Publications (2000)

• Auditing Windows NT 4.0

  Sven Lehmberg (Siemens)

  Protecting Windows NT systems also depend on the configuration of all features and functions available. As the actual status of any installation might be unknown it is mandatory to understand what to look for to assess that status. The presentation goes into the details how to do such audit.

  d1-s2-lehmberg-slides.pdf

  MD5: 861a352776f769400cb4e6782f30b7ef

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 781.37 Kb

•  US

  CERT/CC Update

  Kevin Houle (CERT Coordination Center, US)

  Kevin Houle is a senior member of the technical staff at the Sofware Engineering Institute, home of the CERT(R) Coordination Center (CERT/CC). Kevin currently leads the CERT/CC Artifact Analysis Team and is responsible for overseeing the analysis of all attack tools collected by the CERT/CC. He and his team collaborate internationally to advance the state of artifact analysis. Kevin has also led the CERT/CC Incident Handling Team and has contributed to numerous CERT/CC published security alerts, documents, papers, and courses since joining the SEI in 1998.

  d1-s1-houle-slides.pdf

  MD5: c162d7bc0776390ba45b158046eae13a

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 964.14 Kb

•  GB

  CERTs in Europe

  Andrew CormackAndrew Cormack (GB)

  Since 1993 CERTs in Europe at least yearly met to exchange information and keep everyone up to date about recent developments. Since Summer 1999 there is a new effort - facilitated by TERENA as umbrella organization for national research and educational networks - to have regular meetings and coordinate efforts that might be beneficial for all teams. Andrew reviewed this new approach.

  d1-s1-cormack-slides.pdf

  MD5: 433016a6542c74c9c23092e46b7050bf

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 64.21 Kb

• Disk Post-Mortem Examination - A security incident case study

  Philippe Bourgeois (CERT Industries, Services and Tertiaire)

  d1-s2-bourgeois-slides.pdf

  MD5: cd3c2dcb5544a29fe42fb05243934324

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 581.7 Kb

•  US

  Lies, Damned Lies, and Statistics

  Dr. Wietse Z. Venema (IBM, US)

  More on statistics, this time about the (digital :) footprints of software ...

  d1-s6-venema-slides.ps

  MD5: e8a4f17f6ea1df9236fe1483d37ffd50

  Format: text/plain

  Last Update: June 7th, 2024

  Size: 100.55 Kb

•  US

  Persistence and Volatility - A paradox of computing

  Dr. Wietse Z. Venema (IBM, US)

  Wietse Venema is known for his software such as the TCP Wrapper and the POSTFIX mail system. He co-authored the SATAN network scanner and the Coroner's Toolkit for forensic analysis, and wrote a book on forensic computing with Dan Farmer. Wietse received awards from the System Administrator's Guild (SAGE) and from the Netherlands UNIX User Group (NLUUG). He completed his two-year term as the chair of the international Forum of Incident Response and Security Teams (FIRST). Wietse has a Ph.D. in physics and is a research staff member at the IBM T.J.Watson research center in the USA.

  d1-s3-venema-slides.pdf

  MD5: e2f0dc1bce8165ed95f68629139912c0

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 40.37 Kb

• Practical Tool for checking on Windows NT security

  Dirk Reimers (SecuNET)

  Based on his development of CastingNT Dirk showed the amount of information which is available for Windows NT systems with a limited amount of highly automated probing. He also discussed how the information changes depending on the level of access the probing user is already granted (for example as CastingNT is run by a legitimate user).

  d1-s3-reimers-slides.pdf

  MD5: 2896076c126b08ade52a09a1ea7252df

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.81 Mb

• Recent Attack Technologies

  Neil Long (Oxford University)

  d1-s4-long-slides.pdf

  MD5: bb430bd42f5a60c98559fa8ac642f496

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 16.58 Kb

• Telecommunications fraud: Organized approaches to fight it.

  Keld Frimann Nielsen (TDC Tele Danmark A/C)

  Very similar to the efforts of FIRST within the network/Internet domain the telecommunication sector is facing the same or very similar problems while dealing with attacks, fraud and crime.

  d1-s4-nielsen-slides.pdf

  MD5: 533ca084825faccc5d769ba76444ffe4

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 136.51 Kb

•  NL DE

  TIPSI - A Trusted Introducer for European

  Don StikvoortKlaus-Peter KossakowskiDon Stikvoort (NL), Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE), Klaus-Peter Kossakowski (Software Engineering Institute, DE)

  Within the past few month, there was reasonable discussion among European CSIRTs how to react on the end of the EuroCERT project. One outcome was to formalize the previously informally handled introducer process. Instead of relying on volunteers to bring in new teams into the already established web of trust, the necessary basis for this should be established by an entity, collecting authentic and timely information about existing CSIRTs. With TIPSI, a process and criteria were developed, to facilitate these.

  d1-s5-stikvoort-slides.pdf

  MD5: 0b5791ce1e78e1ec5226e83da7a1b443

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.03 Mb