Additional Programming

Sunday, 24 June

FIRST Training

FIRST is offering training courses on Sunday, 24 June. They require an additional registration, free of charge to the conference participants in the link below:

Register to FIRST Training

Sunday, June 24th

Johor 1+4
Lower Lobby floor
Johor 2+5
Lower Lobby floor
Johor 3+6
Lower Lobby floor
Perak
09:00 – 10:30

Forensics

Alex Harmon, Lucine Wang (Microsoft)

Malware Reverse Engineering

Stefan Sellmer (Microsoft)

MISP/TheHive

Steve Clement and Raphaël Vinot (Circl.lu), Saâd Kadhi (TheHive)

10:30 – 10:45

Break

10:45 – 12:30

DDoS Train the Trainer

11:00 – 12:30

Forensics

Alex Harmon, Lucine Wang (Microsoft)

Malware Reverse Engineering

Stefan Sellmer (Microsoft)

MISP/TheHive

Steve Clement and Raphaël Vinot (Circl.lu), Saâd Kadhi (TheHive)

12:30 – 13:30

Lunch

13:30 – 15:30

Forensics

Alex Harmon, Lucine Wang (Microsoft)

Malware Reverse Engineering

Stefan Sellmer (Microsoft)

Mitigating DDoS Attacks

Krassimir Tzvetanov (Fastly)

MISP/TheHive

Steve Clement and Raphaël Vinot (Circl.lu), Saâd Kadhi (TheHive)

15:30 – 15:45

Break

15:45 – 18:00

Forensics

Alex Harmon, Lucine Wang (Microsoft)

Malware Reverse Engineering

Stefan Sellmer (Microsoft)

Mitigating DDoS Attacks

Krassimir Tzvetanov (Fastly)

MISP/TheHive

Steve Clement and Raphaël Vinot (Circl.lu), Saâd Kadhi (TheHive)

Register to FIRST Training

Hackathon

On Sunday, 24 June FIRST will host an all-day Hackathon. FIRST will provide a room where interested participants can work in smaller groups and have the ability to collaborate with other conference attendees toward a common goal. The event will be moderated and FIRST will provide the project topics and wireless internet access, in addition to refreshments, so participants can focus on the most important thing - finishing their project.

Please purpose projects or ideas you want to work on by 25 May. We will announce the program under www.first.org/hackathon . Please submit your ideas to first-hackathon@first.org.

FIRST & AWS 2018 Security Jam!

AWS Security Jam!

Join us for an afternoon of fun challenges with an IR twist. We will provide the beat and the incident response scenarios where you can learn new skills and practice current ones against a set of simulated security incidents. Can you identify what caused the blues? What would you do differently? How can you architect multiple AWS services to prevent it from happening again? How do you automate the incident response? Take part in our jam to find out!

As the challenges develop, you will take the initial infrastructure, and challenge by challenge, improve it into a resilient and secure deployment. Use your knowledge of AWS services and information security to perform incident response in the cloud and forensic analysis to find out whodunit! We will have a number of experienced AWS experts in the room that will be available to discuss ideas, provide guidance and in general help your team get through any roadblocks that pop up. New to AWS? New to security? Come and join us! Our activities are structured to accommodate AWS users of all levels. We have AWS experts, plus guided exercises, that will ramp up your security knowledge. We will form team on the spot, provide 10 challenges to tackle. You score the points by solving and get some cool swag for all participants and a special prize for the winning team!

Register to Security Jam!

Friday-Saturday, June 29-30th

NatCSIRT Meeting 2018

13th Annual Technical Meeting for CSIRTs with National Responsibility

Is your organization responsible for protecting the security of nations, economies, and critical infrastructures? If so, attend NatCSIRT 2018 to discuss with your peers the unique challenges you face every day. You will drive discussions that focus on current issues, tools, and methods relevant to the National CSIRT community. This year's meeting is co-located with the 30th Annual FIRST Conference in Kuala Lumpur. This meeting is by invitation only and more details can be found at http://www.cert.org/natcsirt/.

