Papers & Presentations

FIRST organizes and participates in many events per year, and lots of papers and presentations offered. Annual Conferences presentations are available to the public 6 months later, while Technical Colloquia presentations and papers are restricted to members only.

FIRST Members may view all the Technical Colloquia presentations when SIGN-IN above.

  • 2014 FIRST Symposium, Tbilisi

    October 14–16, 2014 — Tbilisi, Georgia

    • CERT-GOV-GE
    • Defense of your Energy sector through good incident response
    • Presentation by the Ukrainian National CERT
    • Shadowserver Report Processing and Analysing System
    • Snake aka Uroburos - The Big Picture
  • FIRST TC - Incident Response in the Healthcare Sector

    August 18, 2014 — San Diego, United States

    • iOS Security for Incident Responders
    • Vulnerability Management
    • Welcome Remarks/FIRST Overview
  • 26th Annual FIRST Conference on Computer Security Incident Handling

    June 22–27, 2014 — Boston, United States

    • A Forensic Analysis of APT Lateral Movement in Windows Environment
    • A Survey of Vulnerability Markets
    • At the Speed of Data: Automating Threat Information to Improve Incident Response
    • Attacks Using Malicious Hangul Word Processor(HWP) Documents
    • Avoiding Information Overload: Automated Data Processing with n6
    • Back to the Roots - Incident Case Study
    • Bitcoin for the Incident Responder
    • Common Vulnerability Scoring System v3
    • Credential Honeytoken for Tracking Web-based Attack Cycle
    • Cyber Security for Board of Directors and Senior Management
    • Cyber Threats Targeting High Level Individuals: Is Your Organization Prepared?
    • Cyber-EXE Polska 2013. Cyber Exercises for Banking Sector - the CERT Role.
    • Developing Cybersecurity Risk Indicators - Metrics (panel)
    • Don’t Panic! Case studies of Incident Response from the Field
    • Enabling Cross-Organizational Threat Sharing through Dynamic, Flexible Transform
    • Enterprise Security Monitoring: Comprehensive Intel-Driven Detection
    • Everyday Cryptography
    • Exfiltration Framework (ExF)
    • First Step Guide for Building Cyber Threat Intelligence Team
    • Identifying the 'Root' Causes of Propagation in Submitted Incident Reports
    • Incident Response Coordination on a Global Scale: Your Assistance is Requested...
    • Investigator of Interest – Our Philosophy of Adaptive Incident Response to Turn the Tables During an Investigation
    • Looking Back at Three Years of Targeted Attacks: Lessons Learned on the Attackers’ Behaviors and Victims’ Profiles
    • Malware\Host Analysis for Level 1 Analysts
    • Managing Your Managed Security Service Provider: Improve Your Security Posture
    • Merovingio: Mislead the Malware
    • National-level Collaborative Multi-Lateral Defensive Framework based on Big Data Analytics Paradigm
    • Network Security Analytics Today
    • Open DNS Resolver Check Site
    • Open Source Software Environment Security Issues
    • Operational CyberThreat Intelligence: 3 Years of IOC Processing at EMC.
    • Our Turbine Got Hacked! - Performing Forensic Investigations of Industrial Control Systems
    • Pass-the-Hash: Gaining Root Access to Your Network
    • pBot botnets: An Overview
    • Playing Hide and Seek with Rootkits in OS X Memory
    • Preparing for the Inevitable Zeroday or What Makes Networks Defendable?
    • Processing Intelligence Feeds with Open Source Software
    • Protecting the Computer from Ring 0 – A New Concept in Improving Incident Response
    • Rogue Pharma in .CO: The 33DRUGS.CO Case
    • Scaling Threat Intelligence Practices with Automation
    • Securing National Segment of the Internet from Cyber-Threats. CERT-UA's Practical Approach
    • Security Operations, Engineering, and Intelligence Integration Through the Power of Graph(DB)!
    • The Art of Sinkholing
    • The Dutch Responsible Disclosure Policy
    • The MANTIS Framework: Cyber Threat Intelligence Management for CERTs
    • Transparency and Information Sharing in Digital Forensics
    • Two-tiered, Multi-team Assessment of CSIRTs
    • Understanding Cyber Security Incident Response Teams as Multiteam Systems
    • Use of Passive DNS Databases in Incident Response and Forensics
    • Using Anthropology to Study Security Incident Respons
    • YARA: Advanced Topics
  • Amsterdam 2014 FIRST Technical Colloquium

    April 07–08, 2014 — Amsterdam, Netherlands

    • Beyond 400 Gbps: Abusing NTP and Other Protocols for DDoS
    • The Internet of Everything (Compromised)
  • FIRST Energy Symposium

