Program Overview

The FIRST Technical Colloquium (TC) event will be held in 28-31 January 2013 at LNEC in Lisbon, Portugal. This is a joint event of FIRST and TF-CSIRT hosted by CERT.PT/FCCN.

Please note: the program schedule is not in its final version, adjustments will occur.

Overview

January 28th (Monday)Return to overview

TF-CSIRT Meeting/FIRST TC
09:30 – 13:00

Trusted Introducer Meeting - TI-accredited CSIRTs and TI Review Board members only

13:15 – 14:15

Lunch

14:15 – 17:15

38th TF-CSIRT meeting/FIRST TC

20:00 – 23:00

Social Event

January 29th (Tuesday)Return to overview

FIRST/TF-CSIRT Seminar
09:15 – 09:30

Welcoming Remarks

09:30 – 10:00

Where automation ends and people begin

Gavin Reid (Cisco Systems)

10:00 – 10:45
GB

Challenging appliances

Damir Rajnovic (Panasonic, GB)

10:45 – 11:15

Break

11:15 – 13:15
US

Arming Security Investigators

Chris Fry (Cisco Systems, US) , Matthew Valites (Cisco)

13:15 – 14:15

Lunch

14:30 – 15:00

Team Cymru's CSIRT Assistance Program or "How we're winning back the Internet"

Dave Monnier (Cymru)

15:00 – 15:45

Static and Dynamic Analysis of iOS Apps for Vulnerabilities

Ken Van Wyk (KRvW Associates, LLC)

15:45 – 16:45

Vulnerability Management, CYBEX Standards and Automation

Joao Collier de Mendonca (Senior Security Advisor at Deutsche Telekom CERT)

16:45 – 17:05
PT

Effectively detection of intrusions using business process specifications

João Lima (INOV INESC Inovação, PT) , Nelson Escravana (INOV INESC Inovação, PT)

17:05 – 17:15

Closing remarks

January 30th (Wednesday)Return to overview

FIRST Hands-On Classes
09:30 – 13:00

NeIC Security Training

Leif Nixon (European Grid Infrastructure)


TBD


Forensic Investigation & Malware Analysis against Targeted Attack using Free Tools

Hiroshi Suzuki (IIJ-SECT, JP) , Takahiro Haruyama (IIJ-SECT, JP)

13:15 – 14:15

Lunch

14:15 – 17:45

NeIC Security Training

Leif Nixon (European Grid Infrastructure)


TBD


Forensic Investigation & Malware Analysis against Targeted Attack using Free Tools

Hiroshi Suzuki (IIJ-SECT, JP) , Takahiro Haruyama (IIJ-SECT, JP)

January 31st (Thursday)Return to overview

FIRST Hands-On Classes
09:30 – 13:00

iOS app security for incident handlers

Ken Van Wyk (KRvW Associates, LLC)


DE

Memory Analysis Update - Volatility v2.2

Andreas Schuster (Deutsche Telekom AG, DE)


TBD

13:15 – 14:15

Lunch

14:15 – 17:45

iOS app security for incident handlers

Ken Van Wyk (KRvW Associates, LLC)


TBD

Notes to January 30th (Wednesday)

  • The NISHA project consortium (www.nisha-network.eu), will have a co-located workshop Wednesday (all day) . There is no cost for this workshop but participants must register separately at http://www.surveymonkey.com/s/T383SPZ. Deadline for registration is 21 January 2013 and space is limited.
  • TRANSITS Training will also be taking place Wednesday morning and RTIR in the afternoon. More details for these invite only sessions will be available shortly.
  • Incident Handling Requirements Analysis roundtable will be held Wednesday – 09:00-17:00. See the sign-up sheet at the registration desk. Space is limited.
    Agenda
    1. CERT Incident Handling Requirements Analysis
    2. Vision for a future for ABUH
    3. Open Q&A with Ah-joys, what to expect from ABUH

Call for Speakers

FIRST is also looking for speakers that would like to present during FIRST/TF-CSIRT Sessions and for the FIRST Hands-On Classes. This is a GREAT opportunity to give something back to FIRST, and some suggested topics are as follows:

  • Lessons learned, case studies, etc.
  • Threat updates - statistics of malware and such
  • Attack tools and trends
  • Incident response tools and trends and security technologies

For your submission, please provide the following information to first-lisbontc@first.org:

  • Title
  • Brief Summary (Abstract)
  • Presenter's Name and Affiliation
  • Estimated Time

For the Hands-On day, we are looking for presenters to lead a demonstration or a hands-on exercise. Each instructor is expected to prepare their own material and to bring their own equipment and attendees are expected to bring their own laptop computers and power converters/adaptors. Instructors should expect to work with groups up to 20-30 students. The duration of each demo or exercise should be 2-3 hours, so that it can be run once in the morning and once in the afternoon or may be a full day program. Please advise whether you need any additional equipment or facilities.

If you're interested in speaking or instructing a Plenary Session or Hands-on class, please get in contact with Margrete Raaum (first-lisbontc@first.org) or Jacomo Piccolini (jacomo@cymru.com).