Program Overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in Oct 5-7, 2005.

Nevertheless, since this will be a joint event with other CSIRT initiatives in the region, there will be two additional events adjacent to the TC in order to achieve non-FIRST-members as well. These two events are the FIRST/TRANSITS Course (Oct 1-2) and the Latin American Security Workshop (Oct 3-4).

Saturday, 1 October

FIRST/TRANSITS course
08:30 – 09:00

Introduction

FIRST.Org Inc

09:00 – 10:40

Module 1: Organizational Issues

10:40 – 11:00

Coffee break

11:00 – 12:30

Module 1: Organizational Issues

12:30 – 14:00

Lunch

14:00 – 15:40

Module 2: Operational Issues

15:40 – 16:00

Coffee break

16:00 – 17:00

Module 2: Operational Issues

17:00 – 18:00

Module 3: Legal Issues

Sunday, 2 October

FIRST/TRANSITS course
09:00 – 10:40

Module 4: Technical Issues

10:40 – 11:00

Coffee break

11:00 – 12:30

Module 4: Technical Issues

12:30 – 14:00

Lunch

14:00 – 15:40

Module 4: Technical Issues

15:40 – 16:00

Coffee break

17:00 – 18:00

Module 5: Vulnerabilities and Advisories

Monday, 3 October

Security workshop
09:00 – 09:20

Open

ONTI (AR Government)

09:20 – 11:00

Incident Response in Latin America

Latin American CSIRTs

11:00 – 11:20

Coffee Break

11:20 – 11:50

FIRST: Global Incident Handling

FIRST Board Member

11:50 – 13:00

Regional Initiatives in Incident Response

Various FIRST Members

13:00 – 14:30

Lunch

14:30 – 15:10

Taxonomy of Mexican Online Banking 2005: Threats and Mitigation

David Gimenez, Juan Carlos Guel (UNAM-CERT — National Autonomous University of Mexico)

15:10 – 16:10

Cisco PSIRT - Incident Management

Dario Ciccarone (Cisco PSIRT — Cisco Systems Inc.)

16:10 – 16:30

Coffee Break

16:30 – 18:00

Digital crimes under different perspectives

Various

Tuesday, 4 October

Security workshop
09:00 – 09:50
 AR

An evening with Kha0s

Sebastián García (CITEFA, AR)

09:50 – 10:50
 US

Forensics Discovery

Dr. Wietse Z. Venema (IBM, US)

10:50 – 11:10

Coffee Break

11:10 – 12:10
 AR

Information Security Attack Trends

Iván Arce (CORE Security Technologies, AR)

12:10 – 13:00

Recycling IPv4 exploit for IPv6

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS)

13:00 – 14:30

Lunch

14:30 – 15:20

Trends in Internet Attack Technology and the Role of Artifact

Jason Milletary (CERT/CC)

15:20 – 16:10

Incident Response and Early Warning Initiatives in Brazil

Marcelo H. P. C. Chaves (CERT.br — The Brazilian Internet Steering Committee)

16:10 – 16:30

Coffee Break

16:30 – 16:50

Latin-American Forensic challenge V.2: Conclusion

Francisco. (Paco) Monserrat (IRIS-CERT — RedIRIS); Juan Carlos Guel (UNAM-CERT — National Autonomous University of Mexico)

16:50 – 17:40

The SANS Internet Storm Center (ISC): A Collaborative Information Security Community

Johannes Ullrich (SANS Internet Storm Center)

17:30 – 18:00

Close

AR Government

Wednesday, 5 October

Technical Colloquium – Plenary Session
08:30 – 09:00

Registration

09:00 – 09:20

Open

FIRST TC Day Chair

09:20 – 09:50

Honeypots for Security Operations

James J. Barlow (NCSA-IRST — National Center for Supercomputing Applications)

09:50 – 10:20

A Tool to Capture BruteSSH attacks related info

Ivo Carvalho Peixinho (CAIS/RNP — Brazilian Academic and Research Network)

