Detailed Programme: Monday 13th May 2024

time title ATTENDEES  tlp
09:00 – 12:00 TF-CSIRT Steering Committee Members Steering Committee Members only CLOSED MEETING
12:00 – 13:00 LUNCH All attendees of Monday meetings  
13:00 – 17:00  CLOSED MEETING Accredited and Certified teams only RED/AMBER

Detailed Programme: Tuesday 14th May 2024

time title speaker tlp
10:00 – 10:15 Welcome & Steering Committee Update Silvio Oertli, SWITCH-CERT CLEAR
10:15 – 10:45 Unboxing the black box: Vulnerabilities and incident response in appliances Kristoffer Svensen Solberg (mIRT) CLEAR
10:45 – 11:00 Communication DOs and DON’Ts in cyber incident response Zivile Necejauskaite (NRD CIRT) CLEAR
11:00 – 11:30 BREAK    
11:30 – 11:50 Open-source CERT management solution Marko Krstic (SRB-CERT) CLEAR
11:50 – 12:05 Creating communities for Threat Intel Sharing Amanda Ross (StACSIRT) CLEAR
12:05 – 12:30 Understanding the Threat: What is Business Email Compromise? Viktor Sahin-Uppströmer (Truesec CSIRT) CLEAR
12:30 – 13:30 LUNCH    
13:30 – 14:00 Advancing Digital Forensic Readiness: Bridging Higher Education and CSIRTs Darja-Anna Yurovsky (Switch-CERT) GREEN
14:00 – 14:30 A deepdive into the Akira RaaS Viktor Sahin Uppströmer and Heresh Zaremand (Truesec) CLEAR
14:30 – 15:00 How CERT PL finds vulnerabilities in our constituency at a scale: an update on the Artemis project Krzysztof Zając (CERT PL) CLEAR
15:00 – 15:30 BREAK    
15:30 – 16:00 Reflect and Reboot – Incident Response in PSIRT Rhys Mataira (Ericsson PSIRT) GREEN
16:00 – 16:15 Coordinated vulnerability reporting platform – one year of operations in Latvia Sanita Vītola (CERT-LV) CLEAR
16:15 – 16:30 Update on Switch CommunitySOC Jens-Christian Fischer (SWITCH-CERT) GREEN
16:30 – 17:00

Lightning talks

  1. Jochen Schoenfelder (DFN-CERT) An advert for the GÉANT project
  2. Hassan Merghani (Ericsson PSIRT) – Linux Kernel CVE Fatigue
  3. Peter Kleinert (Binconf CDC) – Protegamus on demand range for blue and red teams
  4. Wim Biemolt (SURFcert) – Prapare for the worst
  5. Sébastien Masse (CERT-MCS) – Team Intro
  6. Kristiana Muze-Feldberga (CERT-LV) – CyberChess 2024
  7. Andrea Kropacova (CESNET) – Invitation to 72nd meeting in Prague
moderated by Sigita Jurkynaite  

Detailed Programme: Wednesday 15th May 2024

time title speaker description
FULL DAY TRAINING 09:00 – 17:00 Improving your Role as CSIRT/SOC Manager Vilius Benetis (NRD Cyber Security) Often CSIRT/SOC’ success depend a lot on how well they are managed by the management team. This training is one of very few trainings available specifically targeting CSIRT/SOC managers – to inspire, motivate, upskill, and foster friendships with other CSIRT/SOC managers. Training is for current and future senior and mid-managers of CSIRTs and SOCs. The objective of the training is to spend full day reflecting and collectively working on CSIRT/SOC manager’s daily questions and concerns, including KPIs, Annual report writing, clarity improvement in mandate and strategy, manager’s time planning and allocation. It will be dedicated time to build relations between managers, discussing and supporting each other.
HALF DAY TRAINING 09:00 – 12:00 OR
13:00 – 16:00
Artemis (Security Scanner) Krzysztof Zając (CERT PL) During the training you will learn how to set up and use Artemis. For best results you are encouraged to have access to a Linux virtual machine and prepare your own list of domains to scan. If you bring a list of e.g., 100 schools in your constituency, you will be able to configure Artemis and initiate a scan that will end with a package of e-mails that can be sent to the affected entities to improve their security. However, if you don’t bring your own domains, you will still learn how Artemis works and how to use it in practice. You will be able to configure Artemis (or use a demo instance I will set up) and scan example domains.
HALF DAY TRAINING 09:00 – 12:00 OR
13:00 – 16:00
Piece of Cake (tabletop role-playing game) Silvio Oertli, Darja-Anna Yurovsky (SWITCH CERT) The Piece of Cake tabletop role-playing game has been developed to raise awareness of different social engineering techniques. The players take on the role of employees of a bakery. The drama is high because the secret recipe for their famous cake has been stolen by a rival bakery. The goal is to steal the recipe back. In the workshop, the game is introduced and played with the participants. The background and origins of the game will be explained, as well as how the game, which is freely available under Creative Commons, can be run by the participants themselves
HALF DAY TRAINING 10:00 – 12:00 OR
13:00 – 15:00
Poor man Incident Response with KAPE, ELK, and Python Kung-Fu itm8’s CSIRT team 2-hour lecture on how a professional CSIRT team relies on a super timeline, to analyze extracted logs, filesystem information and other forensic artifacts.
HALF DAY TRAINING 13:00 – 16:00 Gaining insights from adversarial activities. Applying external data to incident response and threat hunting Josh Hopkins (Team Cymru) In this session you will see how threat hunters and intelligence analysts can use external data to illuminate actor infrastructure and conduct threat reconnaissance. Participants are encouraged to bring IP addresses or domains related to incidents they are working with to use as examples.
HALF DAY WORKSHOP 09:00 – 12:00 CTI working group meeting/workshop CTI WG Based on the previous CTI WG meetings we will go through the working group agenda and after that we will dive into the CTI lifecycle. Workshop is for tech and non-tech people to get better overview of CTI lifecycle stages for different CTI types.
HALF DAY MEETING 09:00 – 12:00 PR working group meeting PR WG

In this CERTs’ PR group meeting we are aiming to share our experience and cover topics: Crisis Communication, NIS2 from PR perspective, the findings from the survey on cybersecurity habits among Latvian users, PR relations with other departments in the organization, and cooperation with external partners on shared projects or campaigns.

CERTs’ PR Group facilitates collaboration among PR, marketing, and communication professionals in the CERT and CSIRT community. Our goal is to foster sharing of experience, best practices, and information on various topics including reports, marketing tools, and upcoming events. We aim to promote the cybersecurity industry, raise awareness, and enhance understanding of cybersecurity-related activities. Participants are encouraged to share their experiences and best practices in addressing PR challenges.

Everyone is welcome!