Program Overview

Overview

• January 25th (Sunday)
  TF-CSIRT Steering Committee Meeting (Invitation Only – details TBD)
• January 26th (Monday)
  TF-CSIRT Closed Meeting (Invitation Only) – morning
  TF-CSIRT Open Meeting – afternoon
  Social Event
• January 27th (Tuesday)
  FIRST TC
• January 28th (Wednesday)
  FIRST Hands On Courses (Limited Participation Available)

• Actionable information for security incident response

  Mr. Cosmin CIOBANU

  January 26, 2015 14:30-15:00

  laspalmastc-20150126-cosmin_ciobanu-actionable_information_security_incident_response.pdf

  MD5: 8bad1570ef070416b8528d2ec82b3637

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.7 Mb

• Agile Security

  Mr. Tilmann HAAK (XING)

  Security in agile software development, esp. Scrum and Kanban and Agile methods for security teams, based on past two year's experience.

  January 27, 2015 13:30-14:15

  laspalmastc-20150127-tilmann_haak-agile_security.pdf

  MD5: 2b0f1b4d6c4f38592944df425a570fd8

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 830.96 Kb

• Cyber-EXE Georgia Project

  Mr. Miroslaw MAJ

  Cyber exercises organised by my organisation together with CERT.GOV.GE - the Georgian governmental CERT.

  January 27, 2015 11:00-12:00

  laspalmastc-20150127-miroslaw_maj-cyber_exe_georgia_project.pdf

  MD5: 09a787e1260678383a0b57878ee91230

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.77 Mb

• INTECO-CERT Team Update

  Javier BERCIANO (INTECO-CERT)

  Recent changes on INTECO and INTECO-CERT, including new constituencies and specialized services for different constituencies

  January 27, 2015 16:00-16:15

  laspalmastc-20150127-javier_berciano-inteco_cert_team_update.pdf

  MD5: a1d4d2b0e1364fbf3e32b0e0defe89a4

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 984.68 Kb

• Intro to Open Electronic Identity

  Hillar AARELAID (CERT-EE), Martin PALJAK (CERT-EE)

  Hands on training of open source electronic identity components, from blank programmable smart cards to end-user applications and their use in daily activities.

  January 28, 2015 13:00-14:30

• KYPO capture the flag game

  Mr. Jakub CEGAN (CERT-MU)

  Requirements for each participant: own laptop with Chrome web browser (at least version 38) Requirements for local organizers:

  • one projector
  • connectivity 1 Mbps per participant
  • good quality last mile access point

  January 28, 2015 09:00-10:30

• Monoculture - Is it working?

  Mr. Damir ‘Gaus’ RAJNOVIC (Panasonic)

  The monoculture concept in the context of computer security is introduced in the article “CyberInsecurity: The Cost on Monopoly,” by Dan Geer, et al. In it the authors argue that if an organization depends solely on a single vendor, any security problem affecting that product will affect the entire organization. The corollary is that diversification will improve the security of an organization. A simplistic interpretation of the monoculture argument is to buy products, which will perform the same function, from different vendors.

  This talk will examine whether the solution to the monoculture argument is universally valid. Assumption underpinning the monoculture argument is examined and the fallacies found in these assumptions are presented. It will be show that commercially developed products, presumably independently developed, have common points of failure.

  January 27, 2015 15:30-16:00

  laspalmastc-20150127-gaus-monoculture_is_it_working.pdf

  MD5: 65eebd364e00ab25d61d5d9e8b2fd1ba

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 2.69 Mb

• Radically Open Security: Smashing the Stack for Fun and Non-profit

  Dr. Melanie RIEBACK (Radically Open Security)

  Radically Open Security is the world's first not-for-profit computer security consultancy company. We're a collective of hackers who aim to disrupt the computer security market with our ideals - we give 90% of our profits to charity (the NLnet Foundation), work with volunteers, release all our tools/templates into the open-source, invite customers to actively participate in pentest teams, and generally optimize for openness, transparency, and community service. This talk will discuss our unconventional business model and highlight some of our currently running research projects (S-box, OSAS).

  January 27, 2015 14:15-15:00

  laspalmastc-20150127-dr_melanie_rieback-smashing_stack_fun_non_profit.pdf

  MD5: 702b85dfac94e95b76b096677039a6b2

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 2.36 Mb

• RTIR

  Mr. James MCLOUGHLIN, Mr. Lee HARRIGAN

  January 26, 2015 15:50-16:10

  laspalmastc-20150126-james_mcloughlin_alexander_talos_zens-automation_wg_handout.pdf

  MD5: e560aedf6736837607109b70472611e9

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.16 Mb

• What you could learn form a major breach by a hacktivist group seeking publicity

  Mr. Oleksiy KUZMENKO (UNDP)

  Proposed case study presents the life-cycle of a high severity incident as it unfolds from initial detection to complete remediation and the way it was handled by the UNDP CSIRT. Presented incident involves critical and highly visible corporate web application which confidentiality has been breached by a hacktivist group seeking publicity. The presentation includes technical details on the incident triage and scoping, evidence discovery and analysis, development of investigative leads as well as containment and eradication actions. The case study establishes the root causes of the incident along with its impact and costs to the organization. It also discusses attacker's tactics and techniques common to this type of incidents as well as possible pitfalls handling such incidents including non-technical challenges like interaction with mass-media. The study shares lessons learned as a result of this incident for the benefit of other CSIRTs allowing more efficient handling of similar incidents.

  January 27, 2015 09:45-10:30

• Las Palmas 2015 FIRST/TF-CSIRT TC
  • Program Overview
  • Hotel Information
  • Travel Information
  • Things to do