November 12, 2025

Welcome to SAS City 2025!

Hi folks!

Phew! Another year – and another Security Analyst Summit wrapped. This time is was – ooh, let me see: yes, the 16th edition of the event, and it was held in the Thai resort village of Khao Lak (here) – about a hundred kilometers north of Phuket.

In case you don’t know already, SAS is a one-of-a-kind security conference – very different from the usual, more buttoned-up, corporate events in the field. It actually started out as a gathering for our internal team – back when our own group of experts was growing and becoming more global. As it did, it made perfect sense to bring everyone together in person once a year: so the team members could get acquainted, interact face-to-face, and share their impressive research and investigations with each other. And it turned out to be a brilliant idea.

Eventually, someone (clearly thinking ahead) suggested we should invite outside cybersecurity experts, and so we began to welcome colleagues from other companies and organizations too. And slowly but surely, year after year, SAS grew into what it is now – a global conference for top analysts that still manages to maintain a bit of a party spirit. Here we allow ourselves to bend the rules a little, play, break from tradition, and do things our own way. But more than that, SAS has kept its club-like, invite-only character: a special expert committee decides who gets to attend. This has helped preserve its more open, candid atmosphere, where folks feel comfortable sharing more than they would at a typical IT security event.

Every year we pick a unique theme for the event – something well-known, lighthearted, and fun. For instance, last time we went with an outer-space theme – hosting both a Russian cosmonaut and an American astronaut (SAS-2024), and the year before that it was all about Indiana Jones (SAS-2023). You get the picture. This year, we built SAS City – inspired by the video game GTA: Vice City (which, by the way, was released just over 23 years ago!) ->

I’ve never actually played Grand Theft Auto, but I do like the game’s aesthetic, and it suited our conference perfectly ->

And the “big city chase” theme actually resonates rather well, since the life of a cybersecurity researcher is all about missions, quests, leveling up, and the pursuit of new knowledge. We’re on the good side – not just in it out of curiosity, but also in the name of protection and ethics. Unfortunately, it’s an endless race, and even the top experts sometimes need a break. SAS is the perfect place for that – a chance to cut loose, share plenty of laughs, relax, and dive deep into cybersecurity. It’s a refreshingly unpolished event filled to the brim with high-quality content and folks who genuinely love what they do.

This year we had 210 participants from 25 countries join us to blow off some steam, connect, and take the stage themselves. Welcome to SAS City!…

The check-in and registration area:

Handing out the badges:

The badges were especially creative this year:

Confidential – so no comment:

Time to get started. The event décor this year was easily an 11 out of 10 ->

The hall was ready, the guests were arriving, and something interesting was about to begin…

Just four minutes and 32 seconds to go till kickoff…

Zero seconds! And we’re off!…

For the official opening our lead expert Dmitry Galov took to the stage:

He was then pretty much the main host for the entire event – which is no small feat! I’ll explain why shortly…

I also managed to say a few welcome words myself:

As always, the presentations were amazing, with the energy high both on stage, backstage, and in the halls!

We welcomed researchers, reverse engineers, pentesters, jailbreakers, law enforcement folks (including from INTERPOL), business and government representatives, and 10 journalists from all over the world.

In total: 23 talks and 27 speakers on stage in a single day:

And 59 celebratory shots of something strong were duly supped – a naughty tradition of ours! :)

Detail regarding the tradition: after each talk, both presenter and host do a shot together! (Yes – Dmitry can hold his own: respect!) ->

Here’s Dmitry still managing to emcee perfectly well ) ->

A few more great photos:

With such a packed program, there was never a dull moment. The speakers were outstanding; these are folks who don’t just read about vulnerabilities – they live and breathe the subject. Notable talks included:

– A deep dive into how dashcams can be hijacked and used for cyberattacks (which turned out just like a thriller!)

– A session on how a single zero-day vulnerability can lead to a gigantic automotive-sector supply-chain hole

– Findings from research into Kia’s head units – there was plenty to study there, too

– A speaker from DARKNAVY showed how something as innocent as “seamless synchronization” in smartphones can be a goldmine for attackers

Also:

– A tale that really makes you think about how safe (or not) browser extensions and smart devices are

– A tale of targeted attacks on Chinese AI platforms

– Details of a sophisticated campaign by the Bluenoroff group that went after both data and cryptocurrency

…And much more. There was simply no time to get bored!

And just when you might think it couldn’t get more fun, an old 1998 S-class Mercedes, bought right here in Thailand, rolled onto the stage – driven by British pro racing driver Jann Mardenborough! ->

We had a great chat about all sorts of things, including automotive cybersecurity:

And I just have to mention what took place the day before SAS-2025: the finals of the Capture The Flag (CTF) cyber competition (for which a whopping 1600 teams (!) from 90 countries (!!) participated in the qualifiers). Details. Pics ->

Ninety participants across eight international teams took part in the SAS CTF finals. The prize pool was $18,000 – not the largest, but still prestigious! The competition was fierce right up to the end:

The CTF moderators:

Come evening, we all headed to the gala dinner together!