11:00 – 11:20

Coffee Break

11:20 – 11:50

FIRST SC Update

FIRST SC Member

11:50 – 13:00

Work in Progress Session

Various FIRST Members

13:00 – 14:30

Lunch

14:30 – 15:00

Work in Progress Session

Various FIRST Members

15:00 – 15:30

Recent Activity in Phishing Malware

Jason Milletary (CERT/CC)

15:30 – 16:10
 AR

ICMP Attacks Against TCP

Fernando Gont (National Technological University of Argentina, AR)

16:10 – 16:30

Coffee Break

16:30 – 17:00

Fraud and Phishing Scam Response Arrangements in Brazil

Marcelo H. P. C. Chaves (CERT.br — The Brazilian Internet Steering Committee)

17:00 – 17:30

Yet another Windows auditing tool

David Gimenez, Juan Carlos Guel (UNAM-CERT — National Autonomous University of Mexico)

17:30 – 18:00

VoIP Security

Peter Quick (Telekom-CERT — Deutsche Telekom)

Thursday, 6 October

Technical Colloquium – Hands-On Class
09:00 – 09:20

Open

FIRST TC Day Chair

09:20 – 10:40

Botnet Malware Analysis

Francisco Jesus Monserrat Coll (IRIS-CERT)

 DE

Common Vulnerabilities Score Systems

Marco Thorbrügge (ENISA, DE)

 AR

Cryptography in forensics & reverse engineering

Ariel Futoransky, Gerardo Richarte (CORE Security Technologies, AR); Ariel Waissbein (CORE Security Technology, AR)

 US

Hands-on analysis of a compromised Linux machine

Dr. Wietse Z. Venema (IBM, US)

10:40 – 11:00

Coffee Break

11:00 – 12:30

Botnet Malware Analysis

Francisco Jesus Monserrat Coll (IRIS-CERT)

 DE

Common Vulnerabilities Score Systems

Marco Thorbrügge (ENISA, DE)

 AR

Cryptography in forensics & reverse engineering

Ariel Futoransky, Gerardo Richarte (CORE Security Technologies, AR); Ariel Waissbein (CORE Security Technology, AR)

 US

Hands-on analysis of a compromised Linux machine

Dr. Wietse Z. Venema (IBM, US)

12:30 – 14:20

Lunch

14:20 – 15:40

Botnet Malware Analysis

Francisco Jesus Monserrat Coll (IRIS-CERT)

 DE

Common Vulnerabilities Score Systems

Marco Thorbrügge (ENISA, DE)

 AR

Cryptography in forensics & reverse engineering

Ariel Futoransky, Gerardo Richarte (CORE Security Technologies, AR); Ariel Waissbein (CORE Security Technology, AR)

 US

Hands-on analysis of a compromised Linux machine

Dr. Wietse Z. Venema (IBM, US)

15:40 – 16:00

Coffee Break

16:00 – 17:30

Botnet Malware Analysis

Francisco Jesus Monserrat Coll (IRIS-CERT)

 DE

Common Vulnerabilities Score Systems

Marco Thorbrügge (ENISA, DE)

 AR

Cryptography in forensics & reverse engineering

Ariel Futoransky, Gerardo Richarte (CORE Security Technologies, AR); Ariel Waissbein (CORE Security Technology, AR)

 US

Hands-on analysis of a compromised Linux machine

Dr. Wietse Z. Venema (IBM, US)

Friday, 7 October

Technical Colloquium – Laboratory
09:00 – 10:40
 US

Botnets Lab: From Soup to Nuts

Guilherme Vênere (CAIS/RNP — Brazilian Academic and Research Network); Stephen Gill (Cymru Team, US)

10:40 – 11:00

Coffee Break

11:00 – 13:00
 US

Botnets Lab: From Soup to Nuts

Guilherme Vênere (CAIS/RNP — Brazilian Academic and Research Network); Stephen Gill (Cymru Team, US)

Wednesday, 14 November

18:00 – 20:00

Wednesday, 7 September

17:15 – 18:00

Fortinet Security Fabric

Stefan Moise, Major Accounts Manager, Fortinet