Program Overview

•  US

  A Unique Approach to Threat Intelligence Mapping: A Malware-Centric Methodology to Better Understand the Adversary Landscape

  Deana Shick (CERT/CC, US), Kyle O'Meara (CERT/CC, US)

  Deana is a Member of the Technical Staff at the Software Engineering Institute's CERT Coordination Center (CERT/CC). Deana works on the Threat Intelligence team at the CERT/CC where she researches and analyzes current and emerging threats to national security. Prior to working at CERT/CC, Deana was an International Trade Specialist focusing on EAR and ITAR regulatory processes. She received her B.A. from Duquesne University in International Relations with a Security Studies concentration. In 2014, she completed her M.S. in Information Security Policy and Management from Carnegie Mellon University.

  Kyle O'Meara is a Senior Member of the Technical Staff at the Software Engineering Institute's CERT Coordination Center (CERT/CC). Kyle works on the Threat Intelligence team at the CERT/CC where he researches and analyzes current and emerging threats to national security with a focus on exploits and malware. Most recently Kyle was with FireEye, where he was the lead senior threat analyst for the active cyber defensive program called SHARKSEER. Prior to FireEye, he was with the National Security Agency (NSA) for roughly five (5) years. A NSA he had a few different positions as a cyber-cryptanalyst, six (6) month deployment to Iraq as a media exploitation analyst, and a communication signal analyst. Kyle received his MS form Carnegie Mellon University in Information Security Policy and Management. Kyle also presented at DEF CON 21 in 2012 on a forensic deep dive into self-destructing message applications.

  April 20, 2016 16:00-17:00

  shick-deana-slides.pdf

  MD5: 2f5580518a42e9b68253fa7b6ae29311

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 730.8 Kb

•  US

  An Intro to Statistics and Machine Learning for IR

  Brandon Enright (Cisco, US)

  Brandon Enright is a world-renowned security researcher and self-aggrandizing media whore. When he isn't reverse-engineering malware with his bare hands he's factoring large numbers with nothing more than a deck of cards and a #2 pencil. Some say that with the right regular expression you can read his thoughts straight from /dev/random. Brandon is currently working on a musical screenplay about the emergence of the Mandelbrot set from password entropy.

  April 19, 2016 15:30-16:30

•  MY

  Artificial Intelligence Technique in Incident Response

  Wira Zanoramy Ansiry Bin Zakaria (MyCERT, MY)

  Wira is a Senior Analyst at MyCERT, CyberSecurity Malaysia. He graduated from University of Malaya, Malaysia for his Bachelor’s and Master’s degree. In 2015, he earned a GIAC Certified Incident Handler (GCIH) certification from SANS Institute. He has a few papers published by a scientific journal and conference proceedings, specifically in the area of artificial intelligence, honeypots, incident response and automation. Prior working with CyberSecurity Malaysia, he is a frequent speaker at government agencies and international conferences on the topics of AI and cyber security.

  April 20, 2016 09:00-09:30

•  IE

  Hidden Lynx Refresh: Recent activity, tools and techniques

  Alan NevilleAlan Neville (Symantec, IE)

  Alan Neville is a principal threat research analyst on the Threat Hunter team in Symantec, a division of Broadcom. Alan's main responsibilities include hunting and tracking high profile attacks against Symantec customers.

  April 20, 2016 11:30-12:30

•  NL

  IoT in 2016: a serious overview of IoT today and a technical preview of HoneyVNC

  Yonathan KlijnsmaYonathan Klijnsma (Fox-IT, NL)

  I'm a senior threat intelligence analyst working for a company called Fox-IT part of NCCGroup. Both my work and hobby focus around threat intelligence in the form of malware and campaign analysis. In my spare time I also spend time on security related subjects most of which I present on at conferences or publish about on my personal blog.

  April 20, 2016 09:30-10:30

  klijnsma-yonathan-slides.pdf

  MD5: 907176466a04494368085970cb8e0596

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 4.75 Mb

•  US

  Learning to Hack RFID for Under $500

  Jerry Gamblin (Cisco, US)

  Jerry Gamblin is a pretty decent security evangelist and analyst. He has been featured on numerous blogs, podcasts and has spoken at security conferences around the world and has a passion for helping people and companies become more secure.

  When he’s not helping the world be more secure, you can find him taking his son to swimming lessons or trying to finally learn python.

  April 20, 2016 13:30-14:30

• Multivariate Passive DNS for Investigators

  April 19, 2016 09:30-10:30

  vixie-paul-slides.pdf

  MD5: 368d42b5e19f500989fbacb32d5888e4

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 941.91 Kb

•  US

  NORAD: Automating Security Testing

  Blake Hitchcock (Cisco Systems, US), Brian Manifold (Cisco Systems, US), Roger Seagle Jr. (Cisco Systems, US)

  Blake Hitchcock has been building and breaking web applications for 6 years with Cisco. He loves writing in Ruby, and 'Burp' is not just something he does after a few too many kielbasas. When he's not doing web stuff, Blake enjoys fitness, food, sports, and cheering for his beloved Tennessee Volunteers.

  Brian Manifold has worked as a software/security engineer at Cisco for the past 4 1/2 years. His main areas of interest at work are web development and web security. Outside of work he enjoys playing music, anything CNC related, harware electronics, and spending time with his family.

  Roger Seagle Jr. is a Principal Engineer in the Advanced Security Research & Government team (ASRG) at Cisco. Previously, he worked in Cisco's Advanced Security Initiatives Group (ASIG) where he assessed the security posture of Cisco products and advised product teams on patching and mitigating vulnerabilities. Roger regularly audits embedded systems and web applications, configures and monitors internal production servers, and serves as a technical advisor. Roger holds a PhD and MS degree in Computer Science from the University of Tennessee, Knoxville in Computer Science as well as a BS in Computer Science from Wake Forest University. He currently resides in Knoxville, TN here he enjoys hiking in the Blue Ridge mountains with his wife, son, and hound dog.

  April 19, 2016 10:30-11:30

•  GB

  Security Analytics With ElasticSearch

  Paul Hood (OxCERT, GB)

  April 19, 2016 13:30-14:30

  hood-paul-slides.pdf

  MD5: 7405cef8cce745d79e0cc61d0e5f9827

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 17.55 Mb

•  IT

  Swiss Army Knife for Live Container Analysis (POC and tools)

  Fabio Nigi (IT)

  Fabio Nigi, security investigator @ Cisco SIRT,grew up in Italy, in love with FOSS software and Internet privacy

  April 19, 2016 16:30-17:00

  nigi-fabio-slides.pdf

  MD5: 2f2351168c05167dd48689f385fb48e7

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 3.54 Mb

•  CH

  Swiss NREN protection with DNS RPZ

  Matthias Seitz (SWITCH CERT, CH)

  Matthias Seitz studied computer science at the University of Applied Sciences of Eastern Switzerland. In 2013, he joined SWITCH as a security engineer where he is currently leading a project that introduces DNS RPZ into the Swiss NREN.

  April 19, 2016 14:30-15:30

  seitz-matthias-slides.pdf

  MD5: aa73715aec2cb01be34f82aae30aea4b

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 3.16 Mb

•  US

  Too Much

  Doug Brown (TippingPoint, US), Jeff Arnold (TippingPoint, US)

  Doug Brown, CISSP, CEH, ECSA, GCIH - Senior Manager, TippingPoint Education – with his Bachelor’s in Computer Science, and an MBA in International Business, Doug has spent more then 20 years working in I.T. From HelpDesk, to Server Administrator, Senior Network Engineer, and East Coast Support Manager, he held a variety of roles before changing his focus to Information Security immediately after Y2K. He has worked with SANS as a local mentor, and while with the University of North Carolina, Doug was TippingPoint’s second customer, and his team earned a Network World All-Star award for their work on automated network defenses. Doug joined TippingPoint in 2010 to share his experience with other customers.

  Jeff Arnold, VTSP CCSP MCSE (2K) MCSA NT-CIP Server+ Linux+ Network+ - Show Runner, TippingPoint Education - Jeff has spent 16 years working in I.T. in multiple positions ranging from Technical Support, Server Administrator, Lab Manager, People Manager, Software Engineer and various other roles. Jeff recently came to Tipping Point after 12 years at Dell where he spent time in Tech Support, Data analysis, Web-Programming, and spent 5 years in a training role (Delivery, Development, Project Management, and Lab) and 2 years most recently as a NGCS/IDM Specialist in G500 Sales in the Banking and Securities vertical.

  April 19, 2016 11:30-12:30

• Amsterdam 2016 FIRST TC
  • Program Overview
  • Hotel Information
  • Travel Information