The FIRST Symposium event is restricted to FIRST members only and will be held in Jan 19-21, 2009.
Nevertheless, since this will be a joint event with TF-CSIRT - the European CSIRT regional initiative- there will be some sessions restricted to TF-CSIRT members only and others open to both communities.
Below there is a list of speakers and titles to be presented on the event.
Session | Room |
---|---|
Conference Registration Area | Lobby of the Institute of Mathematics and Computer Science. Address: Raina bulvaris 29 |
Trusted Introducer Meeting/TF-CSIRT Meeting | Room 302 - Central Hall |
Handson Class I | Room 302 - Ce |
Social Event | Restaurant Kaļķu vārti. Address: 11a Kaļķu iela |
Lunch | Cafeteria Banquet Room on the basement floor of the Central Building of the University of Latvia. Address: Raina bulvaris 19 |
TF-CSIRT Meeting
TF-CSIRT/FIRST Seminar
FIRST Symposium Hands On Classes
FIRST Meeting
TF-CSIRT Meeting | |
---|---|
08:00 – 16:00 | Registration |
13:30 – 13:35 | BE Welcome, introductions and apologies Lionel Ferette (Belnet CERT, BE) |
13:35 – 13:40 | BE Approval of minutes and status of action items Lionel Ferette (Belnet CERT, BE) |
13:40 – 13:55 | IE Jumper CSIRT presentation Han van Thoor (Jumper, IE) |
13:55 – 14:10 | LT CERT-LT presentation Rytis Rainys (CERT-LT, LT) |
14:10 – 14:15 | HR Establishment of Croatian National CERT Darko Perhoc (CARNet, HR) |
14:15 – 15:00 | CH Grid Security Romain Wartel (CERN, CH) |
15:00 – 15:30 | Coffee Break |
15:30 – 15:45 | SI Report on TF-CSIRT delegation to Russia Gorazd Božic (ARNES, SI) |
15:45 – 16:00 | IT GN2 JRA2 update Claudio Allocchio (GARR, IT) |
16:00 – 16:15 | NO Report on Norwegian TRANSITS courses Øyvind Eilertsen (Uninett CERT, NO) |
16:15 – 16:30 | Don Stikvoort (Open CSIRT Foundation) |
16:45 – 17:00 | BE Progressing TF-CSIRT work items Lionel Ferette (BE) |
TF-CSIRT/FIRST Seminar | |
---|---|
08:00 – 16:00 | Registration |
09:30 – 10:00 | JP Feasability Study of DoS attack with P2P System Masato Terada (IPA, JP) |
10:00 – 10:30 | EU A Quantitative Cross Comparative Analysis of Tools for Anomaly Detection Maurizio Molina (EU) |
10:30 – 11:00 | |
11:00 – 11:30 | Whitelist implementation for DNS servers Francisco. (Paco) Monserrat (IRIS-CERT – RedIRIS) |
12:00 – 12:30 | US Overview on the Evolution of the Exploitation and Command & Control Kits Marc Vilanova (Netflix, US) |
12:30 – 13:30 | Lunch |
13:30 – 13:45 | Team Update - DK-CERT Presentation DK-CERT, INTECO and new FIRST member teams - 15min. Per team |
13:45 – 14:00 | ES Team Update - INTECO Presentation Jorge Chinea López (INTECO, ES) |
14:00 – 14:15 | GE Team Update - CERT-GE Presentation David Tabatadze (CERT-GE, GE) |
14:15 – 14:30 | ES Team Update - e-la Caixa CSIRT Presentation Jordi Aguilà (e-la Caixa CSIRT, ES) |
15:00 – 15:30 | Coffee Break |
17:00 – 17:30 | FR Analyzing Malware with a dead Angle: PRG vs Torpig CERT LEXSI (FR) |
FIRST Symposium Hands On Classes | |
---|---|
08:00 – 16:00 | Registration |
09:00 – 10:30 | PL Pcap trace analysis of web client side attacks (Group 1) Przemyslaw Jaroszewski , Rafal Tarlowski, Tomasz Grudziecki (CERT Polska, PL) |
