Kaspersky Security Analyst Summit (SAS) Conference

Foued SAIDI Lv5
  2025-11-06 19:56:56 2025-11-06 19:56:56 Created   2025-11-06 20:25:48 2025-11-06 20:25:48 Updated    

Overview

In this blog post, I will be sharing my personal experience of how I qualified with my team PwnSec to participate in the 3rd edition of Kaspersky SAS Conference CTF (Capture the Flag) against/with some of the best people in the world.

PwnSec team photo
PwnSec team photo

PwnSec team photo
PwnSec team photo

Whoami?

This is Foued SAIDI (a.k.a. 0xkujen), I work as a Senior Penetration Tester within Intrinsic-Security at Doha, Qatar.

I am a very active CTF player with my team PwnSec.

I have had some cool international CTF experiences across my very short career:

  • Cyber Security Awareness Week (CSAW) Jeopardy-Style CTF Finals (2023) [Top 8] and Hack My Robot (2024) [2nd Place] organized by New York University Abu Dhabi (NYUAD) in Abu Dhabi, UAE.
  • GITEX Global Finals CTF [Top 10] in Dubai, UAE.
  • GISEC Global Cyber Drill (138 countries, 11 Guinness World Records) [Top 7 and Top 4 representing Tunisia] in Dubai, UAE.
  • Hack The Box Business CTF 2025 (including Microsoft, Cisco, Paypal, Synacktiv,…) [7th place / 796].

And a lot other participations both locally and internationally.

I am also:

  • Hack The Box Elite Hacker [best: Top 60 WorldWide and Top 1 on Tunisia]
  • Technical Manager for SecuriNets -first cyber security association in Tunisia- for 2 years, authored and organized 15+ CTFs, performed 50+ workshops and conference talks.
  • CRTP, CRTE, CADPenXv2 and CARTP certified.

Kaspersky Security Analyst Summit (SAS) overview

The Security Analyst Summit (SAS), organized by Kaspersky since 2009, is an annual event renowned for its unique atmosphere that fosters information sharing on the most sophisticated cyberthreats and showcases cutting-edge research and new technologies. In 2024, the event brought together 120 esteemed IT security researchers, representatives from global law enforcement agencies, academics, and government officials from 30 countries from around the globe.

The Kaspersky SAS Conference started having its international CTF (Capture the Flag) Finals last year in 2024 by running Kaspersky CTF 2024 Quals where Bushwhackers team has been victorious in the Kaspersky CTF 2024 Finals that took place in Bali, Indonesia.

Kaspersky continued hosting the CTF competition in 2025 through its Kaspersky CTF 2025 Quals .

However, they have also added a new qualifier round named Kaspersky {CTF} where the top winner from each region (MENA, Europe, Asia, Russia, North/South America and Caribbean) will get to participate in the Kaspersky CTF 2025 Finals that took place in Khao Lak, Thailand.

PwnSec CTF team

PwnSec team
PwnSec team

PwnSec is a rising star in the international Cyber Security scene. The team was founded in 2022 at Amman, Jordan and has rapidly climbed the ranks from #206 in 2023 to #42 globally in 2025 (at the time of this post) over 18,500 team WorldWide! With more than 50 competitions per year -both locally and internationally-, PwnSec has built a reputation for consistency, technical depth, and teamwork.

Today, PwnSec is proud of its diverse, international fabric with over 50 team members across 14+ nationalities (Jordan, Tunisia, Vietnam, Morocco, Egypt, Poland, Algeria, etc.).

The team’s members are active contributors to the broader security community, publishing research and write-ups across multiple platforms and even organizing their own CTF event, PwnSec CTF. (Stay tuned for our team CTF soon!)

The team has also recently been selected in the first ever Hex-Rays CTF Team Sponsorship Program to recognize and support standout teams in the global Capture The Flag (CTF) community.

Each sponsored team receives:

  • IDA Expert-6 licenses for their team
  • Funds for traveling to in-person CTFs (500+$)
  • Team + Hex-Rays co-branded swag
  • Participation in the Hex-Rays Power User Feedback and Beta Program
  • And more…

Total sponsorship value is $45,000+ per team!!

