35th Annual FIRST Conference | Empowering Communities

BoFs & Scheduled Side Meetings

Schedule is subject to change. Please be sure to refer to the conference mobile app during conference week for the latest and most accurate times.

Monday, June 5th

Mansfield
2nd Floor
11:15 – 12:15
 SE

BoF | USB Malware, the Old but New

Nicklas Keijser (Truesec CSIRT, SE)

TLP:CLEAR
14:45 – 15:45
 US

BoF | What Comes After TLP?

Tom Millar (CISA, US)

TLP:CLEAR

Tuesday, June 6th

Mansfield
2nd Floor
09:30 – 10:30

BoF | How to Create a Secure Programming Culture Among Engineering Teams

Dr. Pedram Hayati

TLP:CLEAR
11:20 – 12:20
 SG

BoF | Law Enforcement-CSIRT Cooperation Special Interest Group Proposal

Pei Ling Lee (INTERPOL, SG)

TLP:CLEAR

Wednesday, June 7th

Mansfield
2nd Floor
Sherbrooke
2nd Floor
Diese
3rd Floor
11:15 – 12:15

SIM3 Auditors Meeting

12:00 – 12:35
 AT

BoF | LLMs and Cyber

Aaron Kaplan (European Commission, AT)

TLP:CLEAR
12:35 – 14:00

FIRSTCON24 Lunch and Learn: Volunteering for the Program Committee

TLP:CLEAR
13:00 – 14:00

FIRST Membership Committee Meeting

Thursday, June 8th

Mansfield
2nd Floor
St. Denis
2nd Floor
08:00 – 09:00

GFCE Working Group Meeting (closed)

09:30 – 10:30
 PT

BoF | NETSEC: Basics & Discussing LoA

Carlos Friacas (RCTS CERT, PT)

TLP:CLEAR
  • TLP:CLEAR

    BoF | How to Create a Secure Programming Culture Among Engineering Teams

    Getting security in the code is at the core of 4Cs of security (Code, Container, Cloud and Cluster). There are vast number of security vulnerabilities that can be only fixed with the code. Build a usable software is far from making the software secure. Therefore, we need active involvement from the software engineers to build a secure program from the ground up. This is a two-way presentation where we cover:

    • The hard problems in getting developers in writing secure program
    • Wrong approaches (e.g. tool driven, top-down) that will not make the shift toward secure programming
    • Teaching developers how to exploit a vulnerabilities vs teaching them how best to fix it
    • Approaches that can organically engage developers into secure programming
    • Discussion

    June 6, 2023 09:30-10:30

  •  ATTLP:CLEAR

    BoF | LLMs and Cyber

    This is a first time get together (BoF) for all practitioners working with Large Language Models (LLMs), Deep Learning and IT Security. While the end of 2022 showed great advances in generative AI, the early months in 2023 demonstrated that the open source community massively picked up on this trend and started to engage in creating open source, off-line (on-prem) LLMs [1]. This is especially practical if you need to keep incident data or CTI feeds private and not send them to a public API such as GPT4. But are we on-par yet with ChatGPT? Experiences, lessons learned etc.

    This BoF tries to bring together people exploring LLMs for CTI and more generally for incident response, detection and - prevention. What works for you? What did not work?

    The BoF will have a short demo presentation on running your own LLM locally, followed by a round of sharing of experiences and deciding on the next steps of the BoF (how to continue this discussion).

    [1] https://www.semianalysis.com/p/google-we-have-no-moat-and-neither

    Aaron Kaplan: Aaron has been working at the national CERT of Austria between 2008 and 2020, he has a background in maths and computer science. Since 2020 he works for EC-DIGIT-CSIRC, the IT security team of the European Commission. He is the co-founder of intelmq.org, a tool for automating the typical tasks of IT security teams. Aaron is a regular speaker at IT security conferences such as FIRST, hack.lu, Blackhat, CCC. He also had the honor to serve as a FIRST board of director between 2014 and 2018 where he initialized multiple infrastructure projects such as misp.first.org. He believes in using automation, open source and machine learning for improving the lives of DFIR folks. In fact, he believes that without those tools, we won't be fast enough to keep up with attackers.

    June 7, 2023 12:00-12:35

  •  SETLP:CLEAR

    BoF | USB Malware, the Old but New

    I work at Truesec as a Threat Research Analyst were my role is to reverse engineer malware that we find in our SOC and we find in our incident response engagement. Before joining Truesec I worked the national CSIRT, CERT-SE, as a CSIRT Officer.

    The last year we have seen an increase in malware distributed by USB, at Truesec we have now +100 cases of Raspberry Robin and a few cases of PlugX that utilize USB as the payload carrier but also can exfiltrate data that is air-gapped. In this presentation I would like to show the findings we have done and share insights but also to discuss with other practitioners what they have discovered and how we can help each other in detecting and stopping malware distributed by USB drives.

    June 5, 2023 11:15-12:15

  •  USTLP:CLEAR

    BoF | What Comes After TLP?

    This BoF Session will provide attendees with an opportunity to discuss the issues raised in the "UMQ? What Comes After TLP" presentation to be delivered by Tom Millar (CISA) on Monday of the conference. The goal is to discover whether attendees are interested in establishing a new SIG (or augmenting an existing SIG) to advance information sharing beyond the limitations of TLP, IEP, etc.

    June 5, 2023 14:45-15:45