Program Overview

Agenda is subject to change. Times are reflected in Bilbao, Spain local time of UTC +1 (CET).

Monday, 30 January

10:00 – 15:00

Pre-registration in Melia Bilbao Hotel Lobby

Tuesday, 31 January

TF-CSIRT Meetings (Room 0D)
08:00 – 09:00

Registration for Closed TF-CSIRT Meeting Participants Only

09:00 – 12:45

TF-CSIRT Closed Meetings

TLP:RED
09:30 – 16:00

Registration for All Delegates

10:45 – 11:15

Coffee Break with Exhibitors

12:45 – 13:45

Lunch - All Delegates

13:45 – 14:00

Welcome by TF-CSIRT Steering Committee

Silvio Oertli (SWITCH)

TLP:CLEAR
14:00 – 14:30
 ES

UEBA Prevention Framework for Enterprise Security

Albert Calvo, Nil Ortiz (Fundació i2 CAT, Internet i Innovació Digital a Catalunya, ES)

TLP:CLEAR
14:30 – 15:00
 FR

Feedback on ANSSI's Sharing and Handling Policy

Matthieu Bontrond (ANSSI, FR); Thomas Fontvielle (CERT-FR – ANSSI, FR)

TLP:GREEN
15:00 – 15:30
 FR

The Recent Evolutions of CSIRTs Cooperation in France

Etienne Baudin, Frédéric Le Bastard (InterCERT France , FR)

TLP:CLEAR
15:30 – 16:00

Coffee Break with Exhibitors

16:00 – 16:30
 PL

MALWINA - Malware in a Box - the Road from a Set of Malware Analysis Tools to an Automated Malware Data Lake Supporting CERT/CSIRT Operations

Mikolaj Dobski (Poznan Supercomputing and Networking Center (PSNC), PL)

TLP:GREEN
16:30 – 17:00
 ES DE SE SK NL

Lightning Talks

Daniel Kouril (Masaryk University); Donetz Errasti (P3-CERT – EGI-CSIRT, ES); François Ambrosini (Huawei, DE); Karl Selin (CERT-SE, SE); Marek Madžo (VoidSOC, SK); Sven Gabriel (Nikhef, NL)

TLP:AMBER
20:30 – 00:00

Reception hosted by Basque Cyber Security Centre at the Guggenheim Museum

Wednesday, 1 February

FIRST Symposium
Plenary (Room 0D)
08:00 – 09:00

Registration

09:15 – 09:30
 EG

Welcome by FIRST Board

Dr. Sherif Hashem (FIRST, EG)

TLP:CLEAR
09:30 – 10:15
 IL

Tracking Attackers in Open Source Supply Chain Attacks: The New Frontier

Jossef Harush Kadouri (IL)

TLP:CLEAR
10:15 – 11:00
 DK

OT Weakest Links in ICS Cyber Kill Chain

Carlos Sanchez Santos (Ørsted, DK)

TLP:GREEN
11:00 – 11:30

Coffee Break with Exhibitors

11:30 – 12:15
 NL

Open for Extortion: Upcoming Ransomware Evolutions and Revolutions

Feike Hacquebord (Trend Micro, NL)

TLP:CLEAR
12:15 – 12:45
 DK

Does Ransomware Really Mean “Game Over?”

Christoffer Bech, Lasse Dessau (Improsec CSIRT, DK)

TLP:AMBER
12:45 – 13:45

Lunch - All Delegates

13:45 – 14:30
 SE

Breaking the Ransomware Tool Set – When a Threat Actor Opsec Failure Became a Threat Intel Goldmine

Nicklas Keijser (Truesec, SE)

TLP:GREEN
14:30 – 15:00
 BE NL

♬ You Ain’t Seen Nothing Yet ♫

Eddy Willems (G DATA, BE); Righard Zwienenberg (ESET, NL)

TLP:CLEAR
15:00 – 15:30

Coffee Break with Exhibitors

15:30 – 16:00
 US

Cyberwar – Lessons Learned from Russia’s War in Ukraine

Artsiom Holub (Cisco Talos, US)

TLP:RED
16:00 – 16:30
 FR CZ

Iron Tiger’s Supply Chain Attack Targeting Windows, MacOS and Linux Users

Daniel Lunghi (Trend Micro, FR); Jaromir Horejsi (Trend Micro, CZ)

TLP:CLEAR
16:30 – 17:00
 US

The Dataplane.org Sensor Network: Operation and Analysis

John Kristoff (Liaison, US)

TLP:CLEAR

Thursday, 2 February

FIRST Symposium
Training Track 1 (Room 5A)
FIRST Symposium
Training Track 2 (Room 5B)
FIRST Symposium
Training Track 3 (Room 5h Terazza B)
FIRST Symposium
Training Track 4 (Room 5h Terazza A)
08:30 – 15:00

Registration

09:00 – 10:30
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Elsinore, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 CZ

Malware Analysis

Jan Kopřiva (Nettles Consulting, CZ)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

10:30 – 11:00

Coffee Break

11:00 – 12:30
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Elsinore, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 CZ

Malware Analysis

Jan Kopřiva (Nettles Consulting, CZ)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

12:30 – 13:30

Lunch Break

13:30 – 15:00
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Elsinore, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 PL

Cyber Fortress - Simulation-Strategic Games Based on Scenarios of the Latest Advanced Cyber Attacks

Marcin Fronczak, Miroslaw Maj, Piotr Kepski (ComCERT S.A., PL)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)

15:00 – 15:30

Coffee Break

15:30 – 17:00
 LT

CSIRT Manager’s Course – CSIRT KPIs, CSIRT Annual Report Writing, CSIRT Mandate Clarification, CSIRT Manager Time Allocation

Vilius Benetis (NRD Cyber Security, LT)

 NL DE

SIM3 Training

Don Stikvoort (Elsinore, NL); Klaus-Peter Kossakowski (DFN-CERT Services GmbH, DE)

 PL

Cyber Fortress - Simulation-Strategic Games Based on Scenarios of the Latest Advanced Cyber Attacks

Marcin Fronczak, Miroslaw Maj, Piotr Kepski (ComCERT S.A., PL)

 US CH

Two Repeat Sessions (AM and PM) - DNS: Prevention, Detection, Disruption and Defense

Carlos Alvarez del Pino (ICANN, US); David Rufenacht (Infoguard, CH)