GFCE Working Group - Cyber Incident Management and Critical Information Protection

The GFCE Working Group - Cyber Incident Management and Critical Information Protection - will have a meeting (invitation-only) from 2-5pm on Sunday June 24th at the 30th Annual FIRST Conference. The GFCE Working Group meeting will focus on how to effectively respond to the needs and expertise available on the theme 'Cyber Incident Management and Critical Information Protection' in order to encourage the multistakeholder dialogue on the implementation of cyber capacity building in line with the Delhi Communiqué.

Participation at this meeting is by invitation only. Inquiries should be directed to contact@thegfce.com.

Monday-Friday, June 25-29th

Birds of a Feather (BoFs)

Bird of a Feather Sessions, activities primarily focus on meetings which take place at the conference based on the interest of a number of members. They are not necessarily intended to lead to year round work.

BoF sessions are scheduled to take place during before conference sessions begin (8-9am) or following the final session of the day. We will have an up-to-date-schedule and bulletin board near the registration desk onsite. Attendees are welcome to request a BoF in advance by emailing first-sec@first.org or by adding their own BoFs to the bulletin board onsite (rooms are assigned based on first come, first served - and room assignment space is limited. A Schedule of BoFs will be posted once confirmed.

Monday, June 25th

MelakaJohor 2+5
17:30 – 18:30

CERT Team Insights

Johan Berggren, Google

ATT&CK

Richard Struse, Mitre

Tuesday, June 26th

Johor 3+6
13:00 – 13:45

Membership Information Session for Applying Teams

Alexander Jäger and the FIRST Membership Committee

Wednesday, June 27th

MelakaJohor 3+6Johor 2+5
16:00 – 17:00

GDPR

Jonathan Matkowsky, RiskIQ

Levelling the playing field - Taking the opportunity away from the Treat actor

Lari Huttunen, Deployment Specialist Arctic Security

17:00 – 18:00

Vulnerability Prioritization

Art Manion

Devising an Exploratory Cyber Exercise

Luc Dandurand

National sectoral healthcare CERTs and cooperation with manufacturers

Jasper Hupkens

18:00 – 19:00

Taxonomies and Ontologies in Threat Intelligence and Incidence Response

Morton Swimmer

Thursday, June 28th

Johor 2+5
18:00 – 19:00

IHAP - Abuse Information Exchange at Country Level (starts after the AGM)

Aaron Kaplan and Martijn van der Heide

Wednesday, 27 June

PGP Key Signing

Get your PGP Key signed to increase trust!
Wednesday, June 27th from 10:45 to 11:15 (at Registration desk).
Thursday, June 28th(at AGM).

Alexander Jaeger (FIRST)

Why?

PGP is one of the foundations of the security community, and to rely on PGP there needs to be trust in the PGP keys. The trust is made by signatures and validation of identity. FIRST facilitates this community effort by hosting PGP Key signing events.

We will have at least two PGP Key signing events - listen to the opening remarks or a remark at registration desk for changes in regards time / date.

In the past we did not sign team keys and we do not plan to change that.

Preparation before the conference

For those who haven’t participated in the past years it will go like to following:

  1. Upload your Public PGP key to the link below
  2. Check if your key is really uploaded (if not let me know early enough via mail, we will print the keys at the morning of the signing party)

Hint: Please do not upload your key an hour before the key signing, as I might be printing out the keyring a few hours earlier.

Upload your public key!

Preparation for the signing party at the conference

  1. Show up at the signing party like usual with a password / ID (most people will not sign without you providing such an ID)
  2. Participate the Signing party
  3. Get a copy of the printed keyring (I will provide n+20 where n is the number of keys on the keyring)
  4. Sign the keys of others by checking their identity
  5. Get your key signed by others by showing your ID / passport to the people

After the signing party / conference

8 Sign the keys with your PGP key

  1. send the signed person the signed key with your signature
  2. Feel good — you increased the PGP web of trust

There is a good documentation about PGP Key signing parties: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html

Issues with biglumber?

People who wish to participate should email an ASCII extract of their PGP public key to keysigning@alexanderjaeger.de by noon on Monday, June 25, 2018. Please include a subject line of "FIRST PGP KEY", and please avoid MIME-encrypting your e-mail. (I will be running the entire mail folder file through PGP, and PGP-keys that are base-64 encoded will get ignored unless I take manual action to fix things. I will try do the manual fixup, but I make no guarantees about catching all of them.)