Dates and Location
The 70th TF-CSIRT Meeting took place on 25th – 27th September 2023 in Stockholm, Sweden. The meeting was kindly hosted by the Svenskt CERT-forum (Swedish CERT-forum).
The training events were held at the SEB offices, Stjärntorget 4, 169 79 Solna, Sweden.
The main meeting venue was Swedbank head office, Landsvägen 40, 172 63 Sundbyberg, Sweden.
Transportation and Accommodation
The easiest way to get to either is via commuter train from one of the following stations:
- Stockholm Odenplan
- Cityterminalen (T-Centralen)
- Södra Station
We recommend staying in a hotel near one of these stations and will provide details on transportation options, tickets, and so forth closer to the event. Public transportation options between the area where training is held and the area for the main meeting are limited.
Recommended hotels near the main venue (Swedbank Head Office):
- Best Western Plus Grow Hotel, Landsvägen 30, 171 54 Solna (3 min walk)
- Hotel by Maude Solna, Smidesvägen 1-3, 171 41 Solna, Sweden (11 min walk)
- Maude’s Hotel Solna Business Park, Englundavägen 2, 171 41 Solna, Sweden (7 min walk)
- Story Hotel Signalfabriken, Sundbybergs torg 1, 172 67 Sundbyberg, Sweden (7 min walk)
Call for Proposals
The Call for Proposals is CLOSED. We encourage all teams to contribute to the programme of our future meetings.
Topics you may wish to consider include:
- Team Updates
- Threat Intelligence Sharing
- Tooling and Services for CSIRT Communities
- Use of Machine Learning
- Generative AI, (offensive and defensive usecases)
Please send us any ideas you may have for ideas, content, panels, discussions that might not fit a “traditional” speaking slots – we love to add new content to the programme.
Registration
Registration for the meeting is CLOSED.
Social Event
The Social Event took place at the Vasa Museum – a real treasure from the 17th century that offers us a rich history, from the work at the Ship Yard to life on board a warship.
There was a guided tour at the museum and a three course dinner. As it is a maritime museum, fish is their speciality, but as an alternative there will also be vegetarian options. It is recommended to bring a jacket or a sweater to wear during the dinner, since it is about 18 degrees in the hall by the ship.
Programme Overview
| event | audience | date | TIME |
|---|---|---|---|
| MONDAY 25 September | |||
| TF-CSIRT Steering Committee Meeting | Steering Committee Members Only | 25th September 2023 | 14:00 – 17:00 CEST |
| Training 1. SIM3 – OCF: A workshop in Security Incident Management Maturity Model (SIM3). Half Day. | FULL (Registration closed) | 25th September 2023 | 08:30 – 13:30 CEST |
| Training 2. Enterprise Forensic and Recovery – Truesec: In this workshop we will learn and talk about both the forensic part and recovery part of incident response in a hands-on matter. Full Day. | FULL (Registration closed) | 25th September 2023 | 08:30 – 17:00 CEST |
| Training 3. MISP – CIRCL. Full Day. | FULL (Registration closed) | 25th September 2023 | 08:30- 17:00 CEST |
| Training 4. Cyber crisis exercise – Sunet CERT: a table top exercise including a basic introduction to crisis exercises and crisis management. We are ending the day with a lessons learned session. Half Day. | FULL (Registration closed) | 25th September 2023 | 12:30 – 17:00 CEST |
| Training 5. Piece of cake – SWITCH-CERT: table-top role playing game. Half Day. | FULL (Registration closed) | 25th September 2023 | 12:30 – 17:00 CEST |
