FIRST - Improving Security Together 9th Annual FIRST Conference - June 2007 - Seville, Spain
You don't need to be a FIRST Member to attend to the 19th Annual FIRST Conference

Supported by

Enisa - European Network and Security Agency

Diamond Sponsor

Platinum Sponsor

Local Host and Gold Sponsor

Gold & Beer 'n Geer Sponsor

Gold Sponsors

CCN-CERT
Enisa - European Network and Security Agency
La Caixa

Internet Sponsor

Network Sponsor

Silver Sponsors

Inteco
Q-CERT

Bronze Sponsors

Hitachi
Patchlink

Daily Global Security News Podcast Sponsor

Conference Program Coordination & USB Stick Sponsor

Conference Program Coordination Sponsor

Ice Breaker Reception Sponsor

Vendor Display & Beer 'n Gear Sponsors

Assuria
Matta
selex communications

Vendor Display

BorderWare
Endeavor Security

Polo Shirt Sponsor

Bags Sponsor

Conference T-shirt Sponsor

Conference Folder Sponsor

Lanyard/Badge Sponsor

USB Stick Sponsor

Security Challenge Sponsor



Program Schedule

Overview

Saturday, June 16th

Train the Trainers Workshop


Sunday, June 17th

Train the Trainers Workshop

Registration

Program Committee Meeting

Welcome Icebreaker Reception


Monday, June 18th

Tutorials

Geek Zone

SIG Meetings

Beer 'n Gear


Tuesday, June 19th

Tutorials

SIG Meetings

Pre-AGM


 

Wednesday, June 20th

Keynote Speakers

Main Conference

Geek Zone

SIG Meetings

Vendor Booths

Conference Banquet


Thursday, June 21st

Keynote Speakers

Main Conference

Geek Zone

SIG Meetings

Vendor Booths

Annual General Meeting (AGM)

Sponsor Reception

Birds of a Feather (BOF)


Friday, June 22nd

Keynote Speakers

Main Conference

Geek Zone

SIG Meetings

Vendor Booths

Conference Closing


FIRST 2007 Security Conference BlogSecuritypro



Facilities

Registration — Triana Foyer

Sunday 14:00—18:00

Monday — Wednesday 08:00—17:00

Thursday — Friday 08:00—14:00


Vendor Booths — Giralda IV & V

Wednesday — Friday 08:00—18:00


Terminal room — Girlada VI & VII

Monday — Thursday 08:00—17:00


Lunch — Restaurant

Monday — Friday 13:10—14:40



Program

Download the conference schedule

schedule-2007.pdf
PDF format, 0.5Mb

Saturday, June 16th


09:00 – 10:50

Workshop

Train the Trainers Workshop

(Members only)

10:50 – 11:20

Morning tea break

11:20 – 13:10

Train the Trainers Workshop (continued)

13:10 – 14:40

Lunch break

14:40 – 16:30

Train the Trainers Workshop (continued)

16:30 – 17:00

Afternoon tea break

17:00 – 18:50

Train the Trainers Workshop (continued)

 Arenal I & II


Sunday, June 17th


09:00 – 10:50

Workshop

Train the Trainers Workshop

(Members only)

10:50 – 11:20

Morning tea break

11:20 – 13:10

Train the Trainers Workshop (continued)

13:10 – 14:40

Lunch break

14:40 – 16:30

Train the Trainers Workshop (continued)

16:30 – 17:00

Afternoon tea break

17:00 – 18:50

Train the Trainers Workshop (continued)

Program Committee Meeting

19:00 – 21:00

Added Attraction

Welcome Icebreaker Reception

 Arenal I & IIMeet at Conference Reception DeskSanta Cruz


Monday, June 18th


09:00 – 10:50
US

Tutorial

Creating and Managing CSIRTs [abstract]

Robin Ruefle [biography] (CERT/CC, US), Georgia Killcrece [biography] (CERT/CC – Carnegie Mellon University, US)

US

Tutorial

Understanding & Analyzing Botnets [abstract]

Jeff Nathan [biography], Jose Nazario [biography] (Arbor Networks, US)

US

Geek Zone

Forensic Discovery [abstract]

Dr. Wietse Z. Venema [biography] (IBM Research – GSAL, US)

USJPUK

Special Interest Group

Law Enforcement / CSIRT Cooperation SIG [abstract]

Chris Painter (Department of Justice, US), Yurie Ito [biography] (JPCERT, JP), Matthew Pemble (Vizuri Limited, UK)

