Program at a Glance

Coming soon!

Monday, 22 June

Place du Canada
Plenary / Breakout 1
Av. Laurier
Plenary / Breakout 2
Av. Viger
Breakout 3
Av.Duluth
Workshop
Av. Van-Horne
Workshop
09:15 – 09:45

Welcome Remarks

10:00 – 10:45

Keynote: Tracking Targeted Digital Threats A View from the Citizen Lab

Ron Deibert (Citzen Lab)

11:00 – 11:15

Break

11:30 – 12:00
 AT LU

Who Tracks the Trackers?

Aaron Kaplan (CERT.at, AT); Raphael Vinot (CIRCL.lu, LU)

 CA

Make Command & Control Communications Stealthy Again

Matthieu Faou (ESET, CA)

TDB

 LU

MISP General Usage Training

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

11:30 – 12:45

 CA

SYSMON 10 – Updated Capabilities for Incident Response and Threat Hunting

Peter Morin (PwC, CA)

11:30 – 12:45

12:15 – 12:45
 UM

Doing More with Less: Detecting Malicious Activity through Responsible and Privacy-Preserving AI

Anna Bertiger, Holly Stewart, Sharada Acharya (Microsoft, UM)

 UM

Off Label Use of DNS- Is DNS Providing Domain Name Service Only?

Chase Cotton, Fatema Bannat Wala (University of Delaware, UM)

 IN DE

Product Security: Education and Prevention through Root Cause Analysis in Secure Software Development Lifecycle

Shipra Aggarwal (SAP Product Security Response Team, IN); Stuart Short (SAP Product Security Response Team, DE)

13:00 – 14:15

Lunch

14:30 – 15:00
 FR CZ

Cyberespionage: Targeted Attacks Abusing Third-Party Cloud Services

Daniel Lunghi (Trend Micro, FR); Jaromir Horejsi (Trend Micro, CZ)

 FR

Cyber Rating Companies: Field Experience

Vincent Le Toux (VINCI, FR)

 DE

CiviCERT - Joining Forces to Defend Civil Society Worldwide

Hassen Selmi (Access Now Digital Security Helpline, DE)

 LU

MISP General Usage Training

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

14:30 – 15:45

 UM AU

Threat Hunting and Investigating WMI and PowerShell Attacks

Chad Tilbury (SANS Institute, UM); Josh Lemon (Salesforce & SANS Institute, AU)

14:30 – 15:45

15:15 – 15:45
 UM

Click2Gov or Click2Breach - NeverEnding Story About WebLogic Vulnerabilities Leading to Data Breaches At Local Governments

Inga Goddijn, Jake Kouns (Risk Based Security, UM)

 ZA

BOOM! Now What???

Jaco Cloete (Nedbank Ltd, ZA)

 NL UM

EthicsFIRST: Considering Ethics for Incident Response and Security Teams

Jeroen van der Ham (NCSC-NL, NL); Shawn Richardson (NVIDIA, UM)

16:00 – 16:15

Break

16:30 – 17:00
 UM

Physical Consequences from Cyber Attack: CISA’s Hands-On Experience and Insights

Brandon Grimes, Derek Meyer (CISA, UM)

 HU

The Nightmare of Tracking Open-Source Malware: Five Years of Ursnif

Tamas Boczan (VMRay, HU)

 UM

72 hours and a Class of Action. Data Breach Legislative Finish Line Keeps Moving: Actionable Steps to Operationalize Incident Response Plan.

Anjali Gugle (Cisco Systems, UM)

 LU

MISP General Usage Training

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

16:30 – 17:45

 UM AU

Threat Hunting and Investigating WMI and PowerShell Attacks

Chad Tilbury (SANS Institute, UM); Josh Lemon (Salesforce & SANS Institute, AU)

16:30 – 17:45

17:15 – 17:45
 KZ

Targeted Attacks in Kazakhstan: An Attempt to Thieve All They Can Steal!

