Program Overview

The FIRST Symposium event is restricted to FIRST members only and will be held in Jan 25-27, 2010.

Nevertheless, since this will be a joint event with TF-CSIRT - the European CSIRT regional initiative- there will be some sessions restricted to TF-CSIRT members only and others open to both communities.

The FIRST Symposium is held in conjunction with the 29th TF-CSIRT meeting. This year's event is hosted and co-sponsored by DFN-CERT.

Please note:

GÉANT Meeting (Invitation Only)

There will be a GÉANT meeting held Sunday, January 24, 2010 at the Hotel Grand Elysée, Hamburg. Participation in this meeting is by invitation only.

Please contact us at info@geant.net for more information.

EWNI 2010: 1st European Workshop on Internet Early Warning and Network Intelligence

Sponsored by PRESENSE

EWNI 2010 will be held Wednesday, January 27, 2010 at the Hotel Grand Elysée in Hamburg. The goal of this workshop is twofold: Evaluate the current state of the art of EWS and explore both related and future research areas. On an organizational level the workshop is intended to stimulate collaborative efforts.

For more information on EWNI 2010, contact ewni2010@pre-secure.de. If you would like to register for this workshop, please click on http://www.pre-sense.de/ewni2010.

Sunday, 24 January

GEANT Meeting (Invitation only)
09:00 – 18:00

GEANT Meeting (Invitation only)

Monday, 25 January

TF-CSIRT Meeting
09:00 – 12:30

TI Accredited Teams Meeting (Accredited teams only)

13:30 – 13:35
 BE

Welcome, introductions and apologies

Lionel Ferette (Belnet CERT, BE)

13:35 – 13:40
 BE

Approval of minutes and status of action items

Lionel Ferette (Belnet CERT, BE)

13:40 – 14:00
 CZ

CZ.NIC presentation

Martin Peterka (CZ.NIC, CZ)

14:00 – 14:15
 CZ

CESNET CERT presentation

Andrea Kropacova (CESNET, CZ)

14:15 – 14:30
 LU

Security made in Luxembourg

Pascal Steichen (CIRCL, LU)

14:30 – 15:00
 DE

Delivering services in a user-focused way

Marcus Pattloch (DFN-CERT, DE)

15:00 – 15:30

Coffee Break

15:30 – 16:00

DNS community efforts to enable Security Stability and Resiliency

Greg Rattray (ICANN, Multinational organisation)

16:00 – 16:30

Grid Security developments

Daniel Kouril (Masaryk University)

16:30 – 16:40
 NL

TRANSITS update

Don Stikvoort (S-CURE, NL)

16:40 – 17:00

GN3 Security Activities

Maurizio Molina (DANTE, Multinational organisation)

17:30 – 18:30

TI Review Board Meeting (Review board members only)

19:30 – 20:30

Tuesday, 26 January

TF-CSIRT/FIRST Symposium
09:00 – 09:15

Welcoming remarks

09:15 – 10:00
 GB

Social Networking Risks and the Underground Economy

Ian Cook (Team Cymru, GB)

10:00 – 10:30
 PL

Detecting and Analyzing Malicious PDF Files

Pawel Jacewicz (NASK/CERT Polska, PL)

10:30 – 10:45

Coffee Break

10:45 – 11:15
 AT

Building a CSIRT in an ITIL Driven Organization

Christian Proschinger (Raiffeisen Informatik, GmbH, AT)

11:15 – 12:00
 AT

Mass Malware Analysis: A Do-It-Yourself Kit

Christian Wojner (CERT.at, AT)

12:00 – 13:00

Lunch

13:00 – 13:30
 JP

MWS2009: Anti-Malware Engineering Workshop 2009

Masato Terada (IPA, JP)

13:30 – 14:15

Understanding the Insider Threat

Greg Longo (CERT - Software Engineering Institute, CMU)

14:15 – 14:45
 GB

Incident Response in a Collegiate University

David Ford (OxCERT — Oxford University Computing Services, GB)

14:45 – 15:15
 BR

Dragon Research Team Distro

Jacomo Piccolini (ESR/RNP, BR)

15:15 – 15:30

Coffee Break

15:30 – 17:00

Tales From the War Room

John Snyder (TD Bank Financial Group)

17:00 – 17:15

Closing Remarks

Wednesday, 27 January

FIRST Symposium Hands On ClassesEWNI 2010
09:00 – 10:30
 FI

Abuse Helper toolkit for CERT and Abuse teams **

Hillar Aarelaid (CERT-EE); Jani Kenttälä, Joachim Viide, Mika Seppänen, Sebastian Turpeinen (Clarified Networks); Juhani Eronen (CERT-FI, FI)

 US

Exploring Cyber Attacks

Greg Longo (CERT - Software Engineering Institute, CMU); Robert Floodeen (CERT/CC, US)

 US

OWASP Top-10 web application weaknesses ***

Kenneth R. van Wyk (KRvW Associates, LLC, US)

10:00 – 17:00

EWNI 2010 *

10:30 – 11:00

Networking Break

11:00 – 12:30
 FI

Abuse Helper toolkit for CERT and Abuse teams **

Hillar Aarelaid (CERT-EE); Jani Kenttälä, Joachim Viide, Mika Seppänen, Sebastian Turpeinen (Clarified Networks); Juhani Eronen (CERT-FI, FI)

 US

Exploring Cyber Attacks

Greg Longo (CERT - Software Engineering Institute, CMU); Robert Floodeen (CERT/CC, US)

 US

OWASP Top-10 web application weaknesses ***

Kenneth R. van Wyk (KRvW Associates, LLC, US)

12:30 – 14:00

Lunch

14:00 – 15:30
 FI

Abuse Helper toolkit for CERT and Abuse teams **

Hillar Aarelaid (CERT-EE); Jani Kenttälä, Joachim Viide, Mika Seppänen, Sebastian Turpeinen (Clarified Networks); Juhani Eronen (CERT-FI, FI)

 US

Exploring Cyber Attacks

Greg Longo (CERT - Software Engineering Institute, CMU); Robert Floodeen (CERT/CC, US)

 US

OWASP Top-10 web application weaknesses ***

Kenneth R. van Wyk (KRvW Associates, LLC, US)

15:30 – 16:00

Networking Break

16:00 – 17:30
 FI

Abuse Helper toolkit for CERT and Abuse teams **

Hillar Aarelaid (CERT-EE); Jani Kenttälä, Joachim Viide, Mika Seppänen, Sebastian Turpeinen (Clarified Networks); Juhani Eronen (CERT-FI, FI)

 US

Exploring Cyber Attacks

Greg Longo (CERT - Software Engineering Institute, CMU); Robert Floodeen (CERT/CC, US)

 US

OWASP Top-10 web application weaknesses ***

Kenneth R. van Wyk (KRvW Associates, LLC, US)

Thursday, 28 January

FIRST Steering Committee meeting
09:00 – 18:00

FIRST Steering Committee meeting