The FIRST Symposium event is restricted to FIRST members only and will be held in Jan 19-21, 2009.
Nevertheless, since this will be a joint event with TF-CSIRT - the European CSIRT regional initiative- there will be some sessions restricted to TF-CSIRT members only and others open to both communities.
Below there is a list of speakers and titles to be presented on the event.
Please note: the program schedule is not in its final version, adjustments still can occur.
TF-CSIRT Meeting
TF-CSIRT/FIRST Seminar
FIRST Symposium Hands On Classes
FIRST Meeting

| TF-CSIRT Meeting | |
|---|---|
| 08:00 – 16:00 | Registration |
| 13:30 – 13:35 |
![]() Welcome, introductions and apologies Lionel Ferette (Belnet CERT, BE) |
| 13:35 – 13:40 |
![]() Approval of minutes and status of action items Lionel Ferette (Belnet CERT, BE) |
| 13:40 – 13:55 |
![]() Jumper CSIRT presentation Han van Thoor (Jumper, IE) |
| 13:55 – 14:10 |
![]() CERT-LT presentation Rytis Rainys (CERT-LT, LT) |
| 14:10 – 14:15 |
![]() Establishment of Croatian National CERT Darko Perhoc (CARNet, HR) |
| 14:15 – 15:00 |
![]() Grid Security Romain Wartel (CERN, CH) |
| 15:00 – 15:30 | Coffee Break |
| 15:30 – 15:45 |
![]() Report on TF-CSIRT delegation to Russia Gorazd Božic (ARNES, SI) |
| 15:45 – 16:00 |
![]() GN2 JRA2 update Claudio Allocchio (GARR, IT) |
| 16:00 – 16:15 |
![]() Report on Norwegian TRANSITS courses Øyvind Eilertsen (Uninett CERT, NO) |
| 16:15 – 16:30 |
![]() TRANSITS update Don Stikvoort (S-CURE, NL) |
| 16:30 – 16:45 |
![]() Update on ISO 27035 Pascal Steichen (CIRCL, LU) |
| 16:45 – 17:00 |
![]() Progressing TF-CSIRT work items Lionel Ferette (BE) |

| TF-CSIRT/FIRST Seminar | |
|---|---|
| 08:00 – 16:00 | Registration |
| 09:00 – 09:30 |
![]() FIRST Updates Derrick Scholl (FIRST Chair, US) |
| 09:30 – 10:00 |
![]() Feasability Study of DoS attack with P2P System Masato Terada (IPA, JP) |
| 10:00 – 10:30 |
![]() A Quantitative Cross Comparative Analysis of Tools for Anomaly Detection Maurizio Molina (EU) |
| 10:30 – 11:00 | Coffee Break |
| 11:00 – 11:30 |
Whitelist implementation for DNS servers Francisco. Monserrat (IRIS-CERT — RedIRIS) |
| 11:30 – 12:00 |
![]() European Commission policy initiative on CIIP and the role of governmental/national CERTs Andrea Servida (EU) |
| 12:00 – 12:30 |
![]() Overview on the Evolution of the Exploitation and Command & Control Kits Marc Vilanova (e-la Caixa CSIRT, ES) |
| 12:30 – 13:30 | Lunch |
| 13:30 – 13:45 |
![]() Team Update - DK-CERT Presentation DK-CERT, INTECO and new FIRST member teams - 15min. Per team, Shehzad Ahmed (DK-CERT, DK) |
| 13:45 – 14:00 |
![]() Team Update - INTECO Presentation Jorge Chinea López (INTECO, ES) |
| 14:00 – 14:15 |
![]() Team Update - CERT-GE Presentation David Tabatadze (CERT-GE, GE) |
| 14:15 – 14:30 |
![]() Team Update - e-la Caixa CSIRT Presentation Jordi Aguilà (e-la Caixa CSIRT, ES) |
| 14:30 – 15:00 |
![]() ![]() Incident Management Case study: McColo Kauto Huopio (CERT-FI, FI) , Scott McIntyre (KPN-CERT, NL) |
| 15:00 – 15:30 | Coffee Break |
| 15:30 – 16:00 |
![]() RTIR Developments Carlos Fuentes (IRIS-CERT, ES) |
| 16:00 – 17:00 |
![]() Future of RTIR/AIRT Don Stikvoort (S-CURE, NL) |
| 17:00 – 17:30 |
![]() Analyzing Malware with a dead Angle: PRG vs Torpig CERT LEXSI (FR) |

| FIRST Symposium Hands On Classes | |
|---|---|
| 08:00 – 16:00 | Registration |
| 09:00 – 10:30 |
![]() Pcap trace analysis of web client side attacks (Group 1) Przemyslaw Jaroszewski (CERT Polska, PL) , Rafal Tarlowski (CERT Polska, PL) , Tomasz Grudziecki (CERT Polska, PL) |
| 10:30 – 11:00 | Coffee Break |
| 11:00 – 12:30 |
![]() Pcap trace analysis of web client side attacks (Group 1) Przemyslaw Jaroszewski (CERT Polska, PL) , Rafal Tarlowski (CERT Polska, PL) , Tomasz Grudziecki (CERT Polska, PL) |
| 12:30 – 13:30 | Lunch |
| 13:30 – 15:00 |
![]() Pcap trace analysis of web client side attacks (Group 2) Przemyslaw Jaroszewski (CERT Polska, PL) , Rafal Tarlowski (CERT Polska, PL) , Tomasz Grudziecki (CERT Polska, PL) |
| 15:00 – 15:30 | Coffee Break |
| 15:30 – 17:00 |
![]() Pcap trace analysis of web client side attacks (Group 2) Przemyslaw Jaroszewski (CERT Polska, PL) , Rafal Tarlowski (CERT Polska, PL) , Tomasz Grudziecki (CERT Polska, PL) |
| Session | Room |
|---|---|
| Conference Registration Area | Lobby of the Institute of Mathematics and Computer Science. Address: Raina bulvaris 29 |
| Trusted Introducer Meeting/TF-CSIRT Meeting | Room 302 - Central Hall |
| Handson Class I | Room 302 - Ce |
| Social Event | Restaurant Kaļķu vārti. Address: 11a Kaļķu iela |
| Lunch | Cafeteria Banquet Room on the basement floor of the Central Building of the University of Latvia. Address: Raina bulvaris 19 |