FIRST 2014 June 22, 2014 to June 27, 2014, Boston,USA

Event Page


Tell us about missing data
Title Speakers Summary Topic Types
A Forensic Analysis of APT Lateral Movement in Windows EnvironmentReturn to TOC Junghoon Oh In APT campaign, the "lateral Movement" is a behavior compromising other systems after initial compromise ...
A Survey of Vulnerability MarketsReturn to TOC Art Manion The past several years have seen growth in markets for information about software vulnerabilities. Vendors ...
At the Speed of Data: Automating Threat Information to Improve Incident ResponseReturn to TOC Denise Anderson , George Johnson Information sharing in the Cyber Defense world has historically been a tremendously manual and isolated ...
Attacks Using Malicious Hangul Word Processor(HWP) DocumentsReturn to TOC Jaebyung Yoon Recently, ATP attacks in Korea use document files (Hangul Word Processor) as an infection vector. ...
Avoiding Information Overload: Automated Data Processing with n6Return to TOC Pawel Pawlinski A specialist in the Security Projects Team at CERT Polska, his main interests in the ...
Back to the Roots - Incident Case StudyReturn to TOC Mikko Karikytö Mikko Karikytö is leading the Ericsson Product Security Incident Response Team, PSIRT. Ericsson PSIRT is ...
Bitcoin for the Incident ResponderReturn to TOC Ben April Ben is a Sr. Threat Researcher and the Americas regional manager of Trend Micro's Forward-looking ...
Common Vulnerability Scoring System v3Return to TOC Seth Hanford As Manager of the Cisco Threat Research Analysis and Communications (TRAC), Seth Hanford helps to ... IncludeThinkstScapes
Credential Honeytoken for Tracking Web-based Attack CycleReturn to TOC Mitsuaki Akiyama Background – The web-based attacks called Beladen, Gumblar, and Nineball are large-scale incidents of mass ...
Cyber Security for Board of Directors and Senior ManagementReturn to TOC Peter O'dell Cyber Security is extremel complex and evolving at a rapid pace. The board of directors ...
Cyber Threats Targeting High Level Individuals: Is Your Organization Prepared?Return to TOC Andrea Henson-armstrong How does a high level official in your organization report, remove and mitigate a situation ...
Cyber-EXE Polska 2013. Cyber Exercises for Banking Sector - the CERT Role.Return to TOC Miroslaw Maj Last years have shown that cyber exercises are probably one of the most effective ways ...
Developing Cybersecurity Risk Indicators - Metrics (panel)Return to TOC Jose Nazario , Dan Geer , Greg Rattray , Yurie Ito , Peter Cassidy , Aaron Martin One of the things we are missing in pursuing global cybersecurity goals is strong sources ...
Don’t Panic! Case studies of Incident Response from the FieldReturn to TOC Kristy Westphal One of the best ways to learn about incident handling is to practice practice practice. ...
Enabling Cross-Organizational Threat Sharing through Dynamic, Flexible TransformReturn to TOC Chris Strasburg , Andrew Hoying , Daniel Harkness , Scott Pinkerton The objective of the Cyber Fed Model (CFM) project is to facilitate the sharing of ...
Enterprise Security Monitoring: Comprehensive Intel-Driven DetectionReturn to TOC David J. Bianco Before coming to work as the Hunt Team Manager and DFIR subject matter expert at ...
Everyday CryptographyReturn to TOC John Kristoff This session aims to help enhance trust, privacy and connectedness of FIRST participants by inviting ...
Evidence Based Risk Management and Incident ResponseReturn to TOC Jake Kouns , Carsten Eiram Everywhere you turn there seems to be bad news about the state of security at ...
Exfiltration Framework (ExF)Return to TOC Mick Douglas , Eric Zielinski Data exfiltration is a common theme in most attack scenarios. The challenge in this space ...
First Step Guide for Building Cyber Threat Intelligence TeamReturn to TOC Hitoshi Endoh , Natsuko Inui CDI-CIRT / Cyber Defense Institute, Inc., Information Analysis Department / Chief Analyst Localization project manager ...
From Participant to Planner - Surviving Cyber Exercise ArmageddonReturn to TOC Robert Pitcher Cyber based exercises are quickly becoming the defact-o way to test systems and networks in ...
Human Intelligence Sharing for Collaborative Defense -- Op Sec TrustReturn to TOC Paul A. Vixie Human intelligence sharing requires a high level of trust, noting that real and effective trust ...