    October 28–29, 2013 — Leesburg, Virginia, United States

    • (ISC)² Breakout - Half Day: Forensics
    • Changes in the Threat Landscape and the Potential Impacts to Incident Response Activities
    • iOS Security for Incident Responders
    • PACS-WG: Lessons Learned and Future Work in the Energy Sector
  • Amsterdam 2013 FIRST Technical Colloquium

    April 02–03, 2013 — Amsterdam, Netherlands

    • CVSS v3 Preview
    • Overview of Cuckoo Sandbox
    • Re-writing the CSIRT Playbook
  • 2012 FIRST Symposium, São Paulo

    March 27–30, 2012 — São Paulo, Brazil

    • CVSS
    • How to Communicate with your Government (Lessons from Japan)
    • Phishing and Trojan Banking cases affecting Brazil
    • Security incidents overview in Brazilian academic networks
    • The OWASP Top 10 Mobile Security Risks
  • 2010 FIRST Symposium, Hamburg

    January 25–27, 2010 — Hamburg, Germany

    • Building a CSIRT in an ITIL Driven Organization
    • CZ.NIC presentation
    • Delivering services in a user-focused way
    • Detecting and Analyzing Malicious PDF Files
    • DNS community efforts to enable Security Stability and Resiliency
    • GN3 Security Activities
    • Grid Security developments
    • Incident Response in a Collegiate University
    • Mass Malware Analysis: A Do-It-Yourself Kit
    • Security made in Luxembourg
    • Tales From the War Room
    • TRANSITS update
  • 2009 FIRST Symposium, Riga

    January 19–21, 2009 — Riga, Latvia

    • A Quantitative Cross Comparative Analysis of Tools for Anomaly Detection
    • Analyzing Malware with a dead Angle: PRG vs Torpig
    • Team Update - CERT-GE Presentation
    • Team Update - INTECO Presentation
  • January 2008 FIRST Technical Colloquium

    January 28–31, 2008 — Prague, Czech Republic

    • An evening in the life of a hacker
    • Building a simple & effective Walled Garden
    • Enriching security toolbox in Solaris with Netcat
    • FIRST Update
    • London Action Plan
    • RADARE: Easing binary analysis for fun and profit
    • Teams Update/Work in progress session
  • January 2006 FIRST Technical Colloquium

    January 23–26, 2006 — Amsterdam, Netherlands

    • A civil rights' perspective on data retention
    • An overview of the German Honeynet Project
    • Compulsory Data Retention: Issues for CSIRTs
    • CSIRT interactions with law enforcement and intelligence services
    • ENISA update
    • IRT object
    • NoAH project
    • NREN server certificate service
    • Presentation about Sender Policy Framework
    • Reporting Security Vulnerabilities: Defining Best Practices For Industry and Third Party Co-Ordinators
    • Solaris 10 security design considerations
    • SURFnet IDS - A distributed intrusion detection system
    • TRANSITS courses
    • Update on e-coat forum
    • Update on EC funded projects - GN2/JRA2 progress report
    • Update on RTIR working group
    • Update on Vulnerability and Exploit Description and Exchange Format WG
    • US Operational Security Exercise
    • WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats
    • Zero-day work detection
  • October 2005 FIRST Technical Colloquium

    October 01–07, 2005 — Buenos Aires, Argentina

    • An evening with Kha0s
    • Cisco PSIRT - Incident Management
    • Common Vulnerabilities Score Systems
    • Digital crimes under different perspectives
    • FIRST: Global Incident Handling
    • Forensics Discovery
    • Fraud and Phishing Scam Response Arrangements in Brazil
    • Honeypots for Security Operations
    • ICMP Attacks Against TCP
    • Incident Response and Early Warning Initiatives in Brazil
    • Incident Response in Latin America
    • Information Security Attack Trends
    • Latin-American Forensic challenge V.2: Conclusion
    • Recent Activity in Phishing Malware
    • Recycling IPv4 exploit for IPv6
    • Regional Initiatives in Incident Response
    • Taxonomy of Mexican Online Banking 2005: Threats and Mitigation
    • The SANS Internet Storm Center (ISC): A Collaborative Information Security Community
    • Trends in Internet Attack Technology and the Role of Artifact
    • Work in Progress Session
  • February 2000 FIRST Technical Colloquium

    February 07, 2000 — Den Haag, Netherlands

    • Auditing Windows NT 4.0
    • CERTs in Europe
    • Lies, Damned Lies, and Statistics
    • Practical Tool for checking on Windows NT security
    • Telecommunications fraud: Organized approaches to fight it.
    • TIPSI - A Trusted Introducer for European