Conference Program

You may also may check the additional programming for the conference.

This is a working draft agenda. Agenda is subject to change. The program is also available for download in PDF format.

Sunday, June 24th

Pre-Conference
08:00 – 10:00

Registration

10:00 – 17:00

FIRST Hackathon - Melaka Room

14:00 – 19:00

Amazon & FIRST Security Jam - Saboh Room

Registration

14:00 – 20:00

18:30 – 19:00
19:00 – 21:00

Monday, June 25th

SABAH
Management Track
SARAWAKKEDAH+SELANGORPERAK
Workshop
MELAKA
Other Meeting
JOHOR 1+4
SIG Meetings
08:00 – 17:00

Registration

09:00 – 09:45

Opening Remarks

09:45 – 10:45

Keynote: The Evolution of the Cyber Threat, Our Response and the Role of Diplomacy

Christopher Painter (Commissioner, Global Commission on the Stability of Cyberspace)

10:45 – 11:15

VRDX SIG Meeting

10:45 – 12:15

11:15 – 12:15
 AU

The Road to (IR) Nirvana

Rob Lowe (Red Hat, AU)

 US

A Brief History of p0wn4ge: 18 Years and 4506 Incidents

Aashish Sharma (LBNL, US); Jay Krous (Lawrence Berkeley National Lab, US)

 TW

Social Mining of Threat Actor Activities

Fyodor Yarochkin (Trend Micro, TW)

12:15 – 12:45
 US

Learning from chaos, cloud and scale: Netflix SIRT

Alex Maestretti, Swathi Joshi (Netflix, US)

 CR

New Types of Attacks: The Evolution of Ransomware as a Service

Susan Ballestero Rosales (BsidesSJO, CR)

 BR

The Benefits of an Early Warning System in the Brazilian Academic Network

Edilson Lima, Rildo Souza (RNP, BR)

Cyber Threat Intel SIG Meeting

12:15 – 13:45

12:45 – 14:00
14:00 – 15:00
 US

Security Response Survival Skills

Ben Ridgway (Microsoft, US)

 US

Mind Hunter - Adversary Inception

Daniel Hatheway, Levi Gundert (Recorded Future, US)

 EE NL

Exploit Kit Hunting with Cuckoo Sandbox

Andres Elliku (CERT-EE / Estonian Information System Authority, EE); Jurriaan Bremer (Cuckoo Sandbox, NL)

 CH

IPv6 Security

Frank Herberg (SWITCH-CERT, CH)

14:00 – 15:30

Ethics SIG Meeting

14:00 – 15:30

15:00 – 15:30
 FI

Cyber Weather - Situational Awareness Product For Our Non-technical Constituents

Tomi Kinnari (NCSC-FI (National Cyber Security Centre) / Finnish Communications Regulatory Authority, FI)

 JP

Real-time Log Analysis Tool with STIX 2.0

Mariko Fujimoto, Takuho Mitsunaga, Wataru Matsuda (The University of Tokyo, JP)

 CN

The Analysis of DDoS Attack Resources in China

Han-Bing Yan, Hao Zhou, Jian Xu, Tian Zhu (CNCERT, CN)

15:30 – 16:00

Capture the Flag SIG

15:30 – 16:30

16:00 – 16:30
 GB

Incident Management - The Art of Herding Cats

Paul Clayton (BT, GB)

 MY

Proactive Cyber Defense through Attack Modeling and Threat Intelligence

Hamed Khiabani (Experian, MY)

16:00 – 17:00

 LV

Malware Reweaponization - A Case Study

Karlis Podins (CERT.LV, LV)

 PL

Not Just Indicators: Data Processing with n6

Paweł Pawliński (CERT Polska / NASK, PL)

16:00 – 17:30

FIRST Update: Financial & Business Review

16:00 – 17:15

16:30 – 17:30

Metrics SIG Meeting

Tuesday, June 26th

SABAH
Management Track
SARAWAK
Tech./ProdSec./Vul. Track
KEDAH+SELANGOR
Technical Track
PERAK
Workshop
MELAKA
Other Meeting
JOHOR 1+4
SIG Meetings
08:30 – 17:15

