February 2005 FIRST Technical Colloquium

Program Overview

Day 1	07 February 2005
	TC - PROGRAM Day chair: Chris Gibson.
	*Wireless network facilities will be available all day.*
0900 - 0930	Welcome with coffee and croissants (courtesy of host).
0925 - 0930	TC Hosts (CERT Renater & CERTA) & TC day chair Opening.
0930 - 1020	Olivier Castan (CERTA) CERTA Procedures for Windows Forensics.
1020 - 1100	Jim Barlow (NCSA) Rootkit revealed - an in-depth look at a UNIX rootkit.
1100 - 1140	Coffee break (courtesy of host).
1140 - 1240	Klaus Möller (DFN-CERT) Logsurfer: a Log Analysis Tool (short Tutorial).
1240 - 1410	Lunch break (directions to various small restaurants around the meeting premises will be provided).
1410 - 1500	Jason Rafail (CERT/CC) Vulnerability Model and Chaining Project. By modelling systems and breaking down vulnerabilities into preconditions and postconditions, one can more easily discuss, analyze and visualize a system's exposure to attack. This presentation is an overview of work that the CERT/CC performed in this area, its results and potential applications.
1500 - 1545	Jim Jones (SAIC-IRT) Automated Analysis of potentially compromised Computer Systems (or, probabilistic Reasoning for Digital Evidence Analysis).
1545 - 1630	Tea break (courtesy of host).
1630 - 1715	Kostya Kortchinsky (CERT Renater) Research in recent Vulnerabilities.
1715 - appx 1830	Jim Duncan (Cisco) The Common Vulnerability Scoring System (CVSS), the Vulnerability Disclosure Framework (VDF) & discussion.
appx 1830	TC day chair Closure.

Day 2	08 February 2005
	HANDS-ON WORKSHOP Day chair: Guilherme Venere.
	*Wired network facilities will be limited available all day, but their use is strongly discouraged given the intensive character of the classes.*
0900 - 0930	Welcome with coffee and croissants (courtesy of host).
0930 - appx 1800	Instructors: Jean Gautier (Microsoft PSS Security Team) Art Manion (CERT/CC) Francisco Jesus Monserrat Coll (RedIRIS) & Juan Carlos Guel Lopez (UNAM) Peter Quick (T-COM CERT) Some changes have been applied to the hands-on activities that reflect the feedback received over the past year. The first new activity will be a little challenge that will be coordinated by Peter Quick and consists of discovering an unknown, hidden IP device. The idea here is to show how difficult it can be to uncover this kind of malicious device. The first three to successfully identify the device will be "rewarded". At the end of the day the device will be shown and he winners will demonstrate how they got it right. We invite all attendees to bring their tools and personal magic. Three hands-on classes are programmed. Two of them will be presented both in the morning and in the afternoon. Francisco Monserrat and Jean Gautier will present these classes. The third class will last the entire day and will be presented by Art Manion. A summary of the classes follows:
	"Vulnerability Handling: Analysis, Coordination and Documentation" Art Manion (CERT/CC) Full day class. "Binary Analysis" from the 1st Forensic Challenge Francisco Jesus Monserrat Coll (RedIRIS) and Juan Carlos Guel Lopez (UNAM). Presented both in the morning and in the afternoon. Students should bring their laptop and be prepared for a wired ethernet connection. "Wolf and WOLF Hound viewer" Jean Gautier (Microsoft PSS Security team) Presented both in the morning and in the afternoon.