Detailed Programme: Wednesday 25th September 2024
| time | title | ATTENDEES | tlp |
|---|---|---|---|
| 09:00 – 12:00 | TF-CSIRT Steering Committee Members | Steering Committee Members only | CLOSED MEETING |
| 12:00 – 13:00 | LUNCH | ||
| 13:00 – 17:00 | CLOSED MEETING | Accredited and Certified teams only | RED/AMBER |
Detailed Programme: Thursday 26th September 2024
| time | title | speaker | tlp | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 09:00 – 09:10 | Welcome | Silvio Oertli, SWITCH-CERT | CLEAR | ||||||||
| 09:10 – 09:30 | Twelve years experience of cybersecurity awareness raising in Latvia | Egils Stūrmanis, CERT.LV | CLEAR | ||||||||
| 09:30 – 10:00 | Inside BinConf Range: Design, Challenges, and Operational Overview | Peter Kleinert, BinConf CDC | CLEAR | ||||||||
| 10:00 – 10:45 | What IT security can learn from civil defence and disaster control | Jens Bothe, OTRS | GREEN | ||||||||
| 10:45 – 11:00 | CVE Prioritisation using MISP and TheHive | Lewis Goor, StACSIRT | GREEN | ||||||||
| 11:00 – 11:30 | COFFEE BREAK | ||||||||||
| 11:30 – 11:50 | Mininterface: Converting a Script into a Program | Edvard Rejthar, CZ.NIC | CLEAR | ||||||||
| 11:50 – 12:05 | Honeypot in a boxHugo | Pavel Valach, CESNET-CERTS | CLEAR | ||||||||
| 12:05 – 12:35 | Security aspects of internet routing | Maria Matejka, BIRD | CZ.NIC | CLEAR | ||||||||
| 12:35 – 13:30 | LUNCH | ||||||||||
| 13:30 – 14:00 | Navigating Threat Response when security depends on user behavior | Sergio Albea, CSOC | CLEAR | ||||||||
| 14:00 – 14:20 | The Rise and Impact of DNS Firewall in Latvia – from idea to mandatory measure | Dana Ludviga, CERT.LV | CLEAR | ||||||||
| 14:20 – 14:35 | It’s 2024… and we still haven’t learned what system (not) to expose on the internet | Jan Kopriva | CLEAR | ||||||||
| 14:35 – 14:55 | Network scanning in e-infrastructure CESNET | Pavel Kácha, CESNET-CERTS | CLEAR | ||||||||
| 14:55 – 15:20 | COFFEE BREAK | ||||||||||
| 15:20 – 15:40 | System FTAS | Tomáš Košňar, CESNET-CERTS | CLEAR | ||||||||
| 15:40 – 16:00 | Vulnerability management in e-infrastructure CESNET | Radko Krkoš, CESNET-CERTS | CLEAR | ||||||||
| 16:00 – 17:00 | Lightning talks
|
moderated by Sigita Jurkynaite | CLEAR |
Detailed Programme: Friday 27th September 2024 (Training Day)
The training sessions will take place on 27 September at various locations in Prague – check the location for the specific training in the table below.
| time | title | speaker | description | location |
|---|---|---|---|---|
| FULL DAY TRAINING 09:00 – 17:00
|
BinConf Range Showdown: Hands-On Defense and Attack Simulation | Peter Kleinert, Binconf CDC | In this hands-on workshop, participants will engage in an intense cybersecurity showdown using the BinConf range, a sophisticated cyber range that simulates a small organization’s IT environment. Designed for both blue and red team members, this immersive experience will challenge participants to defend and attack within a realistic, dynamic network simulation that mirrors common organizational setups. | CESNET
Generála Píky 430/26 |
| FULL DAY TRAINING 09:00 – 17:00
|
Log & Metrics architecting on the Elastic Stack | Thorben Jändling, Elastic | The training goes through all the Elastic Stack components relevant to logging and metrics use-cases (in particular for security), what they do and how to use them. It should give participants the ability to create robust and future proof Elastic Stack architectures, from log collection, to indexing, to analytics. Each module ends with a Quiz running in CTFd, that always gets fun and competitive. All attendees would need a device (laptop/tablet) that can browse the internet, for the course material PDF and CTFd participation. | CESNET
Generála Píky 430/26 |
| HALF DAY TRAINING 09:00 – 12:00
|
Inter federation incident response (IR) in eduGAIN | Sven Gabriel, eduGAIN CSIRT | In this workshop we want to raise awareness of the complexity of incident response in a large federated environment like eduGAIN (https://edugain.org/) providing a trusted infrastructure for federated authentication. The focus here is on the inter federation aspect of IR, and what the key players in IR can do, to deal with an incident requiring the collaboration of the operators (Federation, IdP, SP) contributing to the eduGAIN service and the coordination with eduGAIN CSIRT. The participants will get an introduction to eduGAIN, the relevant security policies, the key security roles, and the IR supporting frameworks like SIRTFI. After that the participants will have to deal with an artificial incident and apply the IR concepts presented before in a Table Top Exercise (TTX) set-up. Although it’s an “made up” scenario, it consists of real world incidents the authors had to deal with. Each of the security roles will be taken by a group, in which the possible reaction to the developing incident response situation needs to be discussed and the found reaction fed back to the incident coordinator. The goal here is to identify the organisational obstacles an operator may run into during IR, and check if the existing procedures are clear enough. The enabled learning objectives (what the participants should learn) include:
* IdP/SP logfile analysis (check for/find a reported Id). * Know SIRTFI v2, and understand how to apply it. * Know how eduGAIN is organised, role of Federations, and eduGAIN CSIRT. * Name the risks of Federated Identity Management. |
SPCSS
Na Vápence 915/14, 130 00 Praha 3 |
| HALF DAY TRAINING
09:00 – 12:00 AND 13:00 – 17:00
|
Artemis (Security Scanner) | Krzysztof Zając, CERT PL | Artemis is a security scanner that we’ve built and use at CERT PL. It is able to check a large number of systems for vulnerabilities and security-related misconfigurations and prepare easy-to-read reports that we then send to affected entities. Using Artemis, we already found almost 300 thousand vulnerabilities and misconfigurations in systems in our constituency. During the training you will learn how to set up and use Artemis.
For best results you are encouraged to have access to a Linux virtual machine and prepare your own list of domains to scan. If you bring a list of e.g., 100 schools in your constituency, you will be able to configure Artemis and initiate a scan that will end with a package of e-mails that can be sent to the affected entities to improve their security. However, if you don’t bring your own domains, you will still learn how Artemis works and how to use it in practice. You will be able to configure Artemis (or use a demo instance I will set up) and scan example domains. |
CESNET
Generála Píky 430/26 |
| HALF DAY TRAINING
13:00-15:30
|
Open Hardware as a Security Probe | Michal Hrušecký, CZ.NIC | Open hardware with a free operating system can be utilized as a security probe. This potential use will be demonstrated using the Turris router, which was originally developed as a security probe for our Turris Sentinel program. This ongoing security research allows participants to join the program, help collect data, and simultaneously use it for their own protection. Within an organization, the Turris router can also serve as a data source for internal security analysis. The workshop will focus on features available to regular users and on possibilities that might be interesting when deploying open hardware in the corporate sphere to enhance security. The goal of the workshop is to show users that open hardware with a free operating system can be an effective solution for both home and corporate security. | CZ.NIC z.s.p.o., Milesovska 5, 130 00 |