10:30 – 11:00 | |
11:00 – 12:30 | PL Pcap trace analysis of web client side attacks (Group 1) Przemyslaw Jaroszewski , Rafal Tarlowski, Tomasz Grudziecki (CERT Polska, PL) |
12:30 – 13:30 | Lunch |
13:30 – 15:00 | PL Pcap trace analysis of web client side attacks (Group 2) Przemyslaw Jaroszewski , Rafal Tarlowski, Tomasz Grudziecki (CERT Polska, PL) |
15:00 – 15:30 | Coffee Break |
15:30 – 17:00 | PL Pcap trace analysis of web client side attacks (Group 2) Przemyslaw Jaroszewski , Rafal Tarlowski, Tomasz Grudziecki (CERT Polska, PL) |
Maurizio Molina (EU)
January 20, 2009 10:00-10:30
MD5: 7d3a80ee6a97b1b02c076cf3bf170262
Format: application/pdf
Last Update: June 7th, 2024
Size: 325.58 Kb
CERT LEXSI (FR)
January 20, 2009 17:00-17:30
MD5: d792dc812b4880eb54986e4a86a6c88b
Format: application/pdf
Last Update: June 7th, 2024
Size: 525.05 Kb
Darko Perhoc (CARNet, HR)
January 19, 2009 14:10-14:15
Masato Terada (IPA, JP)
Masato Terada received M.E. in Information and Image Sciences from University of Chiba, Japan, in 1986. From 1986 to 1995, he was a researcher at the Network Systems Research Dept., Systems Development Lab., Hitachi. Since 1996, he has been Senior Researcher at the Security Systems Research Dept., Systems Development Lab., Hitachi. Since 2002, he had been studying at Graduate School of Science and Technology, Keio University and received Ph.D in 2005. Since 2004, he has been with the Hitachi Incident Response Team. Also, he is a visiting researcher at Security Center, Information - Technology Promotion Agency, Japan (ipa.go.jp), and JVN associate staff at JPCERT/CC (jpcert.or.jp), as well.
January 20, 2009 09:30-10:00
MD5: bb96626c18f87f3886c42c8a57b3d1eb
Format: application/pdf
Last Update: June 7th, 2024
Size: 5.16 Mb
Przemyslaw Jaroszewski (CERT Polska, PL), Rafal Tarlowski (CERT Polska, PL), Tomasz Grudziecki (CERT Polska, PL)
A set of security incident packet traces will be given for analysis by the students. Each packet trace involves a different security scenario,which is presented to the students. A short introduction to client side attack techniques will be given. For each scenario the goal is to identify security information relevant to a particular incident.
- Format: Students should bring their own laptops. Samples and relevant tools can be provided on a DVD. Tools used in the exercise: pcap analyser (default: Wireshark).
January 21, 2009 09:00-10:30, January 21, 2009 11:00-12:30
Przemyslaw Jaroszewski (CERT Polska, PL), Rafal Tarlowski (CERT Polska, PL), Tomasz Grudziecki (CERT Polska, PL)
A set of security incident packet traces will be given for analysis by
the students. Each packet trace involves a different security
scenario,which is presented to the students. A short introduction to
client side attack techniques will be given. For each scenario the goal
is to identify security information relevant to a particular incident.
-
Format: Students should bring their own laptops. Samples and relevant
tools can be provided on a DVD. Tools used in the exercise: pcap
analyser (default: Wireshark).
