Program Overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in January 29-31, 2007.

Nevertheless, since this will be a joint event with TF-CSIRT, their participation will be opened, and there will be an additional event. This event is the 20th TF-CSIRT Meeting.

Steering Committee Meeting

On January 31st (Wednesday) to February 1st (Thursday), 2007 ?2 full days? there'll be the SC Meeting, open to FIRST Members. Due to logistic reasons, it'll be necessary to send mail to first-sec@first.org in case attendance is planned (well in advance please).

Monday, 29 January

TF-CSIRT Plenary Meeting (subject to the TF-CSIRT screening policy)
09:00 – 10:00

Trusted Introducer Meeting

10:00 – 10:30

Coffee break

10:30 – 12:30

Trusted Introducer Meeting

12:30 – 13:30

Lunch

13:30 – 13:35

Welcome, introductions and appologies

Gorazd Bozic (SI-CERT)

13:35 – 13:50

Hungarian CERT activities

13:50 – 14:00

Approval of the minutes from the last meeting and status of the action items

Gorazd Bozic (SI-CERT)

14:00 – 14:30
 DE

Grids-related activity update

Klaus Möeller (DFN-CERT, DE)

14:30 – 15:00
 ES

RTIR WG Update

Carlos Fuentes (IRIS-CERT, ES)

15:00 – 15:30

Coffee break

15:30 – 15:45
 NL

TRANSITS update

Karel Vietsch (NL)

15:45 – 15:55
 NL

Trusted Introducer Update

Don Stikvoort (S-CURE, NL)

15:55 – 16:25

GN2 JRA2 Update

16:25 – 16:55
 GB

Update on Collaboration with Information Security Metadata Activities

Ian Bryant (CSIA, GB)

16:55 – 17:00
 GB

Meeting close

Ian Bryant (CSIA, GB)

17:00 – 17:45

TI Review Board Meeting

19:30 – 23:00

Social Event

Tuesday, 30 January

Joint FIRST - TF-CSIRT Meeting
09:00 – 09:30
 US

Update on FIRST activities

Mike Caudill (Cisco PSIRT, FIRST Chairman, US)

09:30 – 10:00
 HU

Overview of CERT-Hungary's activities from the technological perspective

Balázs Szekeres (CERT-Hungary, HU)

10:00 – 10:30

Honey@home, a re-director for dark traffic

Spiros Antonatos (FORTH)

10:30 – 11:00

Coffee break

11:00 – 12:00

System and network architecture of an Internet voting system

Jan Meijer (SURFnet-CERT)

12:00 – 13:00

Lunch

13:00 – 13:30
 GB

802.11 and Bluetooth Threats

Ian Cook (Team Cymru, GB); Mark Rowe (Pentest)

13:30 – 14:00
 US

Applying the Five Stages of Grief to Incident Response

Jim Duncan (Cisco Systems, US)

14:00 – 14:15
 JP

Web response and event monitoring system

Masato Terada (IPA, JP)

14:15 – 15:00
 GB

Fuzzy testing

Damir (Gaus) Rajnovic (Cisco PSIRT — Cisco Systems Co., GB)

15:00 – 15:30

Coffee break

15:30 – 16:15

Extending NFsen/NFdump at SURFnet

16:15 – 16:45
 ES

DesconII, an early disconnection system for compromised systems

Rafael Calzada Pradas (University Carlos III, ES)

16:45 – 17:00

Seminar close

17:00 – 18:00

GN2 JRA2 meta-training

Wednesday, 31 January

Hands-on classes (subject to the maximum number of participants)
09:00 – 10:30
 UY

Botnet Malware Analysis

A/P Federico Monteverde (AGESIC, UY)

 ES

RTIR installation and usage

Carlos Fuentes (IRIS-CERT, ES)

The current state of Bluetooth and WiFi vulnerabilities

Tim Hurman (Pentest)

 US

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way

Jim Duncan (Cisco Systems, US)

10:30 – 11:00

Coffee Break

11:00 – 12:00
 UY

Botnet Malware Analysis

A/P Federico Monteverde (AGESIC, UY)

 ES

RTIR installation and usage

Carlos Fuentes (IRIS-CERT, ES)

The current state of Bluetooth and WiFi vulnerabilities

Tim Hurman (Pentest)

 US

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way

Jim Duncan (Cisco Systems, US)

12:00 – 13:30

Lunch

13:30 – 15:30
 UY

Botnet Malware Analysis

A/P Federico Monteverde (AGESIC, UY)

CVSS trainning

Gavin Reid (Cisco Systems)

The current state of Bluetooth and WiFi vulnerabilities

Tim Hurman (Pentest)

 US

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way

Jim Duncan (Cisco Systems, US)

15:30 – 16:00

Coffee Break

16:00 – 17:00
 UY

Botnet Malware Analysis

A/P Federico Monteverde (AGESIC, UY)

The current state of Bluetooth and WiFi vulnerabilities

Tim Hurman (Pentest)

 US

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way

Jim Duncan (Cisco Systems, US)