With 230 participants, TF-CSIRT kicked off 2021 with an energetic start despite still being online. Participants might not be able to see each other face-to-face but we were able to enjoy different ways of interacting as a community thanks to a Capture the Flag exercise run for TF-CSIRT by Elastic. The CtF saw 59 individuals competing to win bragging rights as well as learning more about the tools offered by Elastic. A description of the exercise is available online and for those interested in learning more or who missed the opportunity, please keep an eye on upcoming Elastic public events. Congratulations to our top-10 winners!

top 10 participants in the TF-CSIRT / Elastic Capture the Flag

Moving into the main meeting, we kicked off with an update from regular TF-CSIRT presenter Jan Kopriva and information about TripOp – A new open-source tool for gathering (not just) security-related data from Shodan. TripOp can be found on github and Jan’s slides are available. From this practical tool, our next two presentations look at two differing trends within the incident response community. Monika Venčkauskaitė from NRD CIRT gave an overview of how AI is impacting Cyber Security and Alexander Kalinin from CERT-GIB focused in on the issues with Big Game Hunting as its impact on how we manage, detect and mitigate ransomware attacks.

Two updates from the GÉANT community followed. Nicole Harris gave an update on GÉANT’s Trusted Certificate Service and the issues that are impacted Certificate Authorities and use of certificates by the main vendor browsers today. The changing face of the business model for certificate provision will be impactful for managing security approaches and strategies in the upcoming months. David Heed talked to the meeting about OpenVAS and work on developing the tool for use by NRENs within the GÉANT GN4 project. OpenVAS is a software framework of several services and tools offering vulnerability scanning and vulnerability management. All OpenVAS products are free software, and most components are licensed under the GNU General Public License. More open source opportunities were presented by CERT-EE who talked about Cuckoo Sandbox and the development of the 3.0 release of the software. Cuckoo is an open source dynamic malware analysis system and the new release brings a host of new features. Training will be available in April 2021 and those with any interest in these training events should reach out to the team.

Our final presentation for this meeting was from Xavier Mertens of XM Consulting who gave a fascinating overview of Remote Forensic Investigations in the context of COVID-19. The impact of the pandemic has caused a renewed focus on the need for remote forensics and dealing and managing with malicious activities without needing to be on site at your organisation or with a customer. Xavier outlined how a range of open-source and easily available tools can help teams manage remote investigations effectively.

TF-CSIRT will meet again on 28th May 2021. Sadly, we will still be online for this meeting but we look forward to more discussions with the community and hope for a future face-to-face before too long.