Oleg Bil (State Technical Service (host company for KZ-CERT), KZ)

 UM

Incident Prevention through Influencing the Human

Brooke Pearson, Merisa Lee (Uber, UM)

 LT

Blueprints of Hierarchical CSIRT Structures

Vilius Benetis (NRD Cyber Security, LT)

Tuesday, 23 June

Place du Canada
Plenary / Breakout 1
Av. Laurier
Plenary / Breakout 2
Av. Viger
Breakout 3
Av.Duluth
Workshop
Av. Van-Horne
Workshop
09:15 – 09:30

Opening Remarks

09:30 – 10:15

Keynote: Project Zero's Disclosure Philosophy

Ben Hawkes (Google)

10:30 – 10:45

Break

11:00 – 11:30
 UM

Defending the Community Through Trusted Sharing

Denise Anderson (H-ISAC and National Council of ISACs, UM); Scott Algeier (IT-ISAC and ICASI, UM)

 UM

All Your IPv4 are Block to Us

Aashish Sharma (LBNL, UM); Craig Leres, Jay Krous (Lawrence Berkeley National Lab, UM)

 UM JP

Bridging the Gap on SBOM: Collaborating for Software Component Transparency

Allan Friedman (NTIA / US Department of Commerce, UM); Tomo Ito (JPCERT/CC, JP)

 LU

MISP Training - Hands-On Workshop for Analysts and MISP Users

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

11:00 – 12:15

 UM

Building a Successful Abuse Desk

Severin Walker (M3AAWG, UM)

11:00 – 12:15

11:45 – 12:15
 JP

Gear Up Regional CSIRT Community for More Robust Global Collaboration

Yukako Uchida (JPCERT/CC, JP)

 UM

What's Running on My Hosts? Process Identification Through Network Traffic Monitoring

Adam Weller, Brandon Enright, David McGrew (Cisco, UM)

 UM IE

Gnosis - A Story about Staying on Top of OSS/TP and Product Releases

Christopher McCown (VMware, UM); Emer O'Neill, Ken Moussat (VMware, IE)

12:30 – 13:45

Lunch

14:00 – 14:30
 AU

Automated Digital Evidence Collection and Processing within Amazon Web Services

Naresh Madhavan (Salesforce.com, AU)

 NL

How to Detect That Your Domains are Being Abused for Phishing by Using DNS

Arnold Holzel (Simple Management Technologies, NL); Karl Lovink (Dutch Tax and Customs Administration, NL)

 CH

Scaling Vulnerability Coordination

Francis Perron (Google, CH)

 LU

MISP Training - Hands-On Workshop for Analysts and MISP Users

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

14:00 – 15:15

 PL

Build Your Own Malware Analysis Pipeline Using New Open Source Tools

Jarosław Jedynak, Paweł Srokosz, Paweł Pawliński (CERT.PL / NASK, PL)

14:00 – 15:15

14:45 – 15:15
 BE

Container Security as a Threat Hunter

Emilien Le Jamtel (CERT-EU, BE)

 NO

Automation in Handling Real-Time Phishing Attacks

Michael Stensrud, Olga Troshkova, Raymond Lund (Nordic Financial CERT, NO)

 UM

Vulnerability Coordination: Building Better Products With The Help Of Researchers

Carsten Eiram (Risk Based Security, UM)

15:30 – 15:45

Break

16:00 – 16:30
 DK

The Inner Workings of Crime as a Service

Peter Kruse (CSIS Security Group, DK)

 NL

Observing your MANRS

Kevin Meynell (Internet Society, NL)

 CA

Software Security Initiative – The Basics and How to Measure Your Success

Eli Erlikhman (Synopsys, CA)

 LU

MISP Training - Hands-On Workshop for Analysts and MISP Users

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Andras Iklody (CIRCL, LU)

16:00 – 17:15

 PL

Build Your Own Malware Analysis Pipeline Using New Open Source Tools

Jarosław Jedynak, Paweł Srokosz, Paweł Pawliński (CERT.PL / NASK, PL)

16:00 – 17:15

16:45 – 17:15
 DE

What Makes a Successful Criminal Hoster

Vladimir Kropotov (Trend Micro, DE)

 DE

The Intelligent Process Lifecycle of Active Cyber Defenders

Desiree Sacher (Finanz Informatik, DE)

