Webinars and Online Training

Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

Jason Lancaster is Senior Vice President, Sales Engineering and Investigations at SpyCloud. He began his career performing pen testing, designing and implementing secure network infrastructures. First as a government contractor and then at a Fortune 500 healthcare company. In 2003, he joined TippingPoint where he held several roles including SE Director. TippingPoint was acquired by 3Com in 2005 and later by HP in 2010.

At HP, Jason ran a cross-functional team as Director with the Office of Advanced Technology. In 2013, Jason co-founded HP Field Intelligence, as part of the Security Research organization, delivering actionable threat intelligence to a wide audience.

Jason spent 15 months at a cloud security start-up CloudPassage prior to joining SpyCloud, where he leads the Investigations and Sales Engineering teams.

This talk introduces Jupyter Notebook as an analytic platform for OSINT investigations. Pandas dataframes and built-in methods allow for importing many data types from many different sources. Methods for cleaning and normalizing data for analysis are discussed. Details of how to analyze, visualize, and develop intelligence from open source data are presented in an easy to consume way. This provides the building blocks to capture investigative methodology and scale for great efficiency. Jupyter notebook allows analysts to capture their methods, document processes, and produce results that are easy to understand.

For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain. Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.

Overview: In this presentation the author goes over the building blocks of Influence Operations using mass and social media. It covers subjects such as hypodermic needle model, two-step flow of information, gatekeeping, agenda-setting, priming, framing, spiral of silence, echo chambers and cultivation.

In addition, it looks at some of the larger scale operations focused on subversion.

Additional materials

Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

Dr. Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.

Fyodor Yarochkin discusses the evolving landscape of cybercrime, particularly the shift from traditional bulletproof hosting services to residential proxies. Researchers, including himself, have noted a growing caution in discussing these entities publicly. Residential proxies are easier and cheaper to maintain and present more complex challenges for defenders because they complicate traffic filtering.

Yarochkin has created a framework, termed a "residential proxy honeypot," to analyze traffic patterns from these proxies. He emphasizes the importance of understanding how these networks operate to effectively monitor and mitigate abuses.

He notes that the residential proxy ecosystem is diverse, featuring numerous small providers alongside larger companies, and highlights the varied marketing strategies used, including black hat forums and Telegram channels. The languages supported by proxy providers often reflect their target customer bases.

Finally, he concludes that there are no truly "good" residential proxy providers, as they all facilitate the bypassing of restrictions, raising ethical concerns about their operations.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

Emilien Le Jamtel is a cyber security expert since 15 years. After building its technical skill in offensive security, he joined CERT-EU in 2014 as a Threat Intelligence Analyst before quickly moving to the Digital Forensics and Incident Response team. Since 2021, Emilien is now leading the DevSecOps team responsible for the infrastructure and tooling used by CERT-EU staff. Emilien is a regular speaker at IT Security conferences such as FIRST, hack.lu, Botconf or NorthSec.

David Durvaux owns a master in applied sciences in computer sciences ("Ingénieur Civil informaticien") from the Université Catholique de Louvain (UCL) with an orientation in computer networks, distributed applications and security. David is now working for CERT.be as Security Analyst and is a contributor to the AbuseHelper open-source project.

Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.

Serge Droz is a senior IT-Security expert and seasoned incident responder. After more than twenty years work in different CSIRTs he now works as a senior adviser for the Swiss FDFA. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada in different security roles as well as at the national CERT in Switzerland.

Serge is a member of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building.

Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Today incident response often involves analyzing large amounts of data (think log files, output of forensic analysis). Some of the analysis will be repetitive, some will be specific to the incident.

Modern data analysis tools allow conducting this work efficiently and in a documented manner. Jupyter Notebooks using the pandas framework are popular among data scientists but not so much in the security community. We try to change the latter.

In this talk we present a basic intro into Jupyter and pandas, illustrating this with real live examples.

Links:

• https://www.educative.io/blog/pandas-cheat-sheet
• https://matplotlib.org/
• https://seaborn.pydata.org/examples/index.html
• https://saturncloud.io/blog/processing-log-files-with-pandas-leveraging-dictionaries-and-lists-to-create-dataframes/
• https://openrefine.org/

For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain.Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.