January 21, 2009 13:30-15:00, January 21, 2009 15:30-17:00
Lionel Ferette (BE)
January 19, 2009 16:45-17:00
Gorazd Božic (ARNES, SI)
January 19, 2009 15:30-15:45
David Tabatadze (CERT-GE, GE)
January 20, 2009 14:00-14:15
MD5: 8e841bfc99eb598afbdcf86b2bd8ed58
Format: application/pdf
Last Update: June 7th, 2024
Size: 174.13 Kb
Jorge Chinea López (INTECO, ES)
January 20, 2009 13:45-14:00
MD5: 95eb2190bbf16c7cf1098d338c018e6b
Format: application/pdf
Last Update: June 7th, 2024
Size: 1.17 Mb
Don StikvoortDon Stikvoort (Open CSIRT Foundation)
Don Stikvoort is founder of the companies “S-CURE” and “Cross Your Limits”. S-CURE offers senior consultancy in the area of cyber security – specialising in CSIRT matters. Cross Your Limits coaches and trains in the human area. Based in Europe, Don’s client base is global.
After his MSc degree in Physics, he became Infantry platoon commander in the Dutch Army. In 1988 he joined the Dutch national research network SURFnet. In that capacity he was among the pioneers who together created the European Internet since November 1989. He recognised “security” as a future concern in 1991, and was chair of the 2nd CSIRT in Europe (now SURFcert) from 1992-8, and FIRST member since 1992. Today Don is a FIRST Liaison Member.
Together with Klaus-Peter Kossakowski he initiated and built the closer cooperation of European CSIRTs starting in 1993 – this led to the emergence of TF-CSIRT in 2000. In 1998 he finished the "Handbook for Computer Security Incident Response Teams (CSIRTs)" together with Kossakowski and Moira J. West-Brown of CERT/CC. He was active in the IETF and RIPE (co-creator of the IRT-object). Don chaired the Program Committee for the 1999 FIRST conference in Brisbane, Australia, and kick-started the international FIRST Secretariat in the same year. From 2001-2011 his company ran TF-CSIRT’s Trusted Introducer service. He wrote and taught several training modules for the CSIRT community.
In 1998 Don started his first company. A first assignment was to build the network connecting over 10,000 schools in The Netherlands. Many CSIRTs were created with his help and guidance, among which the Dutch national team (NCSC-NL). Second opinions, audits and maturity assessments in this field have become a specialty – and in that capacity Don developed SIM3 in 2008, the maturity model for CSIRTs which is used worldwide today for maturity assessments and certifications. SIM3 has is now under the wings of the “Open CSIRT Foundation” (OCF). Don was one of the founders in 2016 and now chairs its board.
Starting in 1999, Don was certified in NLP, Time Line Therapy®, Coaching and Hypnotherapy, and brought that under the wing of “Cross Your Limits”, which portfolio is life & executive coaching, and training courses in what Don likes to call “human arts”. He also trains communicators, presenters and trainers, including many in the CSIRT field.
Don thrives as motivational and keynote speaker. He enjoys to share his views on how the various worlds of politics, economics, psychology and daily life, but also cyber security, all intertwine and relate – and how deeper understanding and a better ability to express ourselves, increase our ability to bring good change to self as well as the world around us. He has discussed such topics all over the world, from Rome to the Australian Outback. His goal is to challenge his audience to think out-of-the-box, and motivate them to be the difference that makes the difference, along the lines of the old African proverb:
“If you think you’re too small to make a difference, try sleeping in a closed room with a mosquito”.
January 19, 2009 16:15-16:30
Francisco. (Paco) Monserrat (RedIRIS)
Francisco "Paco" Monserrat is the Security Coordinator of RedIRIS (the Spanish Academic and Research Network) and he is a FIRST member since 1997. During the last few years, he has worked actively on the TF-CSIRT, iniromoting the cooperation among CSIRTs in Europe.
Paco has spoken on various conferences and his activities focus on Forense Analysis, criptography and Computer Security Incidents Response Teams.
January 20, 2009 11:00-11:30
MD5: 6b49034551b0a7b270eb287f02d8e2ec
Format: application/pdf
Last Update: June 7th, 2024
Size: 3.55 Mb