TheSAS2025

#TheSAS2025 recap: quick numbers and video! 🏆 Three standout speakers tackling everything from mercenary spyware to enterprise PAM attacks to printer vulnerabilities 💫 23 stunning talks 🥃 59 shots consumed by speakers and hosts on stage 🌍 210 guests from 25 countries: reverse engineers, incident responders, pentesters, OT researchers, LEA reps, and journalists all under one roof 🚗 One 1998 Mercedes S-Class transformed into street art on stage (and the afterparty that followed) 🎬 Enough with the numbers — trust us, the video tells the real story!

couldn't ask for a better partner in crime at #TheSAS2025 stage. Check out our full research, uncovering #GhostCall and #GhostHire of #Bluenoroff here: securelist.com/bluenoroff-apt…

had an absolute blast attending my first ever #TheSAS2025 in Khao Lak, Thailand. production quality of the entire conference was out of this world incredible. this is defo a must return event regardless of location, though I am partial to SEA. next year I plan to CFP🥃

Share some pictures of #theSAS2025. Really good conference, highly recommended

It’s a wrap! The organizer gang… err… team thanks every speaker, sponsor, and delegate for being part of #TheSAS2025. We’re looking forward to seeing you next year — with more bombshell research, stunning views, and the same unique atmosphere! We encourage speakers to post their slides and additional materials with our hashtag, and we’ll do our best to make them more visible to the community.

Every #TheSAS2025 participant already knows who the best speakers were this year. However, the world deserves to know too. 🥇 The best cocktail of deep research and lively presentation this year was delivered by none other than Peter Geissler (@bl4sty) himself. His talk on TrueTy… er… Taste The Failure was a smashing success. 🥈The second place goes to Boris Larin (@oct0xor) for his research on new Hacking Team malware. 🥉The third most loved talk yesterday was a thrilling trip inside Symantec’s PAM, skillfully delivered by Paolo Cavaglià (@Paupu_95). Well done, everyone! Looking forward to more stellar research in 2026!

Announcing the #TheSAS2025 #CTF winners! Congratulations to @C4TBuTS4D for taking the absolute win in the A/D and first-blooding 2 of the 4 services, including the trickiest one. Kudos to SKSD and dtl for their well-deserved 2nd and 3rd places. Every team received a check with a different sum written on it, but we feel the share of the crowd’s love was equal for every winner.

Amazing talks and networking at #TheSAS2025. Case dismissed (for now). Time for more (beer) networking :) Thanks everyone attending and reading!

It was truly an honor to be part of #TheSAS2025 as a speaker! I and Omar (@beacon_exe) shared some juicy insights from our extensive research on #BlueNoroff's #GhostCall and #GhostHire campaign, part of #SnatchCrypto. You can find our research below. ✅ securelist.com/bluenoroff-apt…

Think that dream job offer is legit? Think again. 💼👻 At #TheSAS2025, Omar Amin & Sojin Ryu reveal how fake recruiters in the 'Ghost Hire' campaign are tricking targets with malware disguised as skills tests. The cost? Millions stolen. Don't get ghosted. Catch the full story on Securelist: kas.pr/kkk2

We have only 10 minutes for this one, so let’s be quick. How many Britney songs will @IgNavarro1 mention in his #TheSAS2025 talk? DM us your answer to get something nice tonight! UPD: Time's up!

Browser extensions are an underestimated threat. Athanasios Giatsos explains how they work and why defenders should have a deeper understanding of this attack vector. Spoiler alert: Manifest V3 didn't stop the attacks (as usual). This #TheSAS2025 talk is very practical.

Omar Amin and Sojun Ryu of @kaspersky GReAT dissect BlueNoroff's elaborate scam in their #TheSAS2025 talk. The scheme combines sophisticated social engineering with many clever tactics to trick victims into installing infostealers. The attack flow blends legitimate services like Calendly and GitHub with fake Zoom updaters or malicious scripts delivered via ClickFix and other tricks. No wonder this APT cluster manages to steal billions.

Yuval Nativ showcases how to apply classic intelligence analysis methodologies to TI, based on recent public leaks. The main point is that TI is not just audits and logging—there are many assumptions, biases, and unknowns to account for. #TheSAS2025.

We wouldn’t say #TheSAS2025 backgrounds are just a piece of art (we think they are, but we’re humble), but they are not random at all and are worthy of attention.

Paul Pajares (@paulpajares) of INTERPOL shares some interesting details on the inner workings of their Cyber Fusion Center within the Cybercrime Directorate. His #TheSAS2025 talk details how they coordinate between LEAs and private partners like @kaspersky to organize operations as big as Operation Serengeti 2.0. The joint effort led to the arrests of 1,200+ criminals and the recovery of almost $100M USD in stolen funds, not to mention thousands of takedowns!

The @fuyinglab team shares their findings on targeted DDoS attacks against Chinese AI server infrastructure. In addition to being strategic with targets and timing, attackers employ clever tricks to overload AI servers with computationally heavy inference requests. The use of OpenNIC and other tactics significantly reduces attackers' exposure to takedowns and forensic investigations. #TheSAS2025

So, Symantec/Broadcom PAM seems to contain code in PHP, Java, and Perl simultaneously. Guess how many issues are hiding there? @Paupu_95 keeps the tension high, and we still don’t know the answer. This #TheSAS2025 talk is quite thrilling.

A fresh batch of TI on SPECTRALVIPER malware usage in cyberattacks targeting Vietnam's financial sector has emerged. It's unusually sophisticated, with tricks like deriving C2 communication parameters from the implant's location on the disk. @_vyaien8 shares all the details in his #TheSAS2025 talk.