| Training 6. Walkthrough of CTFs – CERT-SE: In this workshop we will go through a couple of challenges from the Swedish national CSIRT’s CTFs (Capture the Flag) and learn how we can solve them hands-on. Half Day. | FULL (Registration closed) | 25th September 2023 | 12:30 – 17:00 CEST |
| PR Working Group Meeting | PR Working Group Members – please sign up on the general meeting registration form | 25th September 2023 | 12:30 – 17:00 CEST |
| TUESDAY 26 September | |||
| TF-CSIRT Closed Meeting | Accredited and Certified Teams only | 26th September 2023 | 09:00 – 12:00 CEST |
| TF-CSIRT Open Meeting | All Trusted Introducer Members | 26th September 2023 | 13:00 – 17:00 |
| CTI Working Group Meeting | Working Group Members (all Trusted Introducer Members invited to join!) | 26th September | 16:00 – 17:00 CEST |
| Social Event at the Vasa Museum | All Participants | 26th September 2023 | 19:00 – 23:00 CEST |
| WEDNESDAY 27 September | |||
| TF-CSIRT Open Meeting (cont.) | All Trusted Introducer Members | 27th September 2023 | 09:00 – 13:00 |
| BoF – NREN SOCs | All interested NRENs | 27th September 2023 | 12:00 – 13:00 |
Detailed Programme: Tuesday 26th September 2023
| time | title | speaker | tlp |
|---|---|---|---|
| 09:00 – 12:00 | CLOSED MEETING | Accredited and Certified Teams Only | AMBER / RED |
| 12:00 – 13:00 | LUNCH | ||
| 13:00 – 13:10 | Welcome | Silvio Oertli, SWITCH-CERT | CLEAR |
| 13:10 – 13:30 | Steering Committee update, new Steering Committee members introductions | Silvio Oertli, SWITCH-CERT | CLEAR |
| 13:30 – 13:45 | Swedish CERT-forum / CERT-SE Welcome | Karin Lindström (CERT-SE) | CLEAR |
| 13:45 – 14:00 | Huawei PSIRT team update | François Ambrosini & Sonny van Lingen (Huawei PSIRT) | CLEAR |
| 14:00 – 14:10 | State of Cybersecurity in Central Asia | Talgat Nurlybayev (KazAcad CSIRT) | CLEAR |
| 14:10 – 14:30 | Network Security Monitoring at 100Gbps | Kashif Mohammad (OxCERT) | GREEN |
| 14:30 – 15:00 | BREAK | ||
| 15:00 – 15:20 | TI_ctf – The TI Capture The Flag Event of the National Digital Health Agency in Germany | Pit Weber (gematik CERT) | GREEN |
| 15:20 – 15:50 | DNS Firewall Cross-Border Collaboration between DFN and SWITCH | Martin Waleczek (DFN-CERT), Matthias Seitz (SWITCH-CERT) | GREEN |
| 15:50 – 16:00 | Lightning Talks: CERT-SE Team Update – Karl Selin (CERT-SE) Managing cyber-attacks – The construction and organization of corporate digital responsibility of public and private organizations in Sweden – Andrea Fried (CODIRES) OpenCTI.io – Open Threat Intelligence Platform – Josef Šmidrkal | Hosted by Sigita Jurkynaite | CLEAR |
| 16:00 – 17:00 | CTI Working Group Meeting |
Detailed Programme: Wednesday 27th September 2023
| TIME | TITLE | SPEAKER | TLP |
|---|---|---|---|
| 09:00 – 09:10 | Welcome | Silvio Oertli, SWITCH-CERT | CLEAR |
| 09:10 – 09:30 | NCSC-FI Team Update and Current Projects | Ossi Kuosmanen, Antti Louko (NCSC-FI) | GREEN |
| 09:30 – 09:45 | CSIRT.CZ: Stress testing services (a.k.a. "DDoS for hire") | Martin Kunc (CSIRT.CZ) | GREEN |
| 09:45 – 10:00 | Gryphon’s Rise Above Ransomware: Our Answer to Ransomware’s Challenge to Conventional Security | Michal Šafranko (IstroCSIRT) | GREEN |
| 10:00 – 10:30 | Is a warning service the solution for meeting the challenges of vulnerability exploitation ? | Eskil Sørensen (DKCERT) | CLEAR |
| 10:30 – 11:00 | BREAK | ||
| 11:00 – 11:30 | Netflow Monitoring with flowpipeline and ELK | Konstantin Zangerle (KIT-CERT) | CLEAR |
| 11:30 – 12:00 | Customer Zero: Elastic’s InfoSec Org | Thorben Jändling (TI Associate) | GREEN |
| 12:00 – 13:00 | BoF – NREN SOCs | Hosted by Jens-Christian Fischer (SWITCH) | |
| 12:00 – 13:00 | LUNCH |