I won’t show you the abundance of photos of the many professional entertainment acts on stage (honestly, after a hundred or so, they all start to blur together), but I must show you the happy faces of the prizewinners.

Thanks to our sponsors who helped with the event’s generous budget:

And now for the best speakers. The experts at the conference voted these three talks the winners:

– Peter Geissler (independent researcher) on how an attack on printers – and then the respective corporate network – can start with… a custom font (a TTF file, to be precise)

– Our own Boris Larin from the GReAT team speaking on the successors of Hacking Team

– Paolo Cavallia (from the company Shielder), presenting “Ransomware Gangs’ Wet Dream” – on 13 vulnerabilities in Broadcom’s privileged access manager (PAM platform)

And the SAS CTF winners:

Congrats!

Oh, and what happened to the old Mercedes after its star turn at the conference? It got wheeled to the gala dinner, where the crowd – armed with cans of spray paint – went to town on it until it was completely unrecognizable ->

They offered me a can of paint too – but I declined. I had a different idea. I mean, if the car is officially ours now, and painted like that, why not take it for a spin?…

And that’s exactly what I did – for about 80km from the conference hotel to the next stop on my trip across Thailand! ->

When we passed through a police checkpoint near Phuket, they just looked at us, smiled, and waved us on!…

And since we never pass on the opportunity to blend work and pleasure, we also took our guests on boats out to the Similan Islands in the Indian Ocean:

Work hard, play hard – that’s our motto :)

Sail Rock:

I climbed up it, of course ->

Then back onto the boats…

Yes – it was a belter, from start to finish.

After every SAS I think, “well, it can’t possibly get any better than this.” But every time, it somehow does! Huge thanks to the organizers, participants, speakers, and everyone involved. The amount of world-class expertise that goes into this event is incredible. It really is something special.

And of course, I’m already looking forward to the next SAS with even more curiosity and anticipation!

Feeling nostalgic for past conferences? Here’s the list:

2009: Dubrovnik, Croatia

2010: Limassol, Cyprus

2011: Malaga, Spain

2012: Cancun, Mexico

2013: Puerto Rico, U.S.A.

2014: Punta Cana, Dominican Republic

2015: Cancun again

2016: Tenerife, Spain

2017: St. Maarten, the Caribbean

2018: Once more, Cancun

2019: Singapore

// The 2020 and 2021 SAS conferences were held online due to covid, and in 2022 there was no SAS for obvious reasons

2023: Phuket, Thailand

2024: Bali, Indonesia

And that’s all for today folks, and that’s all about SAS for another year!…

READ COMMENTS 0
Leave a note
Facebook

November 11, 2025

Finally – Easter Island and its mysterious stone statues!

Back in school, I think my favorite books were those hefty tomes all about geography, travel, and the world’s remotest corners. That early fascination really took root in my mind and has stayed with me ever since – as you can see in this blog! Over time, some of those geographical – on-paper – discoveries […]

November 6, 2025

Altai – done; Kamchatka – here we come!

Hi folks! I’ve said it many times before, but it bears repeating: to me, Kamchatka is the most beautiful place on Earth! It’s a truly magical world of volcanoes, hot springs, geysers, bears, and so much more. Aside from the region’s famously unpredictable (and rarely friendly) weather, every trip here is just awesome. Awesome – […]

November 5, 2025

Altai trip photo-potpourri: a review of what the cameras did see.

And so, our Altai-Katun rafting adventure was coming to its inevitable end, and so is my Altai-Katun series of posts detailing it. All that’s left to do is share the most interesting photos that I don’t think I’ve shown here before. If I have – apologies for the repeats. So, in this final installment to […]

November 1, 2025

The Katun’s “Stumps”: tall waves, whirlpools, and a “toadstool” that pumps!

Continuing the tales of our Altai summer adventure – next up, we’re edging down the Katun with the final stretch fast approaching… Today’s rapids – the Teldekpen Rapids, aka “the Stumps” (here) – which, in high water, are probably the most difficult, unpredictable, and genuinely dangerous of the whole river. But let’s start from the […]

October 31, 2025

Onward we dash – down the rapids called Shabash.

After a full day of downtime given the incessant rain, the following morning, finally, we were able to get back on the Katun. Which we were reeeaaally keen to do since, turns out, without a steady stream of outside stimuli to jolt the nervous system, modern big-city office types like us get rather down. Another […]

October 29, 2025

More from the Katun: the Ilgumen Rapids and rainy gloom.

Hi folks! Another day – another spot of rafting in Altai!… After a thrilling day of whitewater rapids on the Chuya, we were back on the Katun river. By this point we’d already done the Cheeks, the Akkem Rush, and the Chuya’s Turbine and Horizon rapids. Next up – yet more exciting aquatic adventures: great! […]

More

Travel Vlog

You might also like…