Registration

09:00 – 09:15

Opening Remarks

09:15 – 10:30

Keynote: How to Avoid Having a Really Bad Day

Rob McMillan (Research Director, Gartner)

10:30 – 11:00
 AU

Memory Forensics in Incident Response and Threat Hunting

Josh Lemon (Salesforce & SANS Institute, AU)

10:30 – 12:30

Academic Security SIG Meeting

10:30 – 14:00

11:00 – 12:00
 AU US

An Internet of Governments: How Policymakers Became Interested in “Cyber”

Klee Aiken (Director - Community and Capacity Building – APNIC, AU); Maarten Van Horenbeeck (Zendesk, US)

 US

Coordinating Vulnerability Disclosure with Multiple Vendors

Laurie Tyzenhaus (SEI CERT, US)

 NO

Taking the Attacker Eviction Red Pill

Frode Hommedal (Telenor, NO)

12:00 – 12:30
 FI

Motivating to Successful Collaboration with Results

Lasse Laukka (Ericsson PSIRT, FI)

 JP

Removing the Pain From the Repetitive Processing of Vulnerability Reports Using a Vulnerability Ontology

Masanobu Katagi, Takayuki Uchiyama (JPCERT/CC, JP); Masaki Kubo (NICT, JP)

 JP

Discovering Evasive Code in Malicious Websites with High- and Low-interaction Honeyclients

Yuta Takata (NTT-CERT, JP)

12:30 – 13:45
13:45 – 14:45
 LU

Improving Threat Intelligence Platform and Information Sharing by Measuring Real-Time Collaboration in TIP like MISP

Raphaël Vinot (CIRCL, LU)

Mature PSIRTs Need Mature Tools

 PL

Building and Maintaining Large-scale Honeypot Sensor Networks

Piotr Kijewski (The Shadowserver Foundation, PL)

 LU

Reigning in the Raw Power of PyMISP Thanks to Python

Steve Clement (CIRCL, LU)

13:45 – 15:30

14:45 – 15:45
 NO

Outside the Box - Training Through Surprise

Frode Hommedal (Telenor, NO)

 US

“Moving to The Left”: Getting Ahead of Vulnerabilities by Focusing on Weaknesses

Jim Duncan (US)

 US

Deep Dive: Case Study Responding to Intrusions into the US Electric Sector

Jermaine Roebuck, Mark Bristow (DHS Hunt and Incident Response Team, US)

Red Team SIG Meeting

14:30-16:00

15:45 – 16:15
16:15 – 17:15
 TW

Internet Cartography using BGP and the Implications to Data Sovereignty

Fyodor Yarochkin (Trend Micro, TW)

 FI

A holistic approach to ensure product security

Christer Stenhäll (Ericsson PSIRT, FI)

 US

Threat Hunting Techniques at Scale

Dhia Mahjoub, Thomas Mathew (Cisco Umbrella (OpenDNS), US)

 US

Catching Up with Osquery Workshop

Douglas Wilson (Uptycs, US)

16:15 – 17:50

Lightning Talks

16:15 – 17:45

ICS SIG Meeting

16:00 – 17:00

17:15 – 19:15

Vendor Show Case - Basement II Foyer

Wednesday, June 27th

SABAH
Management Track
SARAWAK
Technical Track
KEDAH+SELANGOR
Technical Track
PERAK
Workshop
MELAKA
Other Meeting
JOHOR 1+4
SIG Meetings
08:30 – 15:45

Registration

09:00 – 09:15

Opening Remarks

09:15 – 10:30

Keynote: Jury-Rigging Democracy: The Crazy, Sad Saga of Election Security in the U.S.

Kim Zetter (Cybersecurity Journalist and Author)

10:30 – 11:00
 MY

What’s Up DOCX?: Malicious Office Document Evolution Study

Mahmud Ab Rahman (Netbytesec sdn bhd, MY)

10:30 – 12:30

Vulnerability Coordination SIG Meeting

10:30 – 12:30

11:00 – 11:30
 CR MY

Civil Society Under Attack - Trends and Tactics

Daniel Bedoya (Access Now, CR); Szeming Tan (Security Consultant, MY)

 CZ

Patchwork : From One Malicious Document to Complete TTPs of a Medium Skilled Threat Actor

; Jaromir Horejsi (Trend Micro, CZ)

 US

Why is CTI Automation harder than it needs to be.. and what can security teams do about it.

