Program Overview

Due to the great of online tasks especially due to COVID19 occurence, cyberattacks are increasing. In addition, there is occurence of new types of attacks that couldn't be managed via traditional tools. For this artificial intelligence is a prominent solution to dynamic monitoring of the network.

Houda Chihi is a PhD in telecommunication, senior researcher at Innov'COM Laboratory of Sup'COM Tunisia, Tech women Fellow 2019, senior engineer at Tunisie Telecom. Her research field includes wireless communication, signal processing, vehicular communication, green communication, mobile communication. She is am a member of ISOC chapter Tunisia, member of AUESG , member of NCSG ICANN and reviewer in many IEEE conferences. From childhood, Houda has been passionate about new technologies and working in engineering field. She has a Telecommunication Bachelor degree, pursued her MSC, and then a PhD in Telecommunication field with Honors.

This talk proposes an add-on methodology to significantly increase an organization's cyber resilience posture against advanced adversaries by accounting for the value that these threat actors place on a given asset instead of solely focusing on the asset's value from a business criticality or informational value perspective. This methodology is an overlay to Special Publication NIST 800-160, MITRE Cyber Resiliency Engineering Framework, US CISA High Value Asset definition and tied to the MITRE ATT&CK Framework where possible.

Calin Gheorghiu joined Standard Chartered Bank (SCB) as cyber resilience architect, with the aspiration of laying the foundations & shaping the vision of an industry leading threat informed risk management strategy, in order to prepare against the threats of tomorrow. Calin has 7+ years' experience in IT and cyber security and joined SBC from Broadcom, where he covered a series of tactical & management roles, ranging from solution architecture, incident response & threat intelligence. He also holds the position of Director of the Community of Practice of the ISSA.org Cyber Resilience SIG.

Francesco Chiarini joined Standard Chartered Bank (SBC) as global lead over the cyber resilience capability with the aim to evolve SCB's posture and highlight the key strategic capabilities we need, to sustainably stay ahead of the cyber threat. Francesco has 15+ years' experience in IT and cyber security and joined SBC from PepsiCo where he was in charge of one of the two global Cyber Fusion Centers, leading globally incident response, adversary emulation and cyber resilience. Founder of the Consumer Packaged Goods (CPG) Special Interest Group (SIG) at FIRST.org and of the Poland FIRST.org group. 2021 Volunteer of the year award at ISSA.org, global head of the Cyber Resilience ISSA.org SIG and director for International Cooperation at ISSA Poland. Advisor of the FIRST.org Security Metrics SIG.

Often CSIRTs' success depend on how well they are managed by management team, rather then by the depth of technical skills CSIRT teams master. This training is one of very few trainings available specifically targeting CSIRT managers - to inspire, motivate, upskill, and foster friendships with other CSIRT managers. Training is for current and future senior and mid-managers of CSIRTs and SOCs. The objective of the training is to spend full day reflecting and collectively working on CSIRT managers' daily questions and concerns, including CSIRT KPIs, Annual report writing, clarity improvement in CSIRT mandate and strategy, CSIRT manager's time planning and allocation. It will be dedicated time to build relations between managers, discussing and supporting each other.

Dr. Vilius Benetis is member of NRD CIRT (in NRD Cyber Security), where he leads a team of experts to consult, establish and modernize CSIRT/SOCs for sectors, governments and organizations in Africa, Asia, Europe, and Latin America. He is an active contributor and speaker for ISACA's cybersecurity research and contributes to development of CSIRT methodologies for ENISA, FIRST.org and ITU. He is an industry professor in Cybersecurity at Kaunas Technology University (ktu.edu).

