STIX Workshop
FIRST TC - 1 Day
FIRST TC - 2 Day
STIX Workshop | |
---|---|
10:00 – 10:15 | Welcome Remarks |
10:15 – 12:30 | John Wunder (MITRE) |
12:30 – 13:45 | Lunch Break |
13:45 – 15:15 | John Wunder (MITRE) |
15:15 – 15:45 | Coffee Break |
15:45 – 17:00 | John Wunder (MITRE) |
FIRST TC - 1 Day | |
---|---|
09:00 – 09:15 | Welcome Remarks |
09:15 – 10:00 | US Threat Intelligence - the how, what and why Gavin Reid (HUMAN Security, US) |
10:00 – 11:00 | Real world information exchange: challenges and insights Freddy Dezeure (CERT-EU) |
11:00 – 11:30 | Coffee Break |
11:30 – 12:00 | From Cyber Security Information Sharing to Threat Management Joep Gommers, Marko Dragoljevic (EclecticIQ) |
12:00 – 12:45 | Threat Intelligence Sharing in the Financial Services Sector Ray Irving (FS-ISAC) |
12:45 – 13:45 | Lunch Break |
13:45 – 14:30 | Cyber Defence Technical Information Sharing: Challenges and Risks in a Multinational Environment Manisha Parmar (NCI Agency) |
14:30 – 15:15 | Evaluating Threat Intelligence Feeds Andrew Kompanek (CERT/CC); Pawel Pawlinski (CERT Polska / NASK) |
15:15 – 15:45 | Coffee Break |
15:45 – 16:30 | US OASIS Technical Committee on Cyber-Threat Intelligence Update Richard Struse (DHS, US) |
16:30 – 17:30 | US Operationalizing Threat Intelligence: Technical Operations & Program Integration Cory Mazzola (US-CERT, US) |
18:00 – 00:00 | sponsored by Siemens — Leonardi restaurant |
FIRST TC - 2 Day | |
---|---|
09:00 – 10:00 | A Day's Worth of Changes on the Global DNS |
10:00 – 10:45 | Trey Darley (Soltra) |
10:45 – 11:15 | Coffee Break |
11:15 – 11:45 | User Aspects of Threat Information Sharing Technology Tomas Sander (Hewlett Packard Enterprise) |
11:45 – 12:15 | "Hiryu" – An IOC Management and Visualization Tool for Analyzing Targeted Attacks Hiroshi Soeda (JPCERT) |
12:15 – 13:15 | Lunch Break |
13:15 – 14:00 | US Leveraging CTI in Major Incident Response Omar Cruz (US-CERT, US) |
14:00 – 14:30 | AT Incident Handling with IntelMQ Aaron Kaplan (CERT.at, AT) |
14:30 – 15:15 | LU Alexandre Dulaunoy (CIRCL, LU) |
15:15 – 15:45 | Coffee Break |
15:45 – 16:30 | NL From Indicator Management to Threat Management Jörg Abraham (Shell, NL) |
16:30 – 17:15 | Theory and Practice of TI Management using STIX and CybOX Grobauer (Siemens) |
17:15 – 17:30 | Closing |
Manisha Parmar (NCI Agency)
February 24