Allan Thomson (LookingGlass CERT – LookingGlass Cyber Solutions, US)

11:30 – 12:30
 US

Preparing the Village - Lessons Learned in Cross-Industry Vulnerability Disclosure

Phillip Misner (Industry Consortium for the Advancement of Security on the Internet (ICASI), US)

 GB

Behind the Scenes of Recent Botnet Takedown Operations

Director David Watson (The Shadowserver Foundation, GB)

 IN

Securing your in-ear fitness coach: Challenges in hardening next generation wearables

Sumanth Naropanth, Sunil Kumar (Deep Armor, IN)

12:30 – 13:45

Passive DNS Exchange SIG Meeting

13:00 – 14:00

13:45 – 14:15
 BE

Free BugBounty as a CERT

Emilien Le Jamtel (CERT-EU, BE)

 RU

Banks and Russian Speaking Adversaries

Alexander Kalinin (CERT-GIB (Group-IB), RU)

 DE

Detect & Respond to IoT Botnets as an ISP

Christoph Giese (Telekom Security, DE)

 NO

Semi-Automated Cyber Threat Intelligence (ACT)

Dr. Martin Eian (mnemonic, NO)

13:45 – 16:45

14:15 – 15:15
 TH

Scaling Up Security to the Whole Country

Martijn van der Heide (ThaiCERT, TH)

 US

Crawl, Walk, Run: Living the PSIRT Framework

Mark Stanislav (Cisco (Duo Security), US)

 MY

Things Attack: Peek into an 18-month IoT Honeypot

Tan Kean Siong (The Honeynet Project, MY)

Lightning Talks

14:15 – 16:00

Vendor SIG Meeting

15:15 – 17:00

19:00 – 22:00

Thursday, June 28th

SABAH
Management/Privacy Track
SARAWAK
Technical Track
KEDAH+SELANGOR
Technical Track
PERAK
Workshop
MELAKA
Other Meeting
JOHOR 1+4
SIG Meetings
08:30 – 17:00

Registration

09:00 – 09:15

Opening Remarks

09:15 – 10:30

Keynote: Lessons Learned From a Man-in-the-Middle Attack

Frank Groenewegen (Chief Security Expert, Fox-IT) & Erik de Jong (Chief Research Officer, Fox-IT)

10:30 – 11:00
 IN

Hands-on exploitation and hardening of wearable and IoT platforms

Sumanth Naropanth, Sunil Kumar (Deep Armor, IN)

10:30 – 12:30

11:00 – 12:00
 GB

Don't Ignore GDPR; It Matters Now!

Thomas Fischer (Independent, GB)

 IT

Malvertising: an Italian Tale

Andrea Minigozzi, Antonio Rossi (Leonardo Spa, IT)

 US

What’s in a Name? The Need for Global Identifiers of Badness.

Richard Struse (The MITRE Corporation, US)

Traffic Light Protocol SIG Meeting

11:00 – 12:00

12:00 – 12:30
 US

What was in that Data?

Gant Redmon (IBM Resilient, US)

 LU

A little tour in the world of password stealers

Paul Jung (Excellium Services, LU)

 GB

The Andromeda Botnet Takedown

Benedict Addis (Shadowserver / Registrar of Last Resort (RoLR), GB)

12:30 – 13:45

Big Data SIG Meeting

12:45 – 14:45

13:45 – 14:15
 FI

Security and Privacy Incident Response at Ericsson

Thomas Grenman (Ericsson, FI)

 US

Determining the Fit and Impact of CTI Indicators on your Monitoring Pipeline (TIQ-Test 2.0)

Alex Pinto (Niddel (a Verizon Company), US)

13:45 – 14:45

 US

TLP to IEP Evolution: What, Why & How

Tom Millar (US-CERT, US)

