Program Overview
The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Oct 20-23, 2009.
Nevertheless, since this will be a joint event with other CSIRT initiatives in the region, there will be additional events adjacent to the TC in order to achieve non-FIRST-members as well. The event is the Security Workshop.
Tuesday, October 20th
| Security Workshop - 5th Colaris (Day 1) |
|---|
| 08:30 – 09:00 | Registration |
| 09:00 – 09:30 | Security Workshop Official opening |
| 09:30 – 10:15 | US The essential role of incident response in secure software development Kenneth R. van Wyk (KRvW Associates, LLC, US) |
| 10:15 – 10:45 | Coffee Break |
| 10:45 – 11:30 | CL Seguridad en cl: una mirada desde NIC Chile Fermin Uribe (NIC Chile, CL) |
| 12:15 – 13:00 | MX Microsoft Incident Response Process Roberto Arbelaez (Microsoft Latinamerica, MX) |
| 13:00 – 14:30 | Lunch |
| 14:30 – 15:15 | CL La Prueba Tecnologica en Juicio Lorena Donoso (U. Chile, CL) |
| 15:15 – 16:00 | CL Crimen y ciberespacio E. Maldonado (Brigada del Cibercrimen, Policia de Investigaciones, CL) |
| 16:00 – 16:30 | Coffee Break |
- AR
Attacker-centric risk assessment and metrics
Ezequiel Gutesman (Core Security Technologies, AR), Fernando Miranda (Core Security Technologies, AR)
In this talk we propose a risk assessment paradigm which uses the attacker's point of view. Our proposal incorporates a symbiosis between threat discovery and threat classification where we are able to plan tests for the most important threats and concurrently analyze the results we obtain. Our research is based in the idea that attacker-centric risk and metrics principles should guide the next generations of assessment tools.
October 21, 2009 12:15-13:00
- US
Demystifying web application security with OWASP
Kenneth R. van Wyk (KRvW Associates, LLC, US)
This hands-on session will help the students understand the biggest and most prevalent web application security woes, such as cross-site scripting, SQL injection, cross-site request forgery, and others. The defects will be clearly explained, and then we'll use open source OWASP tools to run and attack a flawed web application. In addition, we'll talk about how these defects can be mitigated in web applications.
Format
Students will need to be able to boot a Linux-based Live CD (provided) either directly or via a virtual machine environment (NOT provided), such as VMware or Parallels. Images will be provided during class.
October 23, 2009 09:30-10:30, October 23, 2009 11:00-13:00
Developments in the SpamPots Project
Marcelo H. P. C. Chaves (The Brazilian Internet Steering Committee)
The SpamPots Project objective is to measure the abuse of end-user machines to send spam. This project is conducted by CERT.br and sponsored by NIC.br, the executive branch of the Brazilian Internet Steering Committee. In the first phase of the project we used 10 low-interaction honeypots, placed in 5 different Brazilian broadband/cable providers, and collected data about the abuse of home computers as part of the spam infrastructure. Currently, we are working on better ways to collect and correlate data seen in different networks and, together with a Brazilian Federal University, developing new data mining algorithms to process spam. Now we have moved to the next phase of the project, which is based on the deployment of honeypots worldwide.
We hope this phase will give us a global and better view of the problem. The presentation will show a brief review of the first phase and the developments of the current one.
October 22, 2009 11:15-12:00
Evolution of Financial Fraud in Brazil
Marcelo H. P. C. Chaves (The Brazilian Internet Steering Committee)
Brazil has been facing, since the beginning of this decade, a massive number of incidents related to online fraud, specially phishing scams and schemes based on the use of trojan horses, keyloggers, screenloggers, etc. This presentation will provide a brief history of online fraud in Brazil, beginning in 2002, present the latest trends and discuss how CERT.br is responding to these issues, including technical analysis and coordination with AV vendors and the financial sector.
October 21, 2009 16:30-17:15
- UY
Honeypots: Defendiendo proactivamente a la comunidad
Carlos M Martínez (UY)
Honeypots have long been an important tool for researchers and the Security community in general. Based on an almost trivial hypothesis (that if you have a computer system connected to the Internet with no production services on it, then all traffic it receives is by default malicious), honeypots can provide a wealth of information regarding atacker's strategies, tools and targets. Moreover, they are cheap and easy to build. Even old servers and virtual machines can be succesfully used as honeypots.
This talk will introduce the topic of honeypots and honeynets and then present CSIRT-ANTEL's experience in taking the information collected by honeypots and using it to provide a proactive alert service for its constituency, closing with some real-incident experiences.
Note:Talk will be presented in Spanish with slides in English.
October 21, 2009 15:15-16:00
- JP
MWS2008: anti-Malware engineering WorkShop 2008: Dataset for anti-malware research and research interests shared at the workshop
Masato Terada (IPA, JP)
Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.
October 22, 2009 10:00-10:45
- BR
One year of RNP Fraud
Ronaldo Castro de Vasconcellos (BR)
October 22, 2009 12:00-12:45
- CL
Proyectos de Seguridad y Criptografia en el CLCERT
Alejandro Hevia (CL)
He received his Bachelor and Engineering degree in Computer Science from the University of Chile in 1995 and 1998 respectively, and his Ph.D. in Computer Science from University of California, San Diego (UCSD) in 2006. Since then, he is at the School of Engineering of the University of Chile where he is now Assistant Professor at the Department of Computer Science. His research interests include cryptography and computer security, in particular, cryptographic protocols for distributed systems (voting, anonymity, back-up systems), and malware analysis and prevention. He has collaborated with important research labs, including IBM T.J. Watson Research Center, and NTT Docomo USA Labs. He has also served on several program committees for conferences in both cryptography and applied security, and co-organized the Latin American Theoretical Informatics Symposium '06. Prof. Hevia is a recipient, among others, of the Marcos Orrego Puelma Award (1999), the president's MIDEPLAN Scholarship (1999), and the R.B. Wooley Jr. Fellowship from the Irwin & Joan Jacobs School of Engineering at UCSD (2003-3004). Prof. Hevia is director of the Chilean Computer Emergency Response Team (CLCERT), and founding member of the Applied Cryptography and Security Laboratory (CASLAB) of the University of Chile.
October 21, 2009 14:30-15:15
- BR
The current state of mobile security
Ronaldo Castro de Vasconcellos (BR)
Cell phones are not ordinary talking devices anymore. Complex operating systems (Android, iPhone OS, Symbian, Windows Mobile), third party applications, full time connectivity (3G, Wi-Fi, Bluetooth)and GPS receivers make the so called smartphone a formidable attack platform with new possibilities. The presenter will show an overview of known attack strategies, a look at what happened in the recent hacker confererences regarding mobile attacks and some possible and realistic future scenarios.
October 21, 2009 10:45-11:30
- US
The essential role of incident response in secure software development
Kenneth R. van Wyk (KRvW Associates, LLC, US)
Incident response as we know it has come a long way since its inception in the late 1980s. In today's environment, it is vital that incident response teams are able to rise to increasing demands which range from ensuring regulatory compliance through working with software development teams to help adequately build security in to our business software. In his talk, I will discuss the changing incident response environment and what sorts of technical skill sets it will take for a CSIRT to be able to succeed in the future.
October 20, 2009 09:30-10:15