You can read the official Hex-Rays announcement here .

Sneak Peak: our team will become ranked 1st on the world in a couple of years inshalah, stay tuned for it!

Kaspersy SAS - Qualification stage

Held for the first time on August 30–31, 2025, the online international cybersecurity competition Kaspersky {CTF} will determine five winning cybersecurity teams from around the world over 5 regions (MENA, Europe, Asia, Russia, North/South America and Caribbean) to participate in the Kaspersky CTF 2025 Finals .

The 5 winning teams were:

  • Ganesh from the University of São Paulo, Brazil
  • Pinely, the Netherlands
  • SolidAll from Solid Group, Russia
  • PwnSec, the UAE
  • Odin from ENKI WhiteHat, South Korea.

PwnSec team happily got 1st rank on the MENA region and 4th place WorldWide in this qualifier round.

Qualification round
Qualification round

Qualification round
Qualification round

Right after we qualified, we knew we had to get right into finals preparations!

Now with that qualifier round done, the finals lineup was settled:

  • C4T BuT S4D (Russia) : 4th WorldWide (2024)
  • PIG SEKAI (Collaboration between r3kapig [China] and Project Sekai [International]) : 2nd & 5th WorldWide (2025)
  • SKSD (Indonesia) : 16th WorldWide (2024)
  • dtl (Russia) : 28th WorldWide (2024)
  • SPRUSH (Russia) : 79th WorldWide (2024)
  • Infobahn (International) : 8th WorldWide (2025)
  • thehackerscrew (International) : 6th WorldWide (2025)
  • BunkyoWesterns (Japan) : 13th WorldWide (2025)
  • PwnSec (International) : 42nd WorldWide (2025)
  • Ganesh (Brazil) : 36th WorldWide (2025)
  • Pinely (The Netherlands)
  • SolidAll (Russia)
  • Odin (South Korea) : 57th WorldWide (2024)

Finals preparations

This was the first time PwnSec CTF team qualified for an international CTF competition finals oversees. The team did not have much experience in Attack Defense CTFs before (except for a few members).
Therefore, a lot of preparations had to be done in order to be able to perform well during the finals.

Attack/Defense CTF

An Attack/Defense is a standardized format of cyber competition involving real-time offense and defense:

Overview

  • Teams receive identical custom services
  • Secure your services while exploiting others’
  • Maintain service uptime
  • Balance between attack and defense strategies

Services

Each team is provided with custom-built services:

  • Dockerized environments
  • Various programming languages and frameworks (rust, python, go, etc.)
  • Contain intentional vulnerabilities (e.g., SQL injection, XSS, SSRF, Game Hacking etc.)
  • Exploit vulnerabilities to extract flags.

Gameserver

The central system managing the competition:

  • SLA checker runs every tick (usually 90-120 seconds).
  • Places flags, retrieves previous flags, validates service operation.
  • Publishes list of flag IDs for live flags.
  • Flag IDs are unique identifiers (e.g., username, post ID).

Scoring

Points are awarded based on attack and defense success:

  • Gain points by stealing and submitting flags.
  • Lose points when your flags are stolen or your service are down/unhealthy.
  • Earn points for passing service availability checks.
  • Balance offensive and defensive actions for maximum score.

Strategy

Effective strategies for success:

  • Automation is key.
  • Execute exploits against all other teams
  • Collect and analyze network traffic on your services by acquiring network dumps for analysis.
  • Identify and counter exploits used by other teams.

Team Preparations

Since our team did not have pre-built tools prior, we had to do a lot of research for techniques used by the best teams out there so we could have an equal chance at winning. Some of the researched and developed tooling:

  • Automated service archiving and download for offline source code analysis and binary reversing.
  • Automatic source code patching through whitelisting/blacklisting IP addresses (which failed eventually because the IP addresses are masceraded to the same NAT address).
  • Automated exploitation/flag submission framework by only supplying one exploit code to it.
  • Automated firewalling/defense tool for regex matching and blocking of malicious payloads that extract the flags.
  • Automated network dumping to pcap files for received attacks simulation.
  • And many more..