13:45 – 14:45

 JP

Red Team vs Blue Team Tabletop Exercise and Random Scenario Creation Using Cards

Chiyuki Matsuda (DeNA Co., Ltd., JP); Mitsuru Haba (Canon Inc., JP); Satoshi Yamaguchi (NTT, JP); Takashi Kikuta (transcosmos Inc., JP); Yoshihiro Masuda (Fuji Xerox Co., Ltd., JP); Yusuke Kon (Trend Micro Inc., JP)

13:45 – 15:15

Lightning Talks

13:45 – 15:15

14:15 – 14:45
 GB US

Panel: Q&A on Privacy

Andrew Cormack - Moderator (Jisc, GB); Gant Redmon (IBM Resilient, US); Thomas Fischer (Independent, GB)

14:45 – 15:15
 CH

Managing Risks Through Taxonomies

Dr. Serge Droz (Open Sytems AG, CH)

 MY

Practical Integration of Threat Intelligence and CSIRT Processes to Accelerate Efficiency and Timely Response of Incidents: Malaysia CERT Case Study

Sharifah Roziah Mohd Kassim, Syazwan Hafizzudin Shuhaimi (CYBERSECURITY MALAYSIA, MY)

 JP

Multi-dimensional Malware Similarity will let you Catch Up with Malware Developers

Koji Yamada, Ryusuke Masuoka, Toshitaka Satomi (Fujitsu System Integration Laboratories, JP); Kunihiko Yoshimura (Fujitsu System Integration Laboratories Limited, JP)

15:15 – 15:45
15:45 – 17:45

Annual General Meeting (FIRST Members Only) - Sabah Room

Friday, June 29th

SABAH
Management Track
KEDAH+SELANGORMELAKAPERAK
Workshop
SARAWAK
Other Meetings
08:00 – 11:00

Registration

08:30 – 08:45

Opening Remarks

08:45 – 09:45

Keynote: 30 years on...why are we still needed more than ever?

Paul Jackson (Managing Director, Kroll)

09:45 – 10:00
 US BE

STIX2/TAXII2 Workshop

Allan Thomson (LookingGlass CERT – LookingGlass Cyber Solutions, US); Richard Struse (The MITRE Corporation, US); Trey Darley (New Context, BE)

09:45 – 12:30

10:00 – 10:30
 MY

Collaborative National-level Incident Response Model to Address Large-Scale Data Breach Attack in Malaysia

Farah Ramlee (Cybersecurity Malaysia, MY); Kilausuria Abdullah (CyberSecurity Malaysia, MY); Sharifah Roziah Mohd Kassim (CYBERSECURITY MALAYSIA, MY)

 US

Professionalizing the Field of Cybersecurity Incident Response

Tom Millar (US-CERT, US)

10:00 – 11:00

 SG

Attacker Antics: Illustrations of Ingenuity

Bartosz Inglot, Vincent Wong (FireEye, SG)

10:00 – 11:00

10:30 – 11:00
 HR

Creating NIS Compliant Country in a Non-regulated Environment, Case Study Croatia

Jurica Cular (ISSB, HR)

11:00 – 12:00
 JP

Bridging Cultures: Collaboration of the US/Global and Japanese Financial Communities

Natsuko Inui (Financial Services Information Sharing and Analysis Center (FS-ISAC), JP)

 US

Exposing Crypto Phishing BulletProof Hosting

Artsiom Holub (Cisco Talos, US); Austin McBride (Cisco Umbrella, US)

 GB

Emotet Malware

Neil Fox (BT Security, GB)

12:00 – 12:45

Closing Remarks & Raffle Drawings

12:45 – 13:45
14:00 – 18:00

13th Annual Technical Meeting for CSIRTs with National Responsibility (invitation only)

SARAWAK

18:00 – 19:30

13th Annual Technical Meeting for CSIRTs with National Responsibility Reception (invitation only)

Saturday, June 30th

SARAWAK
Other Meetings
08:00 – 17:00

13th Annual Technical Meeting for CSIRTs with National Responsibility (invitation only)

SARAWAK