10:50 – 11:20

Morning tea break

11:20 – 13:10
US

Creating and Managing CSIRTs (continued) [abstract]

US

Understanding & Analyzing Botnets (continued) [abstract]

US

Forensic Discovery (continued) [abstract]

USJPUK

Law Enforcement / CSIRT Cooperation SIG (continued) [abstract]

13:10 – 14:40

Lunch break

14:40 – 16:30
US

Creating and Managing CSIRTs (continued) [abstract]

US

Understanding & Analyzing Botnets (continued) [abstract]

US

UNIX/C Programming traps and pitfalls [abstract]

Dr. Wietse Z. Venema [biography] (IBM Research – GSAL, US)

US

Internet Infrastructure Vendors (Vendor SIG)

Gaus . (Cisco Systems, US)

16:30 – 17:00

Afternoon tea break

17:00 – 18:50
US

Creating and Managing CSIRTs (continued) [abstract]

US

Understanding & Analyzing Botnets (continued) [abstract]

US

UNIX/C Programming traps and pitfalls (continued) [abstract]

US

Internet Infrastructure Vendors (Vendor SIG) (continued)

19:00 – 22:00

Added Attraction

Beer 'n Gear

20:00 – 22:00

Added Attraction

FIRST Football Cup

To take part please register with Martijn van der Heide via email: mheide@kpn-cert.nl or at the conference with Francisco Monserrat, Jordi Aquila, Don Stikvoort.

 Conference Room I - Giralda I & IIConference Room II - Santa CruzGeekzone I - Nervion I & IISIG Room - Giralda IIIExhibition Room – Giralda IV & V


Tuesday, June 19th


09:00 – 10:50
US

Tutorial

Creating, Managing and Using a Malware Lab [abstract]

Grant Deffenbaugh [biography], Lisa Sittlerl [biography], Nick Ianelli [biography] (CERT/CC, US)

US

Tutorial

System, Network and Security Log Analysis for Incident Response [abstract]

Anton Chuvakin [biography] (LogLogic, Inc., US)

DESE

Tutorial

Do it yourself: The latest in forensic tools and techniques to examine Microsoft Windows [abstract]

Andreas Schuster [biography] (Deutsche Telekom AG, Group Security, DE), Pär Österberg [biography] (Swedish IT Incident Centre, Sitic, SE)

Added Attraction

Corporate Executive Programme (CEP)

10:50 – 11:20

Morning tea break

11:20 – 13:10
US

Creating, Managing and Using a Malware Lab (continued) [abstract]

US

System, Network and Security Log Analysis for Incident Response (continued) [abstract]

DESE

Do it yourself: The latest in forensic tools and techniques to examine Microsoft Windows (continued) [abstract]

US

Special Interest Group

Common Vulnerability Scoring System (CVSS-SIG)

Gavin Reid (Cisco Systems, US)

13:10 – 14:40

Lunch break

14:40 – 16:30
US

Creating, Managing and Using a Malware Lab (continued) [abstract]

US

System, Network and Security Log Analysis for Incident Response (continued) [abstract]

DESE

Do it yourself: The latest in forensic tools and techniques to examine Microsoft Windows (continued) [abstract]

US

IT-ISAC Tech SIG

Peter G. Allor [biography] (ISS – Internet Security Systems, US)

16:30 – 17:00

Afternoon tea break

17:00 – 18:50
US

Creating, Managing and Using a Malware Lab (continued) [abstract]

US

System, Network and Security Log Analysis for Incident Response (continued) [abstract]

DESE

Do it yourself: The latest in forensic tools and techniques to examine Microsoft Windows (continued) [abstract]

SIG Meetings

19:00 – 22:00

Pre-AGM

 Conference Room I - Giralda I & IIConference Room II - Santa CruzGeekzone I - Nervion I & IISIG Room - Giralda IIISanta Cruz


Wednesday, June 20th


09:00 – 09:10

Conference opening

09:10 – 09:20

Opening Speech

09:20 – 10:00
UK

Keynote Speaker [abstract]

Lord Toby Harris of Haringey [biography] (House of Lords, UK)

10:00 – 10:50
UK

Identity Management Systems: the forensic dimension [abstract]

Peter Sommer [biography] (London School of Economics, UK)

US

Data on Data Breaches: Past, Present, and Future [abstract]

Chris Walsh [biography] (cwalsh.org, US)

NODE

Long term instability of high priority incident response – A system dynamics simulation approach [abstract]

Johannes Wiik [biography], Jose J. Gonzalez [biography] (Agder University, NO), Klaus-Peter Kossakowski [biography] (SEI Europe GmbH, DE)