Identifying the 'Root' Causes of Propagation in Submitted Incident ReportsReturn to TOC Adam Shostack , Thomas Millar , Samuel Perl Incident response is most obviously about incidents, but looking deeply at root causes has helped ...
Implementers' Workshop : Automated Information Sharing with TAXII and STIXReturn to TOC Thomas Millar , Richard Struse Since early 2012, the US Department of Homeland Security has been working in close collaboration ...
Incident Response Coordination on a Global Scale: Your Assistance is Requested...Return to TOC Kauto Huopio During autumn of 2013, CERT-FI got a call from the police. Finnish and American law ...
Intelligence Driven SecurityReturn to TOC Adam Meyers Cyber adversaries are targeting your enterprise every day. Defending/repelling these attacks is becoming less and ...
Investigator of Interest – Our Philosophy of Adaptive Incident Response to Turn the Tables During an InvestigationReturn to TOC Pascal Arends “You are being watched, the attacker has a secret system —a spying program— that spies ...
Keynote Presentation - Imperial Ballroom, Mezzanine LevelReturn to TOC Kieran Ramsey , Kevin Swindon The presentation focuses on the FBI's response to the Boston Marathon bombing and the emergency ...
Keynote Presentation: "The Neverending Story: Incident Response" - Imperial Ballroom, Mezzanine LevelReturn to TOC Eugene Spafford More information may be found at http://spaf.cerias.purdue.edu/narrate.html. We have 25 years of formal incident response. ...
Keynote Presentation: "The Role of DHS in Securing our Nation’s Cyberspace"Return to TOC Andy Ozment Assistant Secretary Andy Ozment will describe how the Department of Homeland Security seeks to help ...
Keynote Presentation: Business Control Vs. Business Velocity - Practical Considerations for Business Survivability in the Information AgeReturn to TOC Malcolm Harkins Business and markets are changing and we need to move faster and into new markets. ...
Keynote Presentation: The Roles of People and Technology in Incident ResponseReturn to TOC Bruce Schneier N/A
Looking Back at Three Years of Targeted Attacks: Lessons Learned on the Attackers’ Behaviors and Victims’ ProfilesReturn to TOC Olivier Thonnard Targeted attacks consist of sophisticated, low copy number malware developed by attackers having the resources ...
MalwareHost Analysis for Level 1 AnalystsReturn to TOC Garrett Schubert When defending against bleeding edge cyber threats, it is critically important to identify the threat ...
Managing Your Managed Security Service Provider: Improve Your Security PostureReturn to TOC Stephen Seljan Do you have an MSSP or an SSP? In this session, I will discuss what ...
Merovingio: Mislead the MalwareReturn to TOC Juan Carlos Montes The main problem when our teams need to analyze malware incidents is the limitation imposed ...
MMPC's Coordinated Malware EradicationReturn to TOC Holly Stewart The antimalware industry has spent the past two decades detecting, blocking, and removing malware for ...
National-level Collaborative Multi-Lateral Defensive Framework based on Big Data Analytics ParadigmReturn to TOC Ching-hao Mao His research interests are network security and data mining, big data analytics and security operation ...
Network Security Analytics TodayReturn to TOC Aubrey Merchant-dest This presentation/discussion will focus on the use of ‘rich flow-data’ to expose potentially malicious activity ...
On the Outside of Tinba Looking In ...Return to TOC Peter Kruse The hunt for Tinba (aka Tinybanker) as we continue to digg even deeper into this ...
Open DNS Resolver Check SiteReturn to TOC Takayuki Uchiyama , Hiroshi Kobayashi JPCERT/CC released the “Open DNS Resolver Check Site” on 31st of October, 2013. This web-based ...
Open Source Software Environment Security IssuesReturn to TOC Keisuke Kamata , Yoshiki Sugiura A lot of IT security issues happen day by day, like cyber attack, site compromize, ...
Operational CyberThreat Intelligence: 3 Years of IOC Processing at EMC.Return to TOC Kathleen Moriarty , Christopher Harrington As cyber attacker skills mature and their targets more diverse it becomes increasingly important for ...
Our Turbine Got Hacked! - Performing Forensic Investigations of Industrial Control SystemsReturn to TOC Heiko Patzlaff Besides his forensic responsibilities he is involved in security related research activities and Siemens internal ...
