Webinars and Online Training

Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.

This presentation is for FIRST Members only, authentication is required on FIRST Portal to preview the video.

Jason Lancaster is Senior Vice President, Sales Engineering and Investigations at SpyCloud. He began his career performing pen testing, designing and implementing secure network infrastructures. First as a government contractor and then at a Fortune 500 healthcare company. In 2003, he joined TippingPoint where he held several roles including SE Director. TippingPoint was acquired by 3Com in 2005 and later by HP in 2010.

At HP, Jason ran a cross-functional team as Director with the Office of Advanced Technology. In 2013, Jason co-founded HP Field Intelligence, as part of the Security Research organization, delivering actionable threat intelligence to a wide audience.

Jason spent 15 months at a cloud security start-up CloudPassage prior to joining SpyCloud, where he leads the Investigations and Sales Engineering teams.

This talk introduces Jupyter Notebook as an analytic platform for OSINT investigations. Pandas dataframes and built-in methods allow for importing many data types from many different sources. Methods for cleaning and normalizing data for analysis are discussed. Details of how to analyze, visualize, and develop intelligence from open source data are presented in an easy to consume way. This provides the building blocks to capture investigative methodology and scale for great efficiency. Jupyter notebook allows analysts to capture their methods, document processes, and produce results that are easy to understand.

Emilien Le Jamtel is a cyber security expert since 15 years. After building its technical skill in offensive security, he joined CERT-EU in 2014 as a Threat Intelligence Analyst before quickly moving to the Digital Forensics and Incident Response team. Since 2021, Emilien is now leading the DevSecOps team responsible for the infrastructure and tooling used by CERT-EU staff. Emilien is a regular speaker at IT Security conferences such as FIRST, hack.lu, Botconf or NorthSec.

David Durvaux owns a master in applied sciences in computer sciences ("Ingénieur Civil informaticien") from the Université Catholique de Louvain (UCL) with an orientation in computer networks, distributed applications and security. David is now working for CERT.be as Security Analyst and is a contributor to the AbuseHelper open-source project.

Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.

Serge Droz is a senior IT-Security expert and seasoned incident responder. After more than twenty years work in different CSIRTs he now works as a senior adviser for the Swiss FDFA. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada in different security roles as well as at the national CERT in Switzerland.

Serge is a member of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building.

Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.

Today incident response often involves analyzing large amounts of data (think log files, output of forensic analysis). Some of the analysis will be repetitive, some will be specific to the incident.

Modern data analysis tools allow conducting this work efficiently and in a documented manner. Jupyter Notebooks using the pandas framework are popular among data scientists but not so much in the security community. We try to change the latter.

In this talk we present a basic intro into Jupyter and pandas, illustrating this with real live examples.

Links:

• https://www.educative.io/blog/pandas-cheat-sheet
• https://matplotlib.org/
• https://seaborn.pydata.org/examples/index.html
• https://saturncloud.io/blog/processing-log-files-with-pandas-leveraging-dictionaries-and-lists-to-create-dataframes/
• https://openrefine.org/