Day 1 | 07 February 2005 |
---|---|
TC - PROGRAM Day chair: Chris Gibson. | |
Wireless network facilities will be available all day. | |
0900 - 0930 | Welcome with coffee and croissants (courtesy of host). |
0925 - 0930 | TC Hosts (CERT Renater & CERTA) & TC day chair Opening. |
0930 - 1020 | Olivier Castan (CERTA) CERTA Procedures for Windows Forensics. |
1020 - 1100 | Jim Barlow (NCSA) Rootkit revealed - an in-depth look at a UNIX rootkit. |
1100 - 1140 | Coffee break (courtesy of host). |
1140 - 1240 | Klaus Möller (DFN-CERT) Logsurfer: a Log Analysis Tool (short Tutorial). |
1240 - 1410 | Lunch break (directions to various small restaurants around the meeting premises will be provided). |
1410 - 1500 | Jason Rafail (CERT/CC) Vulnerability Model and Chaining Project. By modelling systems and breaking down vulnerabilities into preconditions and postconditions, one can more easily discuss, analyze and visualize a system's exposure to attack. This presentation is an overview of work that the CERT/CC performed in this area, its results and potential applications. |
1500 - 1545 | Jim Jones (SAIC-IRT) Automated Analysis of potentially compromised Computer Systems (or, probabilistic Reasoning for Digital Evidence Analysis). |
1545 - 1630 | Tea break (courtesy of host). |
1630 - 1715 | Kostya Kortchinsky (CERT Renater) Research in recent Vulnerabilities. |
1715 - appx 1830 | Jim Duncan (Cisco) The Common Vulnerability Scoring System (CVSS), the Vulnerability Disclosure Framework (VDF) & discussion. |
appx 1830 | TC day chair Closure. |
Day 2 | 08 February 2005 |
---|---|
HANDS-ON WORKSHOP
Day chair: Guilherme Venere. | |
Wired network facilities will be limited available all day, but their use is strongly discouraged given the intensive character of the classes. | |
0900 - 0930 | Welcome with coffee and croissants (courtesy of host). |
0930 - appx 1800 | Instructors:
Some changes have been applied to the hands-on activities that reflect the feedback received over the past year. The first new activity will be a little challenge that will be coordinated by Peter Quick and consists of discovering an unknown, hidden IP device. The idea here is to show how difficult it can be to uncover this kind of malicious device. The first three to successfully identify the device will be "rewarded". At the end of the day the device will be shown and he winners will demonstrate how they got it right. We invite all attendees to bring their tools and personal magic. Three hands-on classes are programmed. Two of them will be presented both in the morning and in the afternoon. Francisco Monserrat and Jean Gautier will present these classes. The third class will last the entire day and will be presented by Art Manion. A summary of the classes follows: |
"Vulnerability Handling: Analysis, Coordination and Documentation"
"Binary Analysis" from the 1st Forensic Challenge
"Wolf and WOLF Hound viewer" |