UK

Geek Zone

A day in the life of a hacker... Things we get up to when nobody is looking, and that keep me awake at night. [abstract]

Adam Laurie [biography] (The Bunker Secure Hosting Ltd., UK)

NL

Special Interest Group

Network Monitoring SIG

Carol Overes, Menno Muller (GOVCERT.NL, NL)

10:50 – 11:20

Morning tea break

11:20 – 12:20
UK

How many RAT's do you know out there? [abstract]

Simon Gunning [biography] (Digilog UK Limited, UK)

US

Inside the Perimeter: 6 Steps to Improve Your Security Monitoring [abstract]

Chris Fry [biography], Martin Nystrom [biography] (Cisco Systems, US)

US

What We Learn From Cyber Exercises, or Not

James N. Duncan (BB&T Corporation, US)

UK

A day in the life of a hacker... Things we get up to when nobody is looking, and that keep me awake at night. (continued) [abstract]

NL

Network Monitoring SIG (continued)

12:20 – 13:10
NL

Provider Practicalities and Paranoia: Modern ISP incident response [abstract]

Scott McIntyre [biography] (KPN-CERT, NL)

US

Taming Packets: The Network Expect Framework for Building Network Tools [abstract]

Eloy Paris [biography] (Cisco PSIRT, US)

DE

Why Protection against Viruses, Bots, and Worms is so hard – Malware seen as Mobile Agents [abstract]

Till Dörges [biography] (PRE-CERT – PRESECURE Consulting GmbH, DE)

UK

A day in the life of a hacker... Things we get up to when nobody is looking, and that keep me awake at night. (continued) [abstract]

NL

Network Monitoring SIG (continued)

13:10 – 14:40

Lunch break

14:40 – 15:40
US

Using Intelligence to Forecast Risk and Allocate Resources: It's Not Hocus-Pocus Anymore [abstract]

Peter G. Allor [biography] (ISS – Internet Security Systems, US)

15:40 – 16:30
NL

The Art of RFID Exploitation [abstract]

Melanie Rieback [biography] (Vrije Universiteit Amsterdam, NL)

UK

Reviewing the VoIP Threat Landscape [abstract]

Peter Cox [biography] (Borderware, UK)

US

Security Risk Management: breaking through technology and market barriers – a real life story [abstract]

Avi Corfas [biography] (Skybox Security, Inc, US)

US

Insider Threat – The Visual Conviction [abstract]

Raffael Marty [biography] (ArcSight, Inc., US)

US

CSIRT Metrics

Georgia Killcrece [biography] (CERT/CC – Carnegie Mellon University, US)

16:30 – 17:00

Afternoon tea break

17:00 – 18:00
PL

Beyond the CPU: Defeating Hardware Based RAM Acquisition Tools [abstract]

Joanna Rutkowska [biography] (Invisible Things Lab, PL)

US

Cyber Fraud Trends and Mitigation [abstract]

Ralph Thomas [biography] (Verisign/iDefense, US)

DE

Assessing Incident Severity in a Network and Automatic Defense Mechanisms [abstract]

Klaus-Peter Kossakowski [biography] (SEI Europe GmbH, DE), Luis Francisco Servin Valencia [biography], Till Dörges [biography] (PRE-CERT – PRESECURE Consulting GmbH, DE)

US

Insider Threat – The Visual Conviction (continued) [abstract]

US

CSIRT Metrics (continued)

18:00 – 18:50
US

Insider Threat – The Visual Conviction (continued) [abstract]

19:30 – 22:00

Added Attraction

Conference Banquet – Hacienda El Visir

 Conference Room I - Giralda I & IIConference Room II - Santa CruzConference Room III - Arenal IGeekzone I - Nervion I & IISIG Room - Giralda III


Thursday, June 21st


09:00 – 09:10

Day Opening

09:10 – 10:00
EU

Keynote Speaker [abstract]

Francisco García Morán [biography] (Director General, DG Informatics, European Commission, EU)

10:00 – 10:50
US

Targeted attacks (spear phishing): A demonstration and analysis of a former Office 0-day vulnerability [abstract]

Robert Hensing [biography] (MSCERT – Microsoft, US)

Software Security: Integrating Security Tools Into a Secure Software Development Process [abstract]

US

Forensics for Managers – Presenting and understanding forensics from the MBA point of view [abstract]

Mr. Ryan Washington [biography] (Crucial Security, US)

ZA

Geek Zone

I know what you (and your company) did last summer... [abstract]

