Focus on:  Hide Contributions
Back to Conference View
Login

TF-CSIRT Trainings/Side meetings Copenhagen

Starts
Ends
(Timezone - Europe/Copenhagen)
MBK, Pilestræde 61, 1112 København K. (Copenhagen, Denmark )

MBK, Pilestræde 61, 1112 København K.

Copenhagen, Denmark
Registration
A. Improving your Role as CSIRT/SOC Manager (Full Day)
27 / 35
Apply for participation
B. CTI working group meeting/workshop (Morning)
34 / 35
Apply for participation
C. PR working group meeting (Morning)
7 / 12
Apply for participation
E. Piece of Cake (tabletop role-playing game) (Morning)
5 / 5
F. Poor man Incident Response with KAPE, ELK, and Python Kung-Fu (Morning)
35 / 35
G. Artemis (Security Scanner) (Afternoon)
12 / 12
I. Poor man Incident Response with KAPE, ELK, and Python Kung-Fu (Afternoon)
23 / 35
Apply for participation
    • 09:00 12:00
      Artemis (Security Scanner) training (Morning)

      Artemis is a security scanner that we’ve build and use at CERT PL. It is able to:
      check a large number of systems for vulnerabilities and security-related misconfigurations,
      prepare easy-to-read reports that we then send to affected entities.
      Using Artemis, we already found more than 200 thousand vulnerabilities and misconfigurations in systems in our
      constituency.

      During the training you will learn how to set up and use Artemis. For best results you are encouraged to have access
      to a Linux virtual machine and prepare your own list of domains to scan. If you bring a list of e.g., 100 schools in
      your constituency, you will be able to configure Artemis and initiate a scan that will end with a package of e-mails
      that can be sent to the affected entities to improve their security.

      However, if you don't bring your own domains, you will still learn how Artemis works and how to use it in practice.
      You will be able to configure Artemis (or use a demo instance I will set up) and scan example domains.

    • 09:00 12:00
      CTI working group meeting/workshop

      Based on the previous CTI WG meetings we will go through the working group agenda and after that we will dive into the CTI lifecycle. Workshop is for tech and non-tech people to get better overview of CTI lifecycle stages for different CTI types.

    • 09:00 17:00
      Improving your Role as CSIRT/SOC Manager

      Often CSIRT/SOC’ success depend a lot on how well they are managed by the management team. This training is one of very few trainings available specifically targeting CSIRT/SOC managers – to inspire, motivate, upskill, and foster friendships with other CSIRT/SOC managers. Training is for current and future senior and mid-managers of CSIRTs and SOCs. The objective of the training is to spend full day reflecting and collectively working on CSIRT/SOC manager’s daily questions and concerns, including KPIs, Annual report writing, clarity improvement in mandate and strategy, manager’s time planning and allocation. It will be dedicated time to build relations between managers, discussing and supporting each other.

      The training covers four topics:

      Mandate and Strategy Clarification
      Manager Time Allocation
      KPIs
      Annual Reporting

    • 09:00 12:00
      PR working group meeting
    • 09:00 12:00
      Piece of Cake (tabletop role-playing game) (Morning)

      The Piece of Cake tabletop role-playing game has been developed to raise awareness of different social engineering techniques. The players take on the role of employees of a bakery. The drama is high because the secret recipe for their famous cake has been stolen by a rival bakery. The goal is to steal the recipe back. In the workshop, the game is introduced and played with the participants. The background and origins of the game will be explained, as well as how the game, which is freely available under Creative Commons, can be run by the participants themselves

    • 10:00 12:00
      Poor man Incident Response with KAPE, ELK, and Python Kung-Fu (Morning)

      2-hour lecture on how a professional CSIRT team relies on a super timeline, to analyze extracted logs, filesystem information and other forensic artifacts.

    • 13:00 16:00
      Artemis (Security Scanner) training (Afternoon)

      Artemis is a security scanner that we’ve build and use at CERT PL. It is able to:
      check a large number of systems for vulnerabilities and security-related misconfigurations,
      prepare easy-to-read reports that we then send to affected entities.
      Using Artemis, we already found more than 200 thousand vulnerabilities and misconfigurations in systems in our
      constituency.

      During the training you will learn how to set up and use Artemis. For best results you are encouraged to have access
      to a Linux virtual machine and prepare your own list of domains to scan. If you bring a list of e.g., 100 schools in
      your constituency, you will be able to configure Artemis and initiate a scan that will end with a package of e-mails
      that can be sent to the affected entities to improve their security.

      However, if you don't bring your own domains, you will still learn how Artemis works and how to use it in practice.
      You will be able to configure Artemis (or use a demo instance I will set up) and scan example domains.

    • 13:00 16:00
      Gaining insights from adversial activites. Applying external data to incident response and threat hunting

      In this session you will see how threat hunters and intelligence analysts can use external data to illuminate actor infrastructure and conduct threat reconnaissance. Participants are encouraged to bring IP addresses or domains related to incidents they are working with to use as examples.

    • 13:00 16:00
      Piece of Cake (tabletop role-playing game) (Afternoon)

      The Piece of Cake tabletop role-playing game has been developed to raise awareness of different social engineering techniques. The players take on the role of employees of a bakery. The drama is high because the secret recipe for their famous cake has been stolen by a rival bakery. The goal is to steal the recipe back. In the workshop, the game is introduced and played with the participants. The background and origins of the game will be explained, as well as how the game, which is freely available under Creative Commons, can be run by the participants themselves

    • 13:00 15:00
      Poor man Incident Response with KAPE, ELK, and Python Kung-Fu (Afternoon)

      2-hour lecture on how a professional CSIRT team relies on a super timeline, to analyze extracted logs, filesystem information and other forensic artifacts.

Powered by Indico v3.2.8.G.0.1.14