Atmosphere of oversees participation

The Kaspersky SAS Conference was held in Khao Lak, Thailand at the JW Marriott Khao Lak Resort & Spa .

This was my first time ever travelling to Thailand, it was a smooth flight there since Kaspersky provided us with full accommodation, transportation and flight tickets through a direct Qatar Airways flight.

We were also welcomed by the onsite team when we arrived to Phuket International Airport.

Airport
Airport

Kaspersky SAS event

Day 0 - Arrival at the hotel

We arrived late at night (10h30 PM) so there was not really much to see, so the team just went to sleep so we could be in good shape in the morning for the finals.

The hotel after was really beautiful: a lot of green, mountains, beaches and amazing architecture. And as you know, we as cyber security people need to touch some grass from time to time !

Hotel
Hotel

Hotel
Hotel

Day 1 - Attack/Defense CTF

PwnSec team photo
PwnSec team photo

At the beginning of the event, before the start of the finals at 09:00 AM, we were provided with our team T-shirts and badges -which were SO COOL- . Since the theme of the event was Grand Theft Auto (GTA) Vice City, so the badges were like the chains worn by CJ haha. Here’s a cool picture captured of me by the media team:

Foued
Foued

We were also provided with a cool swag package at the end with lots of cool stuff:

Swag
Swag

Once inside the conference room where the CTF will be played, we were provided with ethernet RJ45 cables for smooth internet connection and we were sent the VPN configuration files so that we could connect to the infrastructure through WireGuard .

1st Hour - Setup

In Attack/Defense CTFs, the first hour is always destined for envrionment setup where we will get access to our vulnerable Box to setup our tools, test connectivity, etc.

Although we were provided 40mn and not 1h due to some late start by the organization, it was all good.

You could feel the tension in the room, everyone came there to win and not play around. This kind of events just pushes you to the limits.

2nd Hour -> End of CTF

During this CTF, we were provided with 4 services:

  • 2girls1flag: LLM hacking challenge.
  • Gatekeeper: Web + Binary exploitation challenge.
  • gta-rp: Game hacking (Minecraft).
  • onlyChess: Web exploitation + Crypto challenge.

The start of the competition was a bit slow, it took around 1h for the first team to get first blood on 2girls1flag LLM challenge. Later other teams followed (including us).
The exploit was basically utilizing malicious prompt injection payloads to make the LLM give you back its secrets, one of them containing the flag.

To defend this service, teams had to whitelist/blacklist specific prompts from getting their secrets.

The onlyChess was a chess platform where participants can challenge eachother and have a private discussion. The exploit path was to get the encryption of the private messages between players and leverage that to decrypt the private messages eventually.

Unfortunately, we were not successful in hacking the other two challenges.

The atmosphere was so tense, playing against the best and top players in the world, seeing exploits flying realtime while any round you miss could result in you dropping so far in the leaderboard. For the first few hours, we were bouncing between the 3rd and 8th place on the scoreboard.

Scoreboard
Scoreboard

The competition was so thrilling because you had to focus on :

  1. Exploiting services.
  2. Defending your machine and patching your services.
  3. Analayzing network dumps to get an idea of what other teams are doing.
  4. Keep your services up and healthy so you dont get penalized.

Unfortunately, at the end of the CTF, we did not get the result we were hoping for.
This was our first time participating as a team and oversees in a competition at such high scale against the best in the world.

However, we are coming back, and we are coming back stronger to win it next year Inshalah!

Day 2 - Conference Day

The second day was all about Conferences and talks, which might I say, were AMAZING.

This is the official list of talks:

Session1
Session1

Session2
Session2

Session3
Session3

Session4
Session4

The talks were truly fruitful, I attended almost 3/4 sessions before getting so tired.
There was 0 days talks, CVE talks, OT exploitation, Threat Hunting, Hardware hacking, Microsoft exploitation (as usual haha), and much much more.