Roelof Temmingh [biography] (Paterva, ZA)

BRES

Geek Zone

Botnet: Creation, usage, detection and eradication

Guilherme Vęnere, Jacomo Piccolini [biography] (CAIS/RNP – Brazilian Academic and Research Network, BR), Francisco Monserrat (IRIS-CERT – RedIRIS, ES)

Special Interest Group

SIG Meetings

10:50 – 11:20

Morning tea break

11:20 – 12:20
UK

The Security needs of the State versus the rights of the individual [abstract]

Bob Ayers [biography] (Chatham House, UK)

IT

Flaws and frauds in the evaluation of IDS/IPS technologies [abstract]

Stefano Zanero [biography] (Politecnico di Milano T.U. & Secure Network S.r.l., IT)

SG

NUS IT Security Landscape [abstract]

Fong Lian Yong [biography] (National University of Singapore, SG)

ES

Privacy matters in directories [abstract]

Javier Masa, Jose Alfonso Accino (University of Malaga, ES), Victoriano Giralt [biography] (University of Málaga, ES)

ZA

I know what you (and your company) did last summer... (continued) [abstract]

BRES

Botnet: Creation, usage, detection and eradication (continued)

NL

Abuse Handling (AH-SIG)

Martijn van der Heide (KPN-CERT – Chairman KPN-CERT, NL)

12:20 – 13:10
UK

Our Own Worst Enemies [abstract]

Frank Wintle [biography] (PanMedia Ltd, UK)

JPUS

Vulnerability Remediation Decision Assistance system

Yurie Ito [biography] (JPCERT, JP), Art Manion [biography], Hal Burch [biography] (CERT/CC, US)

DE

Dealing with Unreliable Software: Exile, Jail, and other Sentences [abstract]

Dr. Bernd Grobauer [biography], Dr. Heiko Patzlaff [biography], Martin Wimmer [biography] (Siemens-CERT, DE)

DE

Using instrumented browser instances for detecting 0-day exploits and filtering web traffic [abstract]

Dr. Heiko Patzlaff [biography] (Siemens-CERT, DE)

ZA

I know what you (and your company) did last summer... (continued) [abstract]

BRES

Botnet: Creation, usage, detection and eradication (continued)

NL

Abuse Handling (AH-SIG) (continued)

13:10 – 14:40

Lunch break

14:40 – 15:40
US

Keynote Speaker [abstract]

George Stathakopoulos [biography] (General Manager of Product Security, Microsoft, US)

15:40 – 16:30
UK

The Benefits of FIRST: How to sell FIRST to your Upper Management [abstract]

Ray Stanton [biography] (BT, UK)

16:30 – 17:00

Afternoon tea break

17:00 – 18:50

Side event

Annual General Meeting (AGM) [abstract]

* Limited to FIRST team members, FIRST liaison members and their invited guests, subject to approval by the Steering Committee

19:00 – 21:00

Added Attraction

Birds of a Feather (BOF)

Sponsor Reception

 Conference Room I - Giralda I & IIConference Room II - Santa CruzConference Room III - Arenal IGeekzone I - Nervion I & IIGeekzone II - Arenal / Nervion IIISIG Room - Giralda III


Friday, June 22nd


09:00 – 09:10

Opening

09:10 – 10:00
EU

Keynote Speaker [abstract]

Andrea Pirotti [biography] (Executive Director, ENISA, EU)

10:00 – 10:50
US

Building a scalable, accurate, actionable Incident Response system [abstract]

Dr. Ken Baylor [biography] (CISSP CISM, VP & CISO Symantec, US)

NZ

Electronic Forensics: a Casefor First responders [abstract]

Dr. Henry B. Wolfe [biography] (University of Otago, NZ)

DE

Technical Evolution of Cybercrime [abstract]

Rolf Schulz [biography] (GNS-Cert, DE)

UK

Geek Zone

Tools and techniques to automate the discovery of zero day vulnerabilities [abstract]

Joe Moore [biography], Mark Rowe [biography] (Pentest, UK)

UK

Geek Zone

Espionage – Reality or Myth? A Demonstration of Bugging Equipment [abstract]

Emma Shaw [biography] (Esoteric Ltd, UK)

Special Interest Group

SIG Meetings

10:50 – 11:20

Morning tea break

11:20 – 12:20
US

SafeSOA: Managing Privacy & Risk In The Global Service Oriented Environment [abstract]

Hart Rossman [biography] (SAIC, US)

SG

Handling Less-Than-Zero-Day Attack – A Case Study [abstract]

