Papers & Presentations

FIRST organizes and participates in many events per year, and lots of papers and presentations offered. Annual Conferences presentations are available to the public 6 months later, while Technical Colloquia presentations and papers are restricted to members only.

FIRST Members may view all the Technical Colloquia presentations when SIGN-IN above.

  • 26th Annual FIRST Conference on Computer Security Incident Handling

    June 22–27, 2014 — Boston, United States

    • A Forensic Analysis of APT Lateral Movement in Windows Environment
    • A Survey of Vulnerability Markets
    • At the Speed of Data: Automating Threat Information to Improve Incident Response
    • Attacks Using Malicious Hangul Word Processor(HWP) Documents
    • Avoiding Information Overload: Automated Data Processing with n6
    • Back to the Roots - Incident Case Study
    • Bitcoin for the Incident Responder
    • Common Vulnerability Scoring System v3
    • Credential Honeytoken for Tracking Web-based Attack Cycle
    • Cyber Security for Board of Directors and Senior Management
    • Cyber Threats Targeting High Level Individuals: Is Your Organization Prepared?
    • Cyber-EXE Polska 2013. Cyber Exercises for Banking Sector - the CERT Role.
    • Developing Cybersecurity Risk Indicators - Metrics (panel)
    • Don’t Panic! Case studies of Incident Response from the Field
    • Enabling Cross-Organizational Threat Sharing through Dynamic, Flexible Transform
    • Enterprise Security Monitoring: Comprehensive Intel-Driven Detection
    • Everyday Cryptography
    • Exfiltration Framework (ExF)
    • First Step Guide for Building Cyber Threat Intelligence Team
    • Identifying the 'Root' Causes of Propagation in Submitted Incident Reports
    • Incident Response Coordination on a Global Scale: Your Assistance is Requested...
    • Investigator of Interest – Our Philosophy of Adaptive Incident Response to Turn the Tables During an Investigation
    • Looking Back at Three Years of Targeted Attacks: Lessons Learned on the Attackers’ Behaviors and Victims’ Profiles
    • Malware\Host Analysis for Level 1 Analysts
    • Managing Your Managed Security Service Provider: Improve Your Security Posture
    • Merovingio: Mislead the Malware
    • National-level Collaborative Multi-Lateral Defensive Framework based on Big Data Analytics Paradigm
    • Network Security Analytics Today
    • Open DNS Resolver Check Site
    • Open Source Software Environment Security Issues
    • Operational CyberThreat Intelligence: 3 Years of IOC Processing at EMC.
    • Our Turbine Got Hacked! - Performing Forensic Investigations of Industrial Control Systems
    • Pass-the-Hash: Gaining Root Access to Your Network
    • pBot botnets: An Overview
    • Playing Hide and Seek with Rootkits in OS X Memory
    • Preparing for the Inevitable Zeroday or What Makes Networks Defendable?
    • Processing Intelligence Feeds with Open Source Software
    • Protecting the Computer from Ring 0 – A New Concept in Improving Incident Response
    • Rogue Pharma in .CO: The 33DRUGS.CO Case
    • Scaling Threat Intelligence Practices with Automation
    • Securing National Segment of the Internet from Cyber-Threats. CERT-UA's Practical Approach
    • Security Operations, Engineering, and Intelligence Integration Through the Power of Graph(DB)!
    • The Art of Sinkholing
    • The Dutch Responsible Disclosure Policy
    • The MANTIS Framework: Cyber Threat Intelligence Management for CERTs
    • Transparency and Information Sharing in Digital Forensics
    • Two-tiered, Multi-team Assessment of CSIRTs
    • Understanding Cyber Security Incident Response Teams as Multiteam Systems
    • Use of Passive DNS Databases in Incident Response and Forensics
    • Using Anthropology to Study Security Incident Respons
    • YARA: Advanced Topics