Detailed Programme: Monday 13th May 2024
| time | title | ATTENDEES | tlp |
|---|---|---|---|
| 09:00 – 12:00 | TF-CSIRT Steering Committee Members | Steering Committee Members only | CLOSED MEETING |
| 12:00 – 13:00 | LUNCH | All attendees of Monday meetings | |
| 13:00 – 17:00 | CLOSED MEETING | Accredited and Certified teams only | RED/AMBER |
Detailed Programme: Tuesday 14th May 2024
| time | title | speaker | tlp |
|---|---|---|---|
| 10:00 – 10:15 | Welcome & Steering Committee Update | Silvio Oertli, SWITCH-CERT | CLEAR |
| 10:15 – 10:45 | Unboxing the black box: Vulnerabilities and incident response in appliances | Kristoffer Svensen Solberg (mIRT) | CLEAR |
| 10:45 – 11:00 | Communication DOs and DON’Ts in cyber incident response | Zivile Necejauskaite (NRD CIRT) | CLEAR |
| 11:00 – 11:30 | BREAK | ||
| 11:30 – 11:50 | Open-source CERT management solution | Marko Krstic (SRB-CERT) | CLEAR |
| 11:50 – 12:05 | Creating communities for Threat Intel Sharing | Amanda Ross (StACSIRT) | CLEAR |
| 12:05 – 12:30 | Understanding the Threat: What is Business Email Compromise? | Viktor Sahin-Uppströmer (Truesec CSIRT) | CLEAR |
| 12:30 – 13:30 | LUNCH | ||
| 13:30 – 14:00 | Advancing Digital Forensic Readiness: Bridging Higher Education and CSIRTs | Darja-Anna Yurovsky (Switch-CERT) | GREEN |
| 14:00 – 14:30 | A deepdive into the Akira RaaS | Viktor Sahin Uppströmer and Heresh Zaremand (Truesec) | CLEAR |
| 14:30 – 15:00 | How CERT PL finds vulnerabilities in our constituency at a scale: an update on the Artemis project | Krzysztof Zając (CERT PL) | CLEAR |
| 15:00 – 15:30 | BREAK | ||
| 15:30 – 16:00 | Reflect and Reboot – Incident Response in PSIRT | Rhys Mataira (Ericsson PSIRT) | GREEN |
| 16:00 – 16:15 | Coordinated vulnerability reporting platform – one year of operations in Latvia | Sanita Vītola (CERT-LV) | CLEAR |
| 16:15 – 16:30 | Update on Switch CommunitySOC | Jens-Christian Fischer (SWITCH-CERT) | GREEN |
| 16:30 – 17:00 |
Lightning talks
|
moderated by Sigita Jurkynaite |
Detailed Programme: Wednesday 15th May 2024
| time | title | speaker | description |
|---|---|---|---|
| FULL DAY TRAINING 09:00 – 17:00 | Improving your Role as CSIRT/SOC Manager | Vilius Benetis (NRD Cyber Security) | Often CSIRT/SOC’ success depend a lot on how well they are managed by the management team. This training is one of very few trainings available specifically targeting CSIRT/SOC managers – to inspire, motivate, upskill, and foster friendships with other CSIRT/SOC managers. Training is for current and future senior and mid-managers of CSIRTs and SOCs. The objective of the training is to spend full day reflecting and collectively working on CSIRT/SOC manager’s daily questions and concerns, including KPIs, Annual report writing, clarity improvement in mandate and strategy, manager’s time planning and allocation. It will be dedicated time to build relations between managers, discussing and supporting each other. |
| HALF DAY TRAINING 09:00 – 12:00 OR 13:00 – 16:00 |
Artemis (Security Scanner) | Krzysztof Zając (CERT PL) | During the training you will learn how to set up and use Artemis. For best results you are encouraged to have access to a Linux virtual machine and prepare your own list of domains to scan. If you bring a list of e.g., 100 schools in your constituency, you will be able to configure Artemis and initiate a scan that will end with a package of e-mails that can be sent to the affected entities to improve their security. However, if you don’t bring your own domains, you will still learn how Artemis works and how to use it in practice. You will be able to configure Artemis (or use a demo instance I will set up) and scan example domains. |
| HALF DAY TRAINING 09:00 – 12:00 OR 13:00 – 16:00 |
Piece of Cake (tabletop role-playing game) | Silvio Oertli, Darja-Anna Yurovsky (SWITCH CERT) | The Piece of Cake tabletop role-playing game has been developed to raise awareness of different social engineering techniques. The players take on the role of employees of a bakery. The drama is high because the secret recipe for their famous cake has been stolen by a rival bakery. The goal is to steal the recipe back. In the workshop, the game is introduced and played with the participants. The background and origins of the game will be explained, as well as how the game, which is freely available under Creative Commons, can be run by the participants themselves |
| HALF DAY TRAINING 10:00 – 12:00 OR 13:00 – 15:00 |
Poor man Incident Response with KAPE, ELK, and Python Kung-Fu | itm8’s CSIRT team | 2-hour lecture on how a professional CSIRT team relies on a super timeline, to analyze extracted logs, filesystem information and other forensic artifacts. |
| HALF DAY TRAINING 13:00 – 16:00 | Gaining insights from adversarial activities. Applying external data to incident response and threat hunting | Josh Hopkins (Team Cymru) | In this session you will see how threat hunters and intelligence analysts can use external data to illuminate actor infrastructure and conduct threat reconnaissance. Participants are encouraged to bring IP addresses or domains related to incidents they are working with to use as examples. |
| HALF DAY WORKSHOP 09:00 – 12:00 | CTI working group meeting/workshop | CTI WG | Based on the previous CTI WG meetings we will go through the working group agenda and after that we will dive into the CTI lifecycle. Workshop is for tech and non-tech people to get better overview of CTI lifecycle stages for different CTI types. |
| HALF DAY MEETING 09:00 – 12:00 | PR working group meeting | PR WG |
In this CERTs’ PR group meeting we are aiming to share our experience and cover topics: Crisis Communication, NIS2 from PR perspective, the findings from the survey on cybersecurity habits among Latvian users, PR relations with other departments in the organization, and cooperation with external partners on shared projects or campaigns. CERTs’ PR Group facilitates collaboration among PR, marketing, and communication professionals in the CERT and CSIRT community. Our goal is to foster sharing of experience, best practices, and information on various topics including reports, marketing tools, and upcoming events. We aim to promote the cybersecurity industry, raise awareness, and enhance understanding of cybersecurity-related activities. Participants are encouraged to share their experiences and best practices in addressing PR challenges. Everyone is welcome! |