Ma Huijuan [biography] (National University of Singapore, SG)

DE

Setting up a Grid-CERT – Experiences of an academic CSIRT [abstract]

Klaus Möeller [biography] (DFN-CERT, DE)

JP

An Internet Threat Evaluation Method based on Access Graph of Malicious Packets [abstract]

Masaki Ishiguro [biography], Hironobu Suzuki (Mitsubishi Research Institute, Inc., JP)

UK

Tools and techniques to automate the discovery of zero day vulnerabilities (continued) [abstract]

UK

Espionage – Reality or Myth? A Demonstration of Bugging Equipment (continued) [abstract]

ES

First Team Members Update Panel

Francisco. (Paco) Monserrat (IRIS-CERT – RedIRIS, ES)

12:20 – 13:10
DE

New Trends and technologies in Identity Theft

Christoph Fisher (BFK Edv-Consulting Gmbh, DE)

US

Unique Challanges for Incident Response in a Grid Environment [abstract]

Aashish Sharma (NCSA-IRST, US), James J. Barlow [biography] (NCSA-IRST – National Center for Supercomputing Applications, US)

ES

The Evolution of Online Fraud [abstract]

David Barroso [biography] (S21sec, ES)

UK

Tools and techniques to automate the discovery of zero day vulnerabilities (continued) [abstract]

UK

Espionage – Reality or Myth? A Demonstration of Bugging Equipment (continued) [abstract]

ES

First Team Members Update Panel (continued)

13:10 – 14:40

Lunch break

14:40 – 15:40
UK

Keynote Speaker [abstract]

Graham Whitehead [biography] (Futurologist, BT, UK)

15:40 – 16:30
FR

WiMAX: Security Analysis and Experience Return [abstract]

Laurent Butti [biography] (France Telecom Orange, FR)

GR

Developing a trusted partnership to prepare a framework for the collection of information security data [abstract]

Carsten Casper [biography] (ENISA, GR)

DE

Experiences with Building, Deploying and Running remote-controlled easily installable Network Sensors [abstract]

Dr. Bernd Grobauer [biography] (Siemens-CERT, DE)

BR

Malware distribution trough software piracy: a case study [abstract]

Jacomo Piccolini [biography] (CAIS/RNP – Brazilian Academic and Research Network, BR)

NL

Provider practicalities and paranoia: Modern ISP incident response – the tooling of incident response at a ISP [abstract]

Scott McIntyre [biography] (KPN-CERT, NL)

UK

Identity theft in the corporate environment – demonstration and hands-on [abstract]

Peter Wood [biography] (First Base Technologies, UK)

US

Artifact Analysis (AA-SIG)

Kevin Houle (CERT Coordination Center, US)

16:30 – 17:00

Afternoon tea break

17:00 – 17:45
UK

Managing Privacy in Network Operations: Learning from the Law [abstract]

Andrew Cormack [biography]

ES

Setting up a governmental CERT: The CCN-CERT case study [abstract]

Carlos Abad [biography] (Spanish National Cryptologic Center (CCN), ES)

TN

Tunisia's experience in establishing the first public CSIRT in Africa, as a case example for developing countries, and some guidelines and schemes for International cooperation [abstract]

Nabil Sahli [biography] (CERT-TCC, National Agency for Computer Security, TN)

NL

Provider practicalities and paranoia: Modern ISP incident response – the tooling of incident response at a ISP (continued) [abstract]

UK

Identity theft in the corporate environment – demonstration and hands-on (continued) [abstract]

US

Artifact Analysis (AA-SIG) (continued)

17:45 – 18:00
UK

How to Join FIRST

Damir (Gaus) Rajnovic (Cisco PSIRT – Cisco Systems Co., UK)

ES

Setting up a governmental CERT: The CCN-CERT case study (continued) [abstract]

TN

Tunisia's experience in establishing the first public CSIRT in Africa, as a case example for developing countries, and some guidelines and schemes for International cooperation (continued) [abstract]

NL

Provider practicalities and paranoia: Modern ISP incident response – the tooling of incident response at a ISP (continued) [abstract]

UK

Identity theft in the corporate environment – demonstration and hands-on (continued) [abstract]

US

Artifact Analysis (AA-SIG) (continued)

18:00 – 18:15

Conference closing note

 Conference Room I - Giralda I & IIConference Room II - Santa CruzConference Room III - Arenal IGeekzone I - Nervion I & IIGeekzone II - Arenal / Nervion IIISIG Room - Giralda III