The Computer Emergency Response Team of Mauritius (CERT-MU), operating under the aegis of the Ministry of Information Technology, Communication and Innovation of the Republic of Mauritius has launched a Cyber Threat Information Sharing Platform known as MAUSHIELD (https://maushield.govmu.org ) in September 2022. It is an automated platform for sharing cyber threat intelligence in a real-time and in a secure and confidential manner. The aim of MAUSHIELD is to facilitate cyber threat information sharing and develop a better understanding of the different techniques that cybercriminals are using to carry out cyber-attacks. This will help organisations to improve on their defense capability and stay on top of current trends and emerging threats. The functions of MAUSHIELD are to:

• To provide a collaborative platform for sharing information and to give a better visibility of cyber threats.
• To facilitate cyber threat information sharing in a secure and confidential environment.
• To develop a better understanding of the different techniques that cybercriminals are using to carry out cyber-attacks.
• To help organisations to improve their cyber defence capability and stay ahead of emerging threats. -To increase the outreach of information availability to all organisations.
• To build contacts in case of an incident or crisis requiring collaboration with other organisations.

What Cyber Threat intelligence is shared on MAUSHIELD? Cyber Threat intelligence can help analysing risks, allocating resources, and understanding threats relevant to one's own organisation, industry and geography. This information may include:

• Mechanisms of an attack
• How to identify that an attack is happening
• Ways different types of attacks might affect the organisation
• Action-oriented advice about how to defend against attacks

Jennita Appanah Appayya is an experienced Information Security Consultant working at the Computer Emergency Response Team of Mauritius (CERT-MU). She has extensive experience in incident handling and management, national cyber security strategy and policy drafting, cyber security vulnerability research, development of information security guidelines and best practices. She is the author and co-author of cybersecurity papers. She is passionate about cybersecurity and is keen on exploring new aspects in the field.

Jennita holds a Master degree in Computer Security and Forensics and is a Certified Ethical Hacker, Certified Network Security Manager and Certified Digital Forensic Investigation Professional. She is also an alumni of the U.S Department of State’s International Visitor’s Leadership Program on “Promoting Cybersecurity” (a Regional Project for Africa).

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

The training on DNS: Prevention, Detection, Disruption and Defense offers a comprehensive introduction from a basic to an advanced level on how adversaries abuse and leverage the Domain Name System and domain registration services to carry out different types of attacks.

Looking at both the technical aspect of the domain resolution process to the lifecycle of domain names, with a focus on the vulnerabilities in the processes and systems, participants in the training will gain an understanding on how they can prevent the malicious activity, detect and disrupt it, as well as defend their specific constituencies.

The training consists of the following modules:

• DNS Basics and Ecosystem
• How do domains resolve?
• What are the components in the DNS?
• How does a domain get registered?
• Who is who in the domain ecosystem and why this matters?
• Phishing - Hands-on: Participants will learn which steps to take, with real-life examples, when addressing phishing cases against their constituencies:
• Detect the phishing
• Identify the relevant entities
• Gather the evidence
• Decide who to submit reports of abuse
• Decide on information sharing
• Advanced DNS
• Delegation
• Relevant Resource Records
• Authoritative vs. Recursive Resolvers
• Exercise
• Sophisticated DNS attacks
• Examples of sophisticated attacks
• Possible countermeasures for detection, disruption, and defense
• Techniques and good practices to prevent DNS threats
• Table-top exercise based on 4 scenarios:
• Hijacking
• DNS amplification
• Random subdomain attack
• DNS as a covert channel for exfiltration

Yazid Akanho has joined ICANN Org as Technical Engagement Specialist for Middle East and Africa (MEA). His main role is to support ICANN org’s technical engagement efforts in the region (trainings, promote DNS standards and best practices, promote research, …). He reports to Adiel Akplogan, VP Technical Engagement at the Office of the Chief Technology Officer.

Yazid’s professional career started at Benin Telecoms, the national telecom operator, where he worked in data transmission engineering and contributed to the design of FTTx and 4G LTE network projects, before joining MTN Benin where he held several roles including technical lead on several projects.

As a previous ICANN community member, Yazid has been an active Internet evangelist at various forums such as the Benin DNS Forum, fellow researcher at AFRINIC, Universal Acceptance Steering Group, ISOC Benin, AFRALO, Non-commercial Users Constituency (NCUC), and Non-commercial Stakeholder Group (NCSG) where he has contributed to several initiatives across these groups. Yazid has also served as vice-president of ISOC Benin Chapter.