 UM

Not Everything is Black and White – Evolving Vulnerability Management to Focus on Risk

Lisa Bradley (Dell, UM)

17:30 – 19:30

Vendor Show Case

Wednesday, 24 June

Place du Canada
Plenary / Breakout 1
Av. Laurier
Plenary / Breakout 2
Av. Viger
Breakout 3
Av.Duluth
Workshop
Av. Van-Horne
Workshop
09:15 – 09:30

Opening Remarks

10:30 – 10:45

Break

11:00 – 11:30
 GB

Next Generation Security Analytics in near Real-Time on 250,000 Events per Second

Marko Jung (University of Oxford CERT (OxCERT), GB)

 LU BE

Colouring Outside the Lines

Andras Iklody (CIRCL, LU); Trey Darley (CERT.be, BE)

 CA

The Craft of Cyber-Resilience: Lessons from the Trenches

Benoit Dupont (University of Montreal, CA)

 JP

Developing Training Scenarios for TTX with Injection Matrix and TTX for Thread Information Sharing among CSIRTs

Yoshihiro Masuda (Fuji Xerox Co., Ltd., JP)

11:00 – 12:15

 LV

NAT Traversal And Firewall Evasion With Common Web Vulnerabilities

Andrew Konstantinov (CERT.LV, LV)

11:00 – 12:15

11:45 – 12:15
 UM DE

How to Improve and Accelerate Detection Rule Development using Continuous Integration and Continuous Delivery (CI/CD)

Jose Hernandez (Splunk, UM); Patrick Bareiß (Splunk, DE)

 MX

Threat Hype: Where Are Practitioners Sharing Threat Intelligence, and Why?

Alex Valdivia (ThreatConnect, MX)

 NO

CERT Capacity in the Petroleum Sector of the North Sea

Marie Moe (SINTEF, NO)

12:30 – 13:45

Lunch

14:00 – 14:30
 LU

Passive SSH, a Fast-Lookup Database of SSH Key Materials to Support Incident Response.

Alexandre Dulaunoy (CIRCL - Computer Incident Response Center Luxembourg, LU); Aurelien Thirion (CIRCL, LU)

 TW

Finding, Deobfuscating, and Hunting Malicious PowerShell Scripts

Meng-Han Tsai, Yu-Wei Yang (Taiwan National CERT, TW)

 US

New Age – New Rules

Maarten Van Horenbeeck (Zendesk, US); Sherif Hashem (SUNY Polytechnic Institute, US)

Lightning Talks

14:00 – 15:30

 LV

NAT Traversal And Firewall Evasion With Common Web Vulnerabilities

Andrew Konstantinov (CERT.LV, LV)

14:00 – 15:15

14:45 – 15:15
 UM

Pwning Password Complexity: Simple, Long-Lived Passphrases in the Real World

Seth Hanford (Proofpoint, UM)

 FR

ADTimeline - Threathunting with Active Directory Data

Leonard Savina (ANSSI, FR)

 DE

I2HOP: Canadian Maple Syrup, French Fries and German Sausages: Cyber Potluck Parties or Lessons Learned from Cross-Border Incident Handling

Letitia Kernschmidt, Michael Dwucet (BSI, DE)

15:30 – 15:45

Break

18:30 – 22:00

Thursday, 25 June

Place du Canada
Plenary / Breakout 1
Av. Laurier
Plenary / Breakout 2
Av. Viger
Breakout 3
Av.Duluth
Workshop
Av. Van-Horne
Workshop
09:15 – 09:45
 US

Deploying DNS over HTTPS Without Confrontation

Dr. Paul Vixie (Farsight Security, US)

 JP

Where Human and System Defenders Share - Seamless CTI Sharing and Utilization

Koji Yamada, Ryusuke Masuoka, Toshitaka Satomi (Fujitsu System Integration Laboratories, JP)

 UM

Why a Cybersecurity Crisis Management Plan is Vital to an Organization's Survival

Michael Barcomb (IBM X-Force, UM)

 CA

Using ATT&CK & osquery Analytics to Inform Incident Response and Threat Hunting

Guillaume Ross (Uptycs, CA)

