Program Overview

Agenda is subject to change. Times are reflected in Bilbao, Spain local time of UTC +1 (CET).

Monday, January 30th

10:00 – 15:00

Pre-registration in Melia Bilbao Hotel Lobby

Tuesday, January 31st

TF-CSIRT Meetings (Room 0D)
08:00 – 09:00

Registration for Closed TF-CSIRT Meeting Participants Only

09:00 – 12:45

TF-CSIRT Closed Meetings

TLP:RED
09:30 – 16:00

Registration for All Delegates

10:45 – 11:15

Coffee Break with Exhibitors

12:45 – 13:45

Lunch - All Delegates

13:45 – 14:00

Welcome by TF-CSIRT Steering Committee

Silvio Oertli (SWITCH)

TLP:CLEAR
14:00 – 14:30
 ES

UEBA Prevention Framework for Enterprise Security

Albert Calvo, Nil Ortiz (Fundació i2 CAT, Internet i Innovació Digital a Catalunya, ES)

TLP:CLEAR
14:30 – 15:00
 FR

Feedback on ANSSI's Sharing and Handling Policy

Matthieu Bontrond (ANSSI, FR); Thomas Fontvielle (CERT-FR – ANSSI, FR)

TLP:GREEN
15:00 – 15:30
 FR

The Recent Evolutions of CSIRTs Cooperation in France

Etienne Baudin, Frédéric Le Bastard (InterCERT France , FR)

TLP:CLEAR
15:30 – 16:00

Coffee Break with Exhibitors

16:00 – 16:30
 PL

MALWINA - Malware in a Box - the Road from a Set of Malware Analysis Tools to an Automated Malware Data Lake Supporting CERT/CSIRT Operations

Mikolaj Dobski (Poznan Supercomputing and Networking Center (PSNC), PL)

TLP:GREEN
16:30 – 17:00
 ES DE SE SK NL

Lightning Talks

Daniel Kouril (Masaryk University); Donetz Errasti (P3-CERT – EGI-CSIRT, ES); François Ambrosini (Huawei, DE); Karl Selin (CERT-SE, SE); Marek Madžo (VoidSOC, SK); Sven Gabriel (Nikhef, NL)

TLP:AMBER
20:30 – 00:00

Reception hosted by Basque Cyber Security Centre at the Guggenheim Museum

Wednesday, February 1st

FIRST Symposium
Plenary (Room 0D)
08:00 – 09:00

Registration

09:15 – 09:30
 US

Welcome by FIRST Board

Dr. Sherif Hashem (FIRST, US)

TLP:CLEAR
09:30 – 10:15
 IL

Tracking Attackers in Open Source Supply Chain Attacks: The New Frontier

Jossef Harush Kadouri (IL)

TLP:CLEAR
10:15 – 11:00
 DK

OT Weakest Links in ICS Cyber Kill Chain

Carlos Sanchez Santos (Ørsted, DK)

TLP:GREEN
11:00 – 11:30

Coffee Break with Exhibitors

11:30 – 12:15
 NL

Open for Extortion: Upcoming Ransomware Evolutions and Revolutions

Feike Hacquebord (Trend Micro, NL)

TLP:CLEAR
12:15 – 12:45
 DK

Does Ransomware Really Mean “Game Over?”

Christoffer Bech, Lasse Dessau (Improsec CSIRT, DK)

TLP:AMBER
12:45 – 13:45

Lunch - All Delegates

13:45 – 14:30
 SE

Breaking the Ransomware Tool Set – When a Threat Actor Opsec Failure Became a Threat Intel Goldmine

Nicklas Keijser (Truesec, SE)

TLP:GREEN
14:30 – 15:00
 BE NL

♬ You Ain’t Seen Nothing Yet ♫

Eddy Willems (G DATA, BE); Righard Zwienenberg (ESET, NL)

TLP:CLEAR
15:00 – 15:30

Coffee Break with Exhibitors

15:30 – 16:00
 US

Cyberwar – Lessons Learned from Russia’s War in Ukraine

Artsiom Holub (Cisco Talos, US)

TLP:RED
16:00 – 16:30
 FR CZ

Iron Tiger’s Supply Chain Attack Targeting Windows, MacOS and Linux Users

Daniel Lunghi (Trend Micro, FR); Jaromir Horejsi (Trend Micro, CZ)

TLP:CLEAR
16:30 – 17:00
 US

The Dataplane.org Sensor Network: Operation and Analysis

John Kristoff (Liaison, US)

TLP:CLEAR

Thursday, February 2nd

FIRST Symposium
Training Track 1 (Room 5A)
FIRST Symposium
Training Track 2 (Room 5B)
FIRST Symposium
Training Track 3 (Room 5h Terazza B)
FIRST Symposium
Training Track 4 (Room 5h Terazza A)
08:30 – 15:00

Registration

09:00 – 10:30
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Open CSIRT Foundation, Chairman of the Board EU Cyber4Dev Expert, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 CZ

Malware Analysis

Jan Kopřiva (Nettles Consulting, CZ)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

10:30 – 11:00

Coffee Break

11:00 – 12:30
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Open CSIRT Foundation, Chairman of the Board EU Cyber4Dev Expert, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 CZ

Malware Analysis

Jan Kopřiva (Nettles Consulting, CZ)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

12:30 – 13:30

Lunch Break

13:30 – 15:00
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Open CSIRT Foundation, Chairman of the Board EU Cyber4Dev Expert, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 PL

Cyber Fortress - Simulation-Strategic Games Based on Scenarios of the Latest Advanced Cyber Attacks

Marcin Fronczak, Miroslaw Maj, Piotr Kepski (ComCERT S.A., PL)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

15:00 – 15:30

Coffee Break

15:30 – 17:00
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Open CSIRT Foundation, Chairman of the Board EU Cyber4Dev Expert, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 PL

Cyber Fortress - Simulation-Strategic Games Based on Scenarios of the Latest Advanced Cyber Attacks

Marcin Fronczak, Miroslaw Maj, Piotr Kepski (ComCERT S.A., PL)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)