8th CERT workshop - Part I
ENISA 8th annual workshop 'CERTs in Europe' - Part I is an opportunity to provide EU national/governamental CERT teams technical specialists hands-on training, and additionally to offer a chance to exchange contacts. Participants get to know and meet again other CERT team members, and share their opinions about best practices and experiences. The workshop is for the EU national/governmental CERT teams free of charge, by invitation only, and is hosted by Agency ARNIEC/RoEduNet, the national research and education network in Romania (www.nren.ro).
- Time
- May 21, 2013 09:00 AM to May 22, 2013 05:00 PM
- Timezone
- Europe/Athens
- Place
- Bucharest,
- Registration
- Add to calendar
- Add to vCal, Add to iCal
Warning: past event.
ENISA 8th annual workshop 'CERTs in Europe' - Part I will be held on 21 & 22 May 2013 in Bucharest, Romania, at the Hotel Radisson Blu in Bucharest City Centre. The meeting will be co-located with the 39th TF-CSIRT meeting.
The first day of workshop will contain ENISA CERT exercises available here and on the second day Team Cymru will provide a training specifically tailored for CERT community.
Workshop agenda:
Agenda Day 1
| Agenda day 1 group A (21 May 2013) | |
|---|---|
| 09:00 - 09:30 | Registration of participants and coffee break |
| 09:30 - 09:45 | Opening from ENISA (Andrea Dufkova, Lauri Palkmets, Cosmin Ciobanu) |
| 09:45 - 10:00 | Splitting into 2 groups |
| 10:00 - 12:00 | Incident handling during an attack on Critical Information Infrastructure |
| 12:00 - 12:30 | CloudCERT and SCADA Lab |
| 12:30 - 14:00 | Lunch |
| 14:00 – 14.45 | Incident handling during an attack on Critical Information Infrastructure (discussion) |
| 14:45 – 15.30 | Mobile threats incident handling |
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:00 | n/g CERTs topics - round table discussion (moderator: Andrea Dufkova) |
| 17:00 - 17:10 | Closing remarks for the day |
| Agenda day 1 group B (21 May 2013) | |
|---|---|
| 09:00 - 09:30 | Registration of participants and coffee break |
| 09:30 - 09:45 | Opening from ENISA (Andrea Dufkova, Lauri Palkmets, Cosmin Ciobanu) |
| 09:45 - 10:00 | Splitting into 2 groups |
| 10:00 - 12:30 | Honeypots |
| 12:30 - 14:00 | Lunch |
| 14:00 – 15.30 | Honeypots |
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:00 | n/g CERTs topics - round table discussion (moderator: Andrea Dufkova) |
| 17:00 - 17:10 | Closing remarks for the day |
Agenda Day 2
A day in the life of malware-example
Team Cymru will focus on understanding the operation and nature of malware by following the life cycle of a piece of malware from compromising a target machine and creation of a botnet, to the observation and identification of malware, its capture, extraction and subsequent analysis. In the analysis emphasis will be given to understand how the analysis can provide clues and information that can assist in tracking that botnet and eventual attribution.
Participants will engaged in the identification of the botnet through network based analysis, followed by extraction and analysis of malware using both static and dynamic processes. The exercises will be conducted on virtual machines.
| Agenda day 2 group A (22 May 2013) | |
|---|---|
| 09:00 - 09:30 | Registration of participants and coffee break |
| 09:30 - 09:45 | Opening from Team Cymru |
| 09:45 - 10:00 | Splitting into 2 groups |
| 10:00 - 12:30 | A day in the life of malware-example |
| 12:30 - 14:00 | Lunch |
| 14:00 – 15.30 | A day in the life of malware-example |
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:00 | A day in the life of malware-example |
| 17:00 - 17:10 | Closing remarks of the workshop (ENISA; Team Cymru) |
| Agenda day 2 group B (22 May 2013) | |
|---|---|
| 09:00 - 09:30 | Registration of participants and coffee break |
| 09:30 - 09:45 | Opening from Team Cymru |
| 09:45 - 10:00 | Splitting into 2 groups |
| 10:00 - 12:30 | A day in the life of malware-example |
| 12:30 - 14:00 | Lunch |
| 14:00 – 15.30 | A day in the life of malware-example |
| 15:30 - 16:00 | Coffee break |
| 16:00 - 17:00 | A day in the life of malware-example |
| 17:00 - 17:10 | Closing remarks of the workshop (ENISA; Team Cymru) |
Note: Agenda is provisional and subject to change
