Publications (2013)

•  GB

  Challenging appliances

  Damir (Gaus) Rajnovic (Cisco Systems Co., GB)

  We all have more and more appliances and other devices that can be connected to a network and this trend will only continue. This talk will highlight some unique challenges that this brings to the vendors but also to CERTs. Some of the issues that a vendor is facing are: how to deal with home users who may not have sufficient knowledge, how to scale to reach billions of affected users. On the other hand how will CERT contact my next door neighbour whose washing machine is used to launder bitcoins?

  Lisbon 2013 FIRST TC

  Lisbon, PT

  January 29, 2013 10:00-10:45

  Hosted by CERT.PT/FCCN

  rajnovic-damir-slides.pptx

  MD5: b0104725080f8080ae907f6fb09c8840

  Format: application/vnd.openxmlformats-officedocument.presentationml.presentation

  Last Update: June 7th, 2024

  Size: 16.35 Mb

• Changes in the Threat Landscape and the Potential Impacts to Incident Response Activities

  Mr. Thaddeus MANN (IBM)

  FIRST Energy Symposium

  Leesburg, Virginia, US

  October 29, 2013 13:30-14:15

  mann-thaddeus-slides.pdf

  MD5: 115280c9dd52c09d5877db56dd8eb479

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 13.12 Mb

•  US

  CVSS v3 Preview

  Seth HanfordSeth Hanford (Proofpoint, US)

  Seth Hanford is a Principal Engineer at Proofpoint. In his role, he serves as security architect, and as an advisor to the enterprise CSIRT, PSIRT, and other Global Information Security functions responsible for designing secure architectures and protecting customer and enterprise data for the company. He has previously worked as Sr. Manager for Detection & Response for a Fortune 100 financial services firm, as well as various vulnerability & threat intelligence roles, and as a PSIRT incident manager for a Fortune 100 network technology company. He has been active in the FIRST community over the past decade, including service on the CVSS SIG during v2, and as SIG chair for the development of CVSS v3.

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 10:15-11:00

  Hosted by Cisco

  hanford-seth-slides.pdf

  MD5: 82fb03b0a6482bba43cd2d0c6ee6793b

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 966.55 Kb

•  PT

  Effectively detection of intrusions using business process specifications

  João Lima (INOV INESC Inovação, PT), Nelson Escravana (INOV INESC Inovação, PT)

  In the recent years, the advent large-scale, highly targeted cyber-attacks raised the concern on the protection of IT systems in general, and particularly the systems used to command, support and control critical infrastructures, where public transportation networks are inserted. Intrusion detection systems (IDS) have been used as a tool to detect attempted, or already accomplished, intrusions on IT systems, providing support to security administrators in the monitoring of their networks, in order to discover actual, and avoid future, intrusions. However the extensively acknowledged effectiveness problems these systems suffer have been hampering their broad usage. In the context of the SECUR-ED FP7 project, an intrusion detection tool using an innovative, business-process specification-based approach, that may be effective in increasing the protection of critical infrastructures and, at the same time, is able to solve some of the typical IDS problems, while working at an high semantic abstraction level.

  Lisbon 2013 FIRST TC

  Lisbon, PT

  January 29, 2013 16:45-17:05

  Hosted by CERT.PT/FCCN

  lima-joao-slides.pdf

  MD5: 4e1155ef92678b6da581340e125f49e7

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 14.45 Mb

•  JP

  Forensic Investigation & Malware Analysis against Targeted Attack using Free Tools

  Hiroshi SuzukiHiroshi Suzuki (IIJ-SECT, JP), Takahiro Haruyama (IIJ-SECT, JP)

  We will learn how to examine a disk image of the compromised PC, then analyze malicious document and malware extracted from the image. This hands-on session is outlined as follows:

  • Find malicious auto-started programs
  • Browse and recover (deleted) files
  • Analyze Windows registry hives
  • Analyze a malicious Office document
  • Analyze swf file and malware

  Requirement

  Students should bring your own laptop that matches the following requirements.

  Hardware

  • at least 2GB RAM
  • at least 50GB free disk space

  Host OS

  • Windows XP SP3 or later with administrative accounts
    (We will not support other OS such as Mac OS X and Linux, but you can use it on your own.)
  • VMware player or VMware workstation
    (We will not support other VM environments such as VMWare Fusion and VirtualBox, but you can use it on your own.)
  • Microsoft Office or OpenOffice to view CSV log files

  Guest OS

  • Windows XP SP3 or later 32bit with administrative accounts
  • OPTIONAL: Microsoft Office 2007 to open a malicious document for dynamic malware analysis
    (Attendees without Office 2007 can execute a malware instead of opening the doc)

  
  

