
02:55:48
KTAE is awesome. Actively developing code similarity tools for my own research use, I would kill to have KTAE on site.
J A G-S
03:01:51
I wonder if effective heuristics or live memory analysis tools have or will become a viable thing on linux.
J A G-S
03:01:56
(Non-starter on Mac)
Brian Bartholomew
03:02:35
Damn chickens
J A G-S
03:02:41
The chickens are sabotaging Dan
Brian Bartholomew
03:02:42
Attacked his laptop
J A G-S
03:03:18
Gartner Tesseract of Threats
J A G-S
03:04:05
Tell us your secrets, Brian
Irena Damsky
03:04:21
@ariel only if you speak Portuguese on the 8th level of the OSI
Ariel Jungheit
03:04:42
Working on that!
Ariel Jungheit
03:05:34
Careful dan, the chickens
Brian Bartholomew
03:05:42
Haha rooster does not agree
Brian Bartholomew
03:06:09
Also this is the greatest thing ever invented: https://www.boredpanda.com/plastic-chicken-arms-sparkle-props-letter/?utm_source=google&utm_medium=organic&utm_campaign=organic
Brian Bartholomew
03:07:22
What is Costin’s background?
Irena Damsky
03:08:16
boom! that is the best question yet :)
J A G-S
03:08:44
Is that the lamberts?
Alexander Steinbrecher
03:09:17
Is the session recorded? I missed the Threat Hunting part from Ariel.
Brian Bartholomew
03:09:32
Yes it is
Brian Bartholomew
03:09:37
It will be posted soon
Alexander Steinbrecher
03:09:45
Ok, thanks!
J A G-S
03:09:56
Was the link: trainings.kaspersky.com ?
Elizaveta Shulyndina
03:10:11
https://xtraining.kaspersky.com/
J A G-S
03:10:16
Thank you!
Dan Demeter
03:10:23
xtraining
Brian Bartholomew
03:11:26
I believe the first one is as well yes. But it was a different platform
Elizaveta Shulyndina
03:11:52
The previous session was on BrightTALK, you can watch it here: https://www.brighttalk.com/webcast/15591/414427
Nadia Kashchenko
03:11:57
Are there any other products like KTAE on the market? Who is the rightholder?
Costin Raiu
03:14:24
Nadia - Intezer has a very good product that is similar to KTAE
Renato C
03:14:56
Thanks guys! Really cool topics :)
Brian Bartholomew
03:15:03
Thanks everyone!
Brian Bartholomew
03:15:06
See you next time
Ivan Aleksandrov
03:15:20
Thanks guys it was really interesting ! :)
Noushin Shabab
03:15:38
thanks to all the speakers and the moderator as well