Papers & Presentations

FIRST organizes and participates in many events per year, and lots of papers and presentations offered. Annual Conferences presentations are available to the public 6 months later, while Technical Colloquia presentations and papers are restricted to members only.

FIRST Members may view all the Technical Colloquia presentations when connected to the Members website.

  • 18th Annual FIRST Conference on Computer Security Incident Handling

    June 25–30, 2006 — Baltimore, Maryland, United States

    • A Distributed Intrusion Detection System Based on Passive Sensors
    • A Framework for Effective Alert Visualization
    • A Strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems
    • Automated Extraction of Threat Signatures from Network Flows
    • Behavioral Study of Bot Obedience using Causal Relationship Analysis
    • Botnets as Vehicle for Online Crime
    • Building and Deploying Billy Goat: a Worm-Detection System
    • CarmentiS - a German Early Warning Information System - Challenges and Approaches
    • CERT's Virtual Training Environment: A New Model for Security and Compliance Training
    • Counter-Forensic Tools: Analysis and Data Recovery
    • Designing and Developing an Application for Incident Response Teams
    • Design Your Network to Aid Forensic Investigation
    • Effectiveness of Proactive CSIRT Services
    • Evaluating CSIRT Operations
    • Honeypot Technology: Principles and Applications
    • If You Don't Know What You Don't Know
    • Maximizing the Benefits of Intrusion Prevention Systems: Effective Deployment Strategies
    • Netflow Tools NfSen and NFDUMP
    • Proposal of RSS Extension for Security Information Exchange
    • RAPIER - A 1st Responders Info Collection Tool
    • Reliably Determining the Outcome of Computer Network Attacks
    • Risk Analysis Methodology for New IT Service
    • Secure Coding in C and C++
    • The Impact of Honeynets for CSIRTs
    • The Network-Centric Incident Response and Forensics Imperative
    • The Survivability and Information Assurance (SIA) Curriculum
    • Threats of P2P file sharing software - a Japanese situation about "Winny"
    • Threats of P2P File Sharing Software - a Japanese Situation About "Winny"
    • Time Signatures to Detect Multi-headed Stealthy Attack Tools
    • VisFlowConnect-IP : A Link-Based Visualization of NetFlows for Security Monitoring
    • Worm Poisoning Technology and Application

  • 17th Annual FIRST Conference on Computer Security Incident Handling

    June 26–July 01, 2005 — Singapore, Singapore

    • A Common Vulnerability Scoring System
    • A Distributed Intrusion Alert System
    • A National Early Warning Capability Based on a Network of Distributed Honeypots
    • Artifact Analysis
    • Bridging the Gap Between Software Development and Incident Handling
    • Building a Logging Infrastructure
    • Computer Forensics as Part of a Security Incident Response Plan
    • Creating and Managing CSIRTs
    • Crisis communication and Media management in Security Incidence Response
    • CVE, CME, ... CMSI? Standardizing System Information
    • Defining the Rules of Trusted Computing: A Global Agenda
    • Dynamics of Incident Response
    • European CSIRT Update
    • EWIS in a Box
    • EWIS in a Box - or - How to build a National Early Warning Information System in 80 Days
    • Fighting Phishing site at the front line
    • FIRST 2005 Welcome
    • Getting Ahead: Integrating Development and Response for Improved Security
    • How to Reduce Incidents by Employing Pro-Active Preventions
    • IEEE 802.16 WiMax Security
    • Key Strategies for defeating crime online
    • Mitirating Rogue Access Points in Corporate Environments
    • Network Monitoring on Large Networks
    • New Security Features in Solaris 10 and DTrace
    • Passive DNS Replication
    • Pondering and Patrolling Network Perimeters
    • Proposal for the experimental environment for Network Worm infection
    • Risk Triage and Prototyping in Information Security Engagements
    • Risk Triage and Prototyping in Information Security (Powerpoint Slides)
    • Security Bulletin Publication at AusCERT using "EzESB"
    • Security Challenges on the Road Ahead
    • Sharing Incident Data; History, Perspective, and a View for the Future
    • SIRIOS, a Framework for CERTs
    • Strategies for Achieving Network Intelligence
    • TeamDefend Organizational and Inter-Organizational Cyber Defense Training
    • The Looming Privacy Rights Debacle: How Data Protection Law Will Shape Response Team Activities
    • Title: Pondering and Patrolling Network Perimeters
    • Trends in Malware Enabled Identity Theft
    • Vulnerabilities in Consumer Electronics -- DVD players, Cell phones attack : your system ??
    • Wireless Security

  • 16th Annual FIRST Conference on Computer Security Incident Handling

    June 13–18, 2004 — Budapest, Hungary

    • A Framework for Collection and Management of Intrusion Detection Data Sets
    • ARAKIS - An Early Warning and Attack Identification System
    • Creating and Managing Computer Security Incident Response Teams (CSIRTs)
    • Creating a Process Map for Incident Management
    • Critical Infrastructure Protection - a business view
    • Cyber Intelligence: Why a Business needs to set-up a Cyber Threat Analysis Unit
    • Defence in Depth: Protecting Against Zero-Day Attacks
    • Deploying new Wireless Standards in Corporate Environments
    • Fighting Internet diseases: DDoS, worms and miscreants
    • FIRST at WSIS: The Security in the emerging Information Society
    • From Incident response to Incident Response Management
    • Incident Response in the Research University
    • Inside Microsoft Security
    • Internet Threat Detection System Using Bayesian Estimation
    • Intrusion Prevention System for Databases: The Sandbox Approach
    • Network Monitoring and web portal site Project in AP region
    • Public Monitoring
    • Security Implications of IPv6
    • Seeing Vulnerability: The art, science, law, and politics of vulnerability discovery
    • TF-CSIRT Activity Update
    • The Common Announcement Interchange Format - CAIF
    • The CSIRT and Wireless Security Breaches: Specialized Methods, Tools, and Techniques for Proactive and Reactive Wireless LAN Incident Response
    • The Incident Response Team object in the RIPE database - the direct link from IP numbers to CSIRTs
    • UNIX and Linux based Rootkits Techniques and Countermeasures
    • Update the APCERT activities (Under the Regional Initiative Activities Update slot with TF-CSIRT)
    • What Went Wrong?
    • Workshop on Network Flow Analysis