Pass-the-Hash: Gaining Root Access to Your NetworkReturn to TOC Tim Slaybaugh The first objective of an intruder once they have access to your system is to ...
pBot botnets: An OverviewReturn to TOC Fernando Karl , Felipe Boeira Botnets (robot networks) are computer networks connected one to another that are under the control ...
Playing Hide and Seek with Rootkits in OS X MemoryReturn to TOC Cem Gurkok The OS X Kernel has become a popular target for malicious players. Currently there are ...
Preparing for the Inevitable Zeroday or What Makes Networks Defendable?Return to TOC Konrads Smelkovs I am an experienced, fast thinking and performing IT consultant with 12 years of experience. ...
Processing Intelligence Feeds with Open Source SoftwareReturn to TOC L. Aaron Kaplan , Chris Horsley After almost three years at AusCERT, he moved to Japan to work for JPCERT/CC, the ...
Protecting the Computer from Ring 0 – A New Concept in Improving Incident ResponseReturn to TOC Mariko Miya , Kouichi Miyashita We are introducing a new concept of technology developed from a completely different point of ...
Rogue Pharma in .CO: The 33DRUGS.CO CaseReturn to TOC Gonzalo Romero “Rogue Pharma” (RP) sites in our .CO ccTLD and how we handle them. Presentation will ...
Scaling Threat Intelligence Practices with AutomationReturn to TOC Douglas Wilson Despite being one of the latest industry buzzwords, properly executed threat intelligence programs are a ...
Securing National Segment of the Internet from Cyber-Threats. CERT-UA's Practical ApproachReturn to TOC Nikolay Koval The presentation is devoted to describe measures and technical solutions which were developed and deployed ...
Security Operations, Engineering, and Intelligence Integration Through the Power of Graph(DB)!Return to TOC Christopher Clark Prior to joining iDefense, Chris worked with the Verisign CSO to architect a full scope ...
Sochi, After ActionReturn to TOC Michael Higgins Each Olympics brings a new challenge from the physical security events following 9/11 to the ...
STIX and TAXII: The Who, When, What, Where, Why and HowReturn to TOC Richard Struse In January 2012, the US Department of Homeland Security began to pursue an unprecedented effort ...
The Art of SinkholingReturn to TOC Tomasz Bukowski In 2013 CERT Polska started to sinkhole .pl domains used for malicious activity. It was ...
The Dutch Responsible Disclosure PolicyReturn to TOC Tarik El Yassem The Dutch hacker community has been asking the government for some kind of whistle-blower protection ...
The MANTIS Framework: Cyber Threat Intelligence Management for CERTsReturn to TOC Stefan Berger , Jan Goebel , Bernd Grobauer , Thomas Schreck , Johann Wallinger Proper Cyber-Threat Intelligence Management is increasingly important for effective incident handling. There is a number ...
TRANSITS Train-the-Trainer (T3) - Terrace Ballroom, Lower LevelReturn to TOC Don Stikvoort The Train-the-Trainer (T3) meeting consists of 2 parts: - Generic concise trainer training: learning strategies, ...
Transparency and Information Sharing in Digital ForensicsReturn to TOC Johan Berggren Ever found that your tools or contracted help are interfering with your incident response workflow? ...
Twenty-Five Years of Computer Security and Incident Response: FIRST's First Quarter-CenturyReturn to TOC Mark Zajicek In 1989, a Computer Security Incident Handling Workshop was held in Pittsburgh, Pennsylvania (USA), with ...
Two-tiered, Multi-team Assessment of CSIRTsReturn to TOC Robin Ruefle In 2013, CERT developed and piloted a two-tiered assessment of an organization’s group of incident ...
Understanding Cyber Security Incident Response Teams as Multiteam SystemsReturn to TOC Steve Zaccaro Facilitators: Stephen Zaccaro, Lois Tetrick, and Reeshad Dalal, Psychology Department of George Mason University, on ...
Use of Passive DNS Databases in Incident Response and ForensicsReturn to TOC Paul A. Vixie Several projects and companies now collect massive quantities of DNS traffic and use them to ...
Using Anthropology to Study Security Incident ResponsReturn to TOC Xinming Ou , Siva Raj Rajagopalan The most critical assets in guarding the nation from cyber terrorists are our cyber defenders ...
We're All the Same in Different Ways: Revisiting the CSIRT Concept for 2015Return to TOC Thomas Millar The idea of the formal CSIRT has been in existence for over 25 years. As ...