Don Stikvoort is founder of the companies “S-CURE” and “Cross Your Limits”. S-CURE offers senior consultancy in the area of cyber security – specialising in CSIRT matters. Cross Your Limits coaches and trains in the human area. Based in Europe, Don’s client base is global.

After his MSc degree in Physics, he became Infantry platoon commander in the Dutch Army. In 1988 he joined the Dutch national research network SURFnet. In that capacity he was among the pioneers who together created the European Internet since November 1989. He recognised “security” as a future concern in 1991, and was chair of the 2nd CSIRT in Europe (now SURFcert) from 1992-8, and FIRST member since 1992. Today Don is a FIRST Liaison Member.

Together with Klaus-Peter Kossakowski he initiated and built the closer cooperation of European CSIRTs starting in 1993 – this led to the emergence of TF-CSIRT in 2000. In 1998 he finished the "Handbook for Computer Security Incident Response Teams (CSIRTs)" together with Kossakowski and Moira J. West-Brown of CERT/CC. He was active in the IETF and RIPE (co-creator of the IRT-object). Don chaired the Program Committee for the 1999 FIRST conference in Brisbane, Australia, and kick-started the international FIRST Secretariat in the same year. From 2001-2011 his company ran TF-CSIRT’s Trusted Introducer service. He wrote and taught several training modules for the CSIRT community.

In 1998 Don started his first company. A first assignment was to build the network connecting over 10,000 schools in The Netherlands. Many CSIRTs were created with his help and guidance, among which the Dutch national team (NCSC-NL). Second opinions, audits and maturity assessments in this field have become a specialty – and in that capacity Don developed SIM3 in 2008, the maturity model for CSIRTs which is used worldwide today for maturity assessments and certifications. SIM3 has is now under the wings of the “Open CSIRT Foundation” (OCF). Don was one of the founders in 2016 and now chairs its board.

Starting in 1999, Don was certified in NLP, Time Line Therapy®, Coaching and Hypnotherapy, and brought that under the wing of “Cross Your Limits”, which portfolio is life & executive coaching, and training courses in what Don likes to call “human arts”. He also trains communicators, presenters and trainers, including many in the CSIRT field.

Don thrives as motivational and keynote speaker. He enjoys to share his views on how the various worlds of politics, economics, psychology and daily life, but also cyber security, all intertwine and relate – and how deeper understanding and a better ability to express ourselves, increase our ability to bring good change to self as well as the world around us. He has discussed such topics all over the world, from Rome to the Australian Outback. His goal is to challenge his audience to think out-of-the-box, and motivate them to be the difference that makes the difference, along the lines of the old African proverb:

“If you think you’re too small to make a difference, try sleeping in a closed room with a mosquito”.

The open-source community is rapidly growing both in size and importance as individuals and organizations are increasingly reliant on OSS (open-source software) to meet business needs within shorter time frames. Widespread use of open-source software has motivated malicious actors to take advantage of the medium, spawning significant and widespread attacks. This talk is about showing recent examples of how we were able to detect advanced Attckrs ( Red-Lili), new trends ( Protsware), and new trends we are seeing. We will also share some open-source tools that help participants to better defend against those attacks.

Tzachi Zorenshtain is the Head of SCS, Checkmarx. Prior to Checkmarx, Tzachi was the Co-Founder and CEO of Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open-source software supply chains, which was acquired by Checkmarx in August 2021. Tzachi is armed with more than a decade’s worth of experience in cyber-security, specializing in building advanced malware research systems. Prior to Dustico, Tzachi’s tenure at Palo Alto Networks, Symantec and McAfee deepened his passion towards contributing to the developer and cybersecurity space and saw him building custom security architectures and hunting for advanced Cyber-attack groups.

