Rome 2012 FIRST TC

Program Overview

FIRST/TF-CSIRT Technical Colloquium (TC) 2012. The event will be held from 30 January until 1 February 2012 at the Aula Magna del Rettorato in Rome, Italy. This is a joint event of FIRST and TF-CSIRT hosted by TERENA, GARR-CERT and Roma Tre University.

Please note: the program schedule is not in its final version, adjustments still can occur.

Overview

January 30th (Monday)
TF-CSIRT Meeting
January 31st (Tuesday)
FIRST/TF-CSIRT Seminar
February 1st (Wednesday)
FIRST Hands-On Classes
TRANSITS/RTIR

January 30th (Monday)

	TF-CSIRT Meeting
09:00 – 12:30	Trusted Introducer Meeting - TI-accredited CSIRTs and TI Review Board Auditorium, Aula Magna del Rettorato
12:30 – 13:30	Lunch
13:30 – 17:00	35th TF-CSIRT meeting Auditorium, Aula Magna del Rettorato
17:00 – 17:30	Coffee break
17:30 – 18:30	TI Review Board Auditorium, Aula Magna del Rettorato
20:00 – 22:00	Social Event

January 31st (Tuesday)

	FIRST/TF-CSIRT Seminar
09:00 – 09:10	Introduction Kenneth van Wyk, FIRST & Lionel Ferette, TF-CSIRT Auditorium, Aula Magna del Rettorato
09:10 – 09:40	Remediation Efforts, Private-Private-Public Relationships, and the Working Group Model Eric Ziegast, ISC
09:40 – 10:10	The OWASP Top 10 Mobile Security Risks Kenneth R. van Wyk (KRvW Associates, LLC, US)
10:10 – 10:30	Dealing with the whole country: creating a National CSIRT Baiba Kaskina (CERT NIC.LV, LV)
10:30 – 11:00	Coffee break
11:00 – 11:30	INTERPOL Cybercrime Initiatives Vincent Danjean (INTERPOL)
11:30 – 12:00	Tackling hideous crimes on the hidden web Eileen Monsma (Dutch National High Tech Crime Unit)
12:00 – 12:15	OAS Cyber Security Roundtable Mirek Maj
12:15 – 13:15	Lunch
13:15 – 14:00	The DigiNotar incident and aftermath: avoiding SSL-mageddon Aart Jochem (GOVCERT.NL)
14:00 – 14:30	Titan: a grid facility incident Leif Nixon (European Grid Infrastructure) , Margrete Raaum (UiO-CERT)
14:30 – 15:00	The WOW Effect: how Microsoft's WOW64 technology unintentionally fools IT Security analysts Christian Wojner (CERT.at, AT)
15:00 – 15:30	Coffee break
15:30 – 16:00	Countering Anti-Phishing Countermeasures Vincent Hinderer (CERT-LEXSI, FR)
16:00 – 16:20	Malicious Domain Manager Michal Prokop (CSIRT.CZ, CZ)
16:20 – 16:30	Analysing and mapping the ZeuS P2P+DGA variant network Tomasz Bukowski (CERT Polska)

February 1st (Wednesday)

	FIRST Hands-On Classes	TRANSITS/RTIR
09:00 – 12:30	FIRST Hands-On Class 1: Introduction into YARA, the malware classification tool Andreas Schuster (Deutsche Telekom AG, DE) Auditorium, Aula Magna del Rettorato FIRST Hands-On Class 2: iOS app security hands-on Ken Van Wyk (KRvW Associates, LLC) Sala del Consiglio, Aula Magna del Rettorato	TRANSITS Trainers' Workshop Sala 1, GARR Offices RTIR BoF: Discussion about future development of RTIR software Sala Tesi, Aula Magna del Rettorato
12:30 – 13:30	Lunch
13:30 – 17:00	FIRST Hands-On Class 3 To be confirmed Auditorium, Aula Magna del Rettorato FIRST Hands-On Class 4: Introduction into YARA, the malware classification tool - repeat of Class 1 Andreas Schuster (Deutsche Telekom AG, DE) Sala del Consiglio, Aula Magna del Rettorato	TRANSITS Trainers' Workshop Sala 1, GARR Offices

FIRST Hands-On Classes

TRANSITS/RTIR

09:00 – 12:30

FIRST Hands-On Class 1: Introduction into YARA, the malware classification tool

Andreas Schuster (Deutsche Telekom AG, DE)

Auditorium, Aula Magna del Rettorato

FIRST Hands-On Class 2: iOS app security hands-on

Ken Van Wyk (KRvW Associates, LLC)

Sala del Consiglio, Aula Magna del Rettorato

TRANSITS Trainers' Workshop

Sala 1, GARR Offices

RTIR BoF: Discussion about future development of RTIR software

Sala Tesi, Aula Magna del Rettorato

12:30 – 13:30

Lunch

13:30 – 17:00

FIRST Hands-On Class 3

To be confirmed

Auditorium, Aula Magna del Rettorato

FIRST Hands-On Class 4: Introduction into YARA, the malware classification tool - repeat of Class 1

Andreas Schuster (Deutsche Telekom AG, DE)

Sala del Consiglio, Aula Magna del Rettorato

TRANSITS Trainers' Workshop

Sala 1, GARR Offices

Call for Speakers

FIRST is also looking for speakers that would like to present during FIRST/TF-CSIRT Seminar and for the FIRST Hands-On Classes. This is a GREAT opportunity to give something back to FIRST, and some suggested topics are as follows:

Lessons learned, case studies, etc.
Threat updates - statistics of malware and such
Attack tools and trends
Incident response tools and trends and security technologies

For your submission, please provide the following information:

Title
Brief Summary (Abstract)
Presenter's Name and Affiliation
Estimated Time

For the Hands-On day, we are looking for presenters to lead a demonstration or a hands-on exercise. Each instructor is expected to prepare their own material and to bring their own equipment and attendees are expected to bring their own laptop computers and power converters/adaptors. Instructors should expect to work with groups up to 30 students. The duration of each demo or exercise should be 2-3 hours, so that it can be run once in the morning and once in the afternoon. Please advise whether you need any additional equipment or facilities.

If you're interested in speaking or instructing a Plenary Session or Hands-on class, please get in contact with me (ken@krvw.com) and Jacomo Piccolini (jacomo@cymru.com ). We're hoping to have a draft program in place by December, so please get in touch with us ASAP.