The speakers were modest, explained well, and had a good sense of humor.
These are some picture I took during the talks:

Talks
Talks

Talks
Talks

Talks
Talks

Talks
Talks

Talks
Talks

Talks
Talks

Talks
Talks

And of course, we had to take a team photo since we found our friend ryuk (best reverser I know) who is playing with his other team SKSD (who amazingly got 2nd place!) from Indonesia!

Team Photo
Team Photo

Day 3 - Departure Day

Already on the third day, the team was super tired after an amazing 2 days at the event. We did not do much except from having a good breakfast and chilling.

I am also very happy that we got to meet many teams from different countries and cultures, like:

  • Bunkyo Westerns from Japan
  • SKSD from Indonesia
  • Odin from South Korea
  • Pig Sekai (international)

Everyone was so friendly, and the most important things is that we exchanged stickers !

At the end of the day, it was time to head back to the airport and eventually land at home, Doha.

Takeaways & Lessons learned

Truly, the event was one the best I have attended in my life.
From the amazing competition, to competing against the best, to attending actually fruitful and realistic talks, to connecting with like-minded people and touch some grass (truly needed that haha).

What did I learn from all of this?

  • Automation is key -> no automation makes you lose time.
  • Very new cool techniques for becoming evasive and for correctly capturing, identifying and blocking malicious requests and attacks.
  • Time management is brutal, if you waste time at stuff and don’t talk it over before the event you will be truly lost.
  • Alongside all the cool stuff I learned from the experienced speakers.

However, the most important thing I feel I learned here is:

If you want to become the best, you have to get beaten by the best, and then you will become the best.

No one came to the finals overnight, each team has at least 5-7 years of experience in CTFs and Attack/Defense alone.

Not only that, all of the teams have members who are very good at what they are doing:
Some work at Google, Microsoft, IBM X-Force..

Most of the people are 0-day & CVE holders, doing hacking all day and really rocking it out there.

Being there not only motivated me to go back and win Kaspersky SAS CTF next year, but to also get better at what I am doing. There is no time to lag behind.

And that is exactly why I love going to events: it will make me want to become better, push harder, go beyond my limits as nothing holds me back.

After each event, I go back home dreaming of getting my first 0-day, CVE, winning at pwn2own, and much more haha. And I truly believe I will get there one day Inshalah. If you believe it, truly believe it, you can get it.

It is also very important in my opinion to keep going to such events at a young age and profiting to the max, since responsibilities increase with age.

Future Events

Inshalah I will be participating in International Cyber Security Challenge (ICC) .

This event is basically the World Cup in the world of Cyber Security.

Continents representatives will be going head-to-head in a brutal battle of both Jeopardy-style and Attack/Defense for over 18-hour of continuous hacking.

I will be representing the continent of Africa and my dear country Tunisia against the rest of the world.

Stay tuned for the ICC blog post :)

Conclusion

Kaspersky was one the best events worldwide, inshalah I am planning on going back next year to it.

It is very important to try and stay as motivated and as updated as possible in the realm of Cyber Security.

And one last thing:

PwnSec are coming, and they are coming in hard. We will become number 1 on the whole world. So be ready!

  • Title: Kaspersky Security Analyst Summit (SAS) Conference
  • Author: Foued SAIDI
  • Created at : 2025-11-06 19:56:56
  • Updated at : 2025-11-06 20:25:48
  • Link: https://kujen5.github.io/2025/11/06/Kaspersky-Security-Analyst-Summit-SAS-Conference/
  • License: This work is licensed under CC BY-NC-SA 4.0.
On this page
Kaspersky Security Analyst Summit (SAS) Conference
  1. Overview
  2. Whoami?
  3. Kaspersky Security Analyst Summit (SAS) overview
  4. PwnSec CTF team
  5. Kaspersy SAS - Qualification stage
  6. Qualification round
  7. Finals preparations
    1. Attack/Defense CTF
    2. Team Preparations
  8. Atmosphere of oversees participation
  9. Kaspersky SAS event
    1. Day 0 - Arrival at the hotel
    2. Day 1 - Attack/Defense CTF
    3. Day 2 - Conference Day
    4. Day 3 - Departure Day
  10. Takeaways & Lessons learned
  11. Future Events
  12. Conclusion