  Lisbon 2013 FIRST TC

  Lisbon, PT

  January 30, 2013 09:30-13:00, January 30, 2013 14:15-17:45

  Hosted by CERT.PT/FCCN

  haruyama-suzuki-slides.pdf

  MD5: ec62637b3eb7313ae3ae2b506cb1a0c9

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 2.36 Mb

•  NL

  Info Sharing after bot-net takedowns

  Martijn van der Heide (Chairman KPN-CERT, NL)

  Security Officer

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 3, 2013 09:00-09:45

  Hosted by Cisco

  van-der-heide-martijn-slides.pdf

  MD5: 804dacc43829d41b10dcc5833756944f

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 278.84 Kb

• iOS Security for Incident Responders

  Ken VAN WYK (KRvW Associates, LLC)

  FIRST Energy Symposium

  Leesburg, Virginia, US

  October 29, 2013 14:15-15:00

  van-wyk-ken-slides.pdf

  MD5: feff41f1ab8dd1b4147beab7b50a568e

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 6.32 Mb

• Overview of Cuckoo Sandbox

  Claudio, ShadowServer

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 09:15-10:15

  Hosted by Cisco

  guarnieri-claudio-slides.pdf

  MD5: 19548d1bdec5aaf358b068e478ed8a4f

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.23 Mb

• PACS-WG: Lessons Learned and Future Work in the Energy Sector

  Mr. Jack WHITTSITT (NESCO), Mr. Gal SHPANTZER (Energysec)

  FIRST Energy Symposium

  Leesburg, Virginia, US

  October 28, 2013 14:15-15:00

  whittsitt-jack-slides.pdf

  MD5: 22724fed5ba7a102b538c3e13161adf3

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.53 Mb

•  CA

  Pre-Recursor Passive DNS Logging

  Henry Stern (Cisco, CA)

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 14:30-15:15

  Hosted by Cisco

  stern-henry-slides.pdf

  MD5: 3cd10110dc88aaf0602b72955a3fe65c

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.78 Mb

•  AT

  ProcDOT Visual Malware Analysis

  Christian Wojner (AT)

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 16:15-17:00

  Hosted by Cisco

  wojner-christian-slides.pdf

  MD5: c14d6d6132aa9547e58200673a7d2377

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 1.46 Mb

•  US

  Re-writing the CSIRT Playbook

  Jeff BollingerMatthew ValitesJeff Bollinger (LinkedIn, US), Matthew Valites (SAP, US)

  With over twenty years of information security experience, Jeff Bollinger has worked as security architect, incident responder, and people manager for both academic and enterprise networks. Specializing in investigations, network security monitoring, detection engineering, log analysis, and intrusion detection, Jeff Bollinger is the Director of LinkedIn's incident response team (SEEK). Prior to LinkedIn, Jeff helped build and operate one of the world's largest corporate security monitoring infrastructures at Cisco Systems. Jeff regularly speaks at international FIRST conferences, blogs about security topics. He is also the co-author of "Crafting the InfoSec Playbook". Jeff's recent work includes log mining, search optimization, cloud threat research, and security investigations.

  Matt has spent the past 15+ years in various security roles spanning leadership, operations, investigations, field sales, and research. Currently leading Threat Detection Operations and Operational Strategy at SAP's Global Security Operations, he's spent most of his career in the Enterprise Software-as-a-Service space. He's a co-author of O'Reilly's Crafting the Infosec Playbook and a longtime active member of the FIRST organization.

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 17:00-18:00

  Hosted by Cisco

  bollinger-jeff-slides.pdf

  MD5: 0b9a8c628b67853568af469d931c167f

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 3.7 Mb

• RPZ II

  April Lorenzen (Dissect Cyber, Inc)

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 2, 2013 13:30-14:30

  Hosted by Cisco

  lorenzen-april-slides.pdf

  MD5: 1ea379b89663323739a337c21334e957

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 54.22 Kb

• SIE Security Information Exchange

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 3, 2013 11:30-12:30

  Hosted by Cisco

  vixie-paul-slides-1.pdf

  MD5: 348e9c28931496189eb169ca7f93a5b6

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 337.65 Kb

  vixie-paul-slides-2.pdf

  MD5: 3c035f278efabc03b97481a643b184ad

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 426.3 Kb

  vixie-paul-slides-3.pdf

  MD5: ad17f01b18890411b52b94cc37dc5606

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 428.67 Kb

• Understanding CSIRT Knowledge Management Needs

  Oscar Serrano (NATO Communications and Information Agency)

  Amsterdam 2013 FIRST TC

  Amsterdam, NL

  April 3, 2013 13:30-14:15

  Hosted by Cisco

  serrano-oscar-slides.pdf

  MD5: 2cae9095d87e4f643aefb7add5e22284

  Format: application/pdf

  Last Update: June 7th, 2024

  Size: 554.91 Kb