09:15 – 10:30

 NL PL FR

SIM3 Maturity Model: How to Use in Real Life to Build and Improve Your CSIRT

Don Stikvoort (Open CSIRT Foundation, NL); Miroslaw Maj (Open CSIRT Foundation, PL); Olivier Caleff (Open CSIRT Foundation, FR)

09:15 – 10:30

10:00 – 10:30
 UM

On the Sovereignty and Resiliency of the Internet Among Nations

Dhia Mahjoub, Matt Foley, Thomas Mathew (Cisco Umbrella (OpenDNS), UM)

 LU

Design of a Flexible Model for Indicators Life-Cycle Management

Sami Mokaddem (CIRCL, LU)

 NO

Non-Realistic Exercises Only Renders You Good at Exercising

Margrete Raaum (KraftCERT, NO)

10:45 – 11:00

Break

11:15 – 11:45
 JP

More About HYDSEVEN Adversary and Cryptocurrency

Yoshihiro Ishikawa (LAC Co., Ltd, JP)

 NO

TIP of the Iceberg: Lessons Learned from Building a Threat Intelligence Platform

Dr. Martin Eian (mnemonic, NO)

 UM

Scan, Analyze and Test! DATA, OH MY! How to Get Over the Results Rainbow.

Dnyanada Annachhatre, Jessica Butler (NVIDIA, UM)

 CA

Using ATT&CK & osquery Analytics to Inform Incident Response and Threat Hunting

Guillaume Ross (Uptycs, CA)

11:15 – 12:30

 NL PL FR

SIM3 Maturity Model: How to Use in Real Life to Build and Improve Your CSIRT

Don Stikvoort (Open CSIRT Foundation, NL); Miroslaw Maj (Open CSIRT Foundation, PL); Olivier Caleff (Open CSIRT Foundation, FR)

11:15 – 12:30

12:00 – 12:00
 SG

Has EDR Made Host Forensics Artifact Analysis Obsolete? How to Combine them Effectively for Investigations

Yu Kai Tan (VMware, SG)

12:00 – 12:30

 TW

Building ML-based Threat Hunting System from Scratch

Chung Kuan Chen (CyCraft Technology, TW)

12:00 – 12:30

 UM

Incidents Don't Matter: Using Threat Intelligence and Deep Data Analysis to Accomplish Real Change

Mechele Gruhn (Microsoft, UM)

12:45 – 14:00

Lunch

14:15 – 14:45

AGM Registration

Setup for National CSIRT

15:00 – 17:15

Friday, 26 June

Place du Canada
Plenary / Breakout 1
Av. Laurier
Plenary / Breakout 2
Av. Viger
Breakout 3
Av.Duluth
Workshop
09:15 – 09:45
 CN

Data Anomaly Driven Web Threat Hunting

Yang Xu (QIHOO 360, CN)

 UM

Mobile Devices, OS and Applications - The New Attack Vector - What You Need to Know?

Anshu Gupta (Varo Money, UM)

 UM

Building Your Team of Teams: Applying Military Operational and Organizational Methodologies to Defend Large-Scale Enterprises

Nicholas Liu (Air Force Computer Emergency Response Team, UM)

Setup for National CSIRT

09:15 – 10:30

10:00 – 10:30
 PH

The Phish Pandemonium: The Value of Machine Learning to Extract Insights from Phishing URLs

Christopher Talampas, Joy Nathalie Avelino, Karla Agregado (Trend Micro Incorporated, PH)

 TW JP

First Step in the Quest for Manufacturing Cyber-Resilient IoT Devices

Chieh-Fang Lai (Panasonic corporation, TW); Satoru Higuchi (Panasonic corporation, JP)

 UM

Reservist Model: Distributed Approach to Scaling Incident Response

Swathi Joshi (Netflix, UM)

10:45 – 11:00

Break

11:15 – 12:00

Keynote: Kathleen Moriarty

Kathleen Moriarty (IETF)

12:15 – 13:00

Closing Remarks

13:00 – 13:45

Lunch

14:00 – 14:45

National CSIRT