by Chris Gibson, CEO of FIRST
Thursday, April 28th, 2022
I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.
The three-day conference provided many learning opportunities and talking points for incident response and security team attendees. Techniques shared mainly focused on adapting existing common capabilities to handle new unique challenges surrounding incident detection. There was an emphasis that we do not necessarily need to make significant investments in new technology to make the internet safe for everyone.
We were grateful to have Dr. Paul Vixie, (Internet Hall of Fame 2014) join us in Amsterdam. Vixie's presentation, entitled Going Dark, painted a disturbing picture of the future of internet protocols - especially around the QUIC protocol. His presentation covered how new configurations have resulted in network operators not being able to detect endpoint behavior changes corresponding to infection, takeover, poisoned software update, latent design dangers, predaceous grooming, insider corruption, or hundreds of other well understood digital harms.
Vixie called out two recent IETF RFCs – 7258 & 8890. These focus on increasing end-user privacy at the expense of the network operators' ability to monitor traffic."Behavioral security was weak, but it was all we had left to secure our managed private networks. IETF is removing behavioral security from the practitioner's toolbox for political reasons. We must all pay attention to this and prepare," said Vixie.
How I Built the Most Efficient Deepfake Detector in the World with $100, a presentation by Matthis Hammel, a tech evangelist at CodinGame, was another interesting talk. Hammel said, "Thanks to a global cache on deepfake generator http://ThisPersonDoesNotExist.com, I built an index which can determine with 100% precision whether a given picture is a deepfake generated on this website, and can even recover the exact creation time. It is especially useful during investigations related to social media since most deepfake profile pictures on social bots are generated through this process."
Lindsay Kaye (Recorded Future) and James Niven (Future) gave their insights during Dark Malware Wars: DarkSide Strikes Back as BlackMatter, "We wanted to tell a complete threat intelligence story about how to track ransomware threat actors like BlackMatter - as defenders, we have to focus on not only the technical aspects of these groups - their malware - but also the HUMINT that goes along with it."
Overall, the key discussion points from the event were:
I would like to personally thank the organizers of this event, Jeff Bollinger (LinkedIn), and Gavin Reid (Human). I concur with Reid's call for the attendees and the incident response and security team industry, in general, to agree to stop the victim shaming that has become common on Twitter and in our community when an incident occurs.
The conference was 100% free to all attendees. This inclusiveness was made possible by the goodwill of the companies that supported and sponsored it - CoreLight, FalconfForce, HackDefense, Human, LinkedIn, NetAbstraction, and Recorded Future.
It was incredible to see so many from our industry get the chance to meet again, collaborate and make new connections - we hope that the rest of the world will follow soon, and we look forward to welcoming you to our Annual Conference in June. Next year's TC will take place April 2023