Program Overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Jan 23-26, 2006.

Nevertheless, since this will be a joint event with TF-CSIRT - the European CSIRT regional initiative- there will be sessions open to TF-CSIRT members as well.

Monday, 23 January

17th TF-CSIRT Meeting
10:00 – 11:00

Meeting of TI-accredited CSIRTs

Closed meeting

11:00 – 11:30

Coffee break (sponsored by Cisco)

11:30 – 13:00

Meeting of TI-accredited CSIRTs

Closed meeting

13:00 – 14:00

Lunch

14:00 – 14:10

Welcome, Introductions and Apologies

14:10 – 14:25

Approval of Minutes and Status of Action Items

14:25 – 14:55
 GB DE

ENISA update

Andrew Cormack (GB); Marco Thorbrügge (ENISA, DE)

14:55 – 15:25
 GB

Compulsory Data Retention: Issues for CSIRTs

Andrew Cormack (GB)

15:25 – 16:00

Coffee break (sponsored by Cisco)

16:00 – 16:15
 NL

Update on e-coat forum

Don Stikvoort (S-CURE, NL)

16:15 – 16:25

Update on EC funded projects - GN2/JRA2 progress report

Jacques Schuurman (SURFnet-CERT)

16:25 – 16:35
 NL

TRANSITS courses

Karel Vietsch (NL)

16:35 – 16:50
 DE

IRT object

Wilfried Woeber (ACOnet-CERT, DE)

16:50 – 17:05

Update on RTIR working group

Carlos Fuentes

17:05 – 17:15
 GB

Update from the TTC

Andrew Cormack (GB)

17:15 – 17:20

Status of the ToR and other TF-CSIRT work items / deliverables

17:20 – 17:25

Date and venue of next meetings

17:25 – 17:30

Any other business

17:30 – 18:30

Meeting of TI Review Board

Closed meeting for TI staff and TI Review Board members only

19:30 – 19:30

RTIR Working Group Meeting

Closed meeting for CSIRTs participating in RTIR project only — in the TERENA's office

Tuesday, 24 January

TF-CSIRT and FIRST Seminar
09:30 – 09:45

SESSION 1

09:30 – 11:00

Welcome. Overview of programme. Logistic announcements

Gorazd Božič (SI-CERT)

09:45 – 10:15

NREN server certificate service

Jan Meijer (SURFnet-CERT)

10:15 – 10:30
 US JP

Presentation about FIRST

Mike Caudill (Cisco PSIRT, FIRST Chairman, US); Yurie Ito (JPCERT/CC, JP)

10:30 – 11:00
 PL

Presentation about Sender Policy Framework

Przemyslaw Jaroszewski (CERT POLSKA, PL)

11:00 – 11:30

Coffee break (sponsored by Cisco)

11:30 – 12:00

SESSION 2

11:30 – 13:00

 NL

SURFnet IDS - A distributed intrusion detection system

Rogier J.L. Spoor (SURFnet, NL)

12:00 – 12:45

Solaris 10 security design considerations

Casper Dik (Sun)

12:45 – 13:00

Update on Vulnerability and Exploit Description and Exchange Format WG

Ian Bryant, CSIA

13:00 – 14:00

Lunch

14:00 – 14:30

SESSION 3: HonetPots and worm detection

14:00 – 15:50

Zero-day work detection

Herbert Bos, VU, LOBSTER project

14:30 – 14:50
 DE

NoAH project

Klaus Möeller (DFN-CERT, DE)

14:50 – 15:20
 FR

WOMBAT: towards a Worldwide Observatory of Malicious Behaviors and Attack Threats

Fabien Pouget (CERTA — French Government, FR)

15:20 – 15:50
 NL

An overview of the German Honeynet Project

Thorsten Holz (NL)

15:50 – 16:20

Coffee break (sponsored by Cisco)

16:20 – 16:50
 NL

A civil rights' perspective on data retention

Sjoera Nas (Bits of Freedom, NL)

SESSION 4: Legal sessions

16:20 – 17:40

16:50 – 17:10

CSIRT interactions with law enforcement and intelligence services

Jacques Schuurman (SURFnet-CERT)

17:10 – 17:40
 US

Reporting Security Vulnerabilities: Defining Best Practices For Industry and Third Party Co-Ordinators

Tara Flanagan (Cisco Systems — Cisco Systems Ltd., US)

17:40 – 18:00
 US

US Operational Security Exercise

Charles Yun (Internet 2, US)

19:00 – 21:00

Social event

"Moeders Mooiste", Heinekenplein, Amsterdam

Wednesday, 25 January

FIRST Technical Colloquium – Hands-on Classes
09:00 – 11:00
 KR

Advanced Malicious Code Analysis: Microsoft COM

Yoojae Won (KrCERT/CC — Korea Information Security Agency, KR)

Bluetooth vulnerabilities

Mark Rowe, Tim Hurman (Pentest)

Botnet Malware Analysis

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS)

Exploring the WWW - Web Application Security in practice

Daniel Sayk (Telekom-CERT)

11:00 – 11:30

Coffee break

11:30 – 12:30
 KR

Advanced Malicious Code Analysis: Microsoft COM

Yoojae Won (KrCERT/CC — Korea Information Security Agency, KR)

Bluetooth vulnerabilities

Mark Rowe, Tim Hurman (Pentest)

Botnet Malware Analysis

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS)

Exploring the WWW - Web Application Security in practice

Daniel Sayk (Telekom-CERT)

13:00 – 14:00

Lunch

14:00 – 15:00

Advanced Malicious Code Analysis: Microsoft COM

Jason Milletary (CERT/CC)

Bluetooth vulnerabilities

Mark Rowe, Tim Hurman (Pentest)

Botnet Malware Analysis

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS)

Exploring the WWW - Web Application Security in practice

Daniel Sayk (Telekom-CERT)

15:00 – 15:30

Coffee break

15:30 – 17:30

Advanced Malicious Code Analysis: Microsoft COM

Jason Milletary (CERT/CC)

Bluetooth vulnerabilities

Mark Rowe, Tim Hurman (Pentest)

Botnet Malware Analysis

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS)

Exploring the WWW - Web Application Security in practice

Daniel Sayk (Telekom-CERT)