RTIR is an opensource and most popular security incident ticketing system, created for national and sectorial CSIRTs' communication and activity management needs. Once the tool is understood well by the CSIRT team members it can bring tremendous value in maturity of incident response, coordination, and efficiency of staff. RTIR was designed based on the needs of CSIRTs to support Incident handling process specific for CSIRTs. The training provides skills of the RTIR ticketing system web interface, workflow, gives practical examples of incident case management. Cloud lab environment is used by participants to connect and access RTIR system.

Marius Urkis is a CSIRT/SOC architect, with 20+ years of experience in the Incident management area. At NRD Cyber Security he leads CSIRT operations: security incident prevention, detection, triage and recovery. He also worked in CSIRT capability, maturity, and capacity building projects in different countries around the world.

This course is created to help participants learn more about cyber open source intelligence as well as to provide them with the necessary skills and background to get started in this sector. OSINT is used to detect vulnerabilities in apps, networks, physical penetration tests, and when putting security awareness initiatives to the test through Social Engineering efforts. Various vectors utilized in OSINT will be addressed throughout training. Each topic will be taught with real live examples of how to overcome specific challenges in a genuine assault situation. The course will cover both theory and hands-on practice in our lab.

Moataz Salah is a cyber security entrepreneur with 15+ years of experience . He is the founder of CyberTalents, a platform for top talented cyber security professionals. CyberTalents is a global platform for learning, practicing, and testing cybersecurity skills. We provide our customers with a platform to host their CTFs, gamified training solutions, security recruitment services, and CSaaS. Moataz helped to run 200+ CTF events on his platform in addition to building the largest database of cybersecurity professionals in MENA and was able to provide cybersecurity jobs to hundreds of cybersecurity talents. In 2010, Moataz launched the most valuable cyber security conference in Egypt, Cairo Security Camp, since the launch, is the must attend conference for all cyber security Community.Moataz focuses on building the cyber security awareness culture in the Arab community through his conference, competitions, boot camps with a clear objective to discover young cyber security talents in this part of the world through his platform https://cybertalents.com/ .Before launching CyberTalents, Moataz has been working for a couple of international companies including Intel and Valeo after being graduated from the faculty of engineering, Communication department, Alexandria university.

Nowadays the rampant use of IoT devices has maintained a huge standard way of living in society. It is a general term for devices, having an internet connection, and exhibiting intelligence by communicating and exchanging information. Modern homes now have a network whereby household equipment such as fridges, thermostats, etc. are capable of being in an environment where they all exchange information. However, there are a lot of problems and limitations with these devices in terms of security. Additionally, on Top of the insecurity posture, they pose some challenges to forensic investigators who find it hard to retrieve shreds of evidence and artifacts from these small devices. Objectives. I illustrated exploits on Philips hue bridge and conducted digital forensics to retrieve artifacts in a forensic sound manner.

Joel Kashaija: Full time I work as Systems Security Engineer at EPAM actively in DFIR role. Partime I run and manage my startup Shield Tech Hub that among other services it primary focuses on cyber security. In my spare time am also a PhD candidate currently researching on cyber security resilient critical infrastructure systems in Kharkiv National University of Radio Electronics

Based on learned lessons from investigating ransomware attacks targeting critical information systems and run by some of the most sophisticated APT groups, the presentation will go through the operation mode by exposing the most used techniques in every step of the cyber kill chain, then it will focus on the investigation side from the detection to the recovery of all operations. A set of recommendations will be presented on how the conduct the investigation and how to progressively restore all information system functions and how to deal with cybercriminals. A self-assessment toolkit will be presented which helps to measure information system readiness to defend against ransomware attacks.

Haythem El Mir is a cybersecurity expert with 20 years of experience. Currently, Mr. El Mir is the CEO of Keystone, a cybersecurity consulting company working on MEA region, and manager CSIRT.tn. With Keystone, Haythem is advising governments, critical sectors and big companies to develop their cyberdefense program and cybersecurity strategies.

As a specialist in critical information infrastructure protection (Banking, Telecom, Government, Industry), Mr. El Mir has participated in numerous cyber security projects in the Africa and Middle East regions. He helped also to set up about 15 CSIRT and projects.