Program overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Aug 22-24, 2007.

Nevertheless, there will be additional events adjacent to the TC in order to reach to the non-FIRST members as well. These are the local Malaysian workshop and regional meetings and discussions.

Wednesday, August 22^nd
Plenary and Panel Sessions
Thursday, August 23^rd
Plenary and Panel Sessions
Friday, August 24^th
Hands-on Session 1
Hands-on Session 2
Hands-on Session 3
Hands-on Session 4

Wednesday, August 22^nd

	Plenary and Panel Sessions
08:30 – 09:00	Registration
09:00 – 09:30	Opening Ceremony
09:30 – 10:00	Critical National Information Infrastructure: National Cyber Response Plan CyberSecurity Malaysia
10:00 – 10:30	QCERT CNII Initiatives QCERT
11:00 – 11:30	Cyber999 CyberSecurity Malaysia
11:30 – 12:00	Digital Forensics in the wake of eCrime Sivanathan Subramaniam (CyberSecurity Malaysia)
12:00 – 12:30	Product Evaluation: Common Criteria Wan Roshaimi Wan Abdullah (CyberSecurity Malaysia)
14:00 – 14:30	FR WOMBAT: a Worldwide Observatory of Malicious Behaviors and Attack Threats Corrado Leita (Institut Eurecom, FR)
14:30 – 15:00	SpamPots CERT.br
16:00 – 16:30	SCADA Security Kegan Kawano (Industrial Defender Inc.)
16:30 – 17:00	AU A DDoS attack on AusCERT - a case study Robert Lowe (AusCERT, AU)
17:00 – 17:30	Challenges in Mobile Network Security Mohamad Nizam Kassim (CyberSecurity Malaysia)
17:30 – 18:30	Reception

Thursday, August 23^rd

	Plenary and Panel Sessions
08:30 – 09:00	Registration
09:00 – 09:30	Botnet Investigation CyberSecurity Malaysia
09:30 – 10:00	Automatic anomaly detection using NfSenwe Werner Schram (SURFnet-CERT)
10:00 – 10:30	Botnet Herder JPCERT
11:00 – 11:30	FR SGNET: a distributed deployment to automatically handle code injections Corrado Leita (Institut Eurecom, FR)
12:00 – 12:30	JP Live data collection tool for First responder Akio Mukaiyama (NTT-CERT, JP)
14:00 – 14:30	Information Security Awareness Video CERT.br
14:30 – 15:00	Outreach: Making security matter to all Philip Victor (CyberSecurity Malaysia)
15:00 – 15:30	JP Targeted Attacks in Japan Koichiro Komiyama (JPCERT/CC, JP)
16:00 – 16:30	CVE Resolver tool Erika Suortti (CERT-FI/FICORA)
16:30 – 17:00	P2P Network Observation using Crawling Method HIRT Japan
17:00 – 17:30	Closing and Wrap Up

Friday, August 24^th

	Hands-on Session 1	Hands-on Session 2	Hands-on Session 3	Hands-on Session 4
08:30 – 09:00	Registration
09:00 – 10:30	ES Malware Analysis Francisco Monserrat (FIRST.org, ES)	AU Live Windows Data Collection Robert Lowe, Zane Jarvis (AusCERT, AU)
11:00 – 12:30	ES Malware Analysis Francisco Monserrat (FIRST.org, ES)	AU Live Windows Data Collection Robert Lowe, Zane Jarvis (AusCERT, AU)
14:00 – 15:30			NL SURFids overview Jan van Lith (SURFnet); Wim Biemolt (SURFnet, NL)	AU Windows Event Log for Investigators Jackie N. Kuang (EDS, AU)
16:00 – 17:30			NL SURFids overview Jan van Lith (SURFnet); Wim Biemolt (SURFnet, NL)	AU Windows Event Log for Investigators Jackie N. Kuang (EDS, AU)

AU
A DDoS attack on AusCERT - a case study
Robert Lowe (AusCERT, AU)

Robert Lowe joined AusCERT in June 2003 as a Computer Security Analyst. His work in the AusCERT coordination centre has included incident response, analysis of computer security threats, trends and vulnerabilities, delivery of AusCERT training courses and general system programming and administration tasks. Prior to joining AusCERT Robert was a Senior Client Services Engineer for an Internet gambling software provider. Robert's previous experience includes Sun Solaris and Oracle administration, C++ and Java development, training, as well as application integration and support. Robert graduated from the University of Technology, Sydney in 1999 with a Bachelor of Science (Computing).

August 22, 2007 16:30-17:00
Botnet Investigation
CyberSecurity Malaysia

Adli Wahid is a Senior Internet Security Specialist at APNIC. He has been involved in the CSIRT community for more than 10 years. His previous role includes leading Malaysia CERT (MyCERT) and working for a CERT in the financial sector. Adli is also serving board member of FIRST.Org

August 23, 2007 09:00-09:30
Cyber999
CyberSecurity Malaysia

Adli Wahid is a Senior Internet Security Specialist at APNIC. He has been involved in the CSIRT community for more than 10 years. His previous role includes leading Malaysia CERT (MyCERT) and working for a CERT in the financial sector. Adli is also serving board member of FIRST.Org

August 22, 2007 11:00-11:30
Information Security Awareness Video
CERT.br

Marcelo Chaves is a Security Analyst at CERT.br, the Brazilian National CERT, maintained by NIC.br, from the Brazilian Internet Steering Committee. He has a degree in Computer Science, and a Masters in Applied Computing, focused on network security, by the National Institute for Space Research (INPE). Marcelo worked as an incident handler and currently is more involved with R&D, specially with the development of tools, based on honeypots and honeynets, to better understand current attack trends, correlating this data with incidents reported to CERT.br.

Marcelo has been a speaker in several national and international events, talking about many different information security topics, including incident handling, honeypots, online fraud, and spam.

August 23, 2007 14:00-14:30
AU
Live Windows Data Collection
Robert Lowe (AusCERT, AU), Zane Jarvis (AU)

Robert Lowe joined AusCERT in June 2003 as a Computer Security Analyst. His work in the AusCERT coordination centre has included incident response, analysis of computer security threats, trends and vulnerabilities, delivery of AusCERT training courses and general system programming and administration tasks. Prior to joining AusCERT Robert was a Senior Client Services Engineer for an Internet gambling software provider. Robert's previous experience includes Sun Solaris and Oracle administration, C++ and Java development, training, as well as application integration and support. Robert graduated from the University of Technology, Sydney in 1999 with a Bachelor of Science (Computing).

Zane Jarvis is a Senior Information Security Analyst with AusCERT. He has been with AusCERT since July 2007. Zane has experience in Windows System Administration and development of Applications for Windows, for local government, private sector and defence.

Live Windows Data Collection focused on the acquisition of data from a powered-on suspect Windows system, combined with powered-off data collection for detection of intrusion, misuse and malware.
August 24, 2007 09:00-10:30, August 24, 2007 11:00-12:30
ES
Malware Analysis
Francisco Monserrat (FIRST.org, ES)
Francisco "Paco" Monserrat is the Security Coordinator of RedIRIS (the Spanish Academic and Research Network) and he is a FIRST member since 1997. During the last few years, he has worked actively on the TF-CSIRT, iniromoting the cooperation among CSIRTs in Europe.

Paco has spoken on various conferences and his activities focus on Forense Analysis, criptography and Computer Security Incidents Response Teams.

How to find malware associated to a botnet and perform a behavior analysis of the binaries and how to investigate and find the bot password. During the class students will perform analysis of several malware files.

This will be a hand-on presentation in which students must practice with several malware specimens. Students must bring their own laptops that must be able to:
- Run a Virtual machine with Windows XP/200X. - Run a Linux virtual machine (provided by the instructor)
It's recommendable that the laptop has also a DVD reader , in order to copy additional files to the laptop. Laptops must preferably run a Vmware or other virtual machine system that is able to execute virtual machines in the x86 platform, it's possible to use a Mac, but we could not guarantee the execution with the other virtual environments.

Students must install a virtual machine environment (vmware , http://www.vmware.com ) provides a 30 day license copy of VMware workstation, and setup a Windows XP /200X virtual machine in it.

The Linux Virtual machine, and additional software will be provided in the class.
August 24, 2007 09:00-10:30, August 24, 2007 11:00-12:30
P2P Network Observation using Crawling Method
HIRT Japan

Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.

August 23, 2007 16:30-17:00
SpamPots
CERT.br

Marcelo Chaves is a Security Analyst at CERT.br, the Brazilian National CERT, maintained by NIC.br, from the Brazilian Internet Steering Committee. He has a degree in Computer Science, and a Masters in Applied Computing, focused on network security, by the National Institute for Space Research (INPE). Marcelo worked as an incident handler and currently is more involved with R&D, specially with the development of tools, based on honeypots and honeynets, to better understand current attack trends, correlating this data with incidents reported to CERT.br.

Marcelo has been a speaker in several national and international events, talking about many different information security topics, including incident handling, honeypots, online fraud, and spam.

August 22, 2007 14:30-15:00
NL
SURFids overview
Jan van Lith (SURFnet), Wim Biemolt (SURFnet, NL)
To provide the institutions connected to SURFnet a better insight in malicious traffic SURFnet developed the SURFids service. An easy to deploy and manage distributed Intrusion Detection System (IDS). During this demo/tutorial some subjects that will be addressed are the kind of (automatic) reports this service can generate, multiple VLAN support and the sandbox analysis. Also the latest features of SURFids will be shown, such as Layer-2 detection (ARP spoofing/poisoning) and argos.

It will be mainly a live demonstration. Participants can turn their laptop in a IDS sensor if it is capable of booting from usb stick.
August 24, 2007 14:00-15:30, August 24, 2007 16:00-17:30
JP
Targeted Attacks in Japan
Koichiro KomiyamaKoichiro Komiyama (JP)

Koichiro Sparky Komiyama is the Director of the Global Coordination Division at JPCERT/CC, the Japanese Computer Emergency Response Team. His current focus are norms in cyberspace, confidence building and capacity building in developing countries.

He has worked as a security analyst and led the gathering of security information and publishing multiple security alerts and advisories at JPCERT/CC. Prior to joining JPCERT/CC, he worked as a systems engineer for Internet Security Systems (IBM ISS), where he was in charge of enterprise IDS/IPS system operations.

In 2014-2018, he served as a member of the Board of Directors of FIRST, the global Forum for Incident Response and Security Teams. From 2017, he also works for the Global Commission on the Stability of Cyberspace, a multi-stakeholder forum aims to propose norms and policies to enhance international security and stability. He holds a Ph.D. in Media ang Governance from Keio University.

August 23, 2007 15:00-15:30
AU
Windows Event Log for Investigators
Jackie N. Kuang (EDS, AU)
his class will focus on information gathered from the Windows Event Log and all tools for the hands-on will be shared via thumb drives. Links for tools download will be also provided.

Students are encouraged to have a virtual windows system to play with the tools.
August 24, 2007 14:00-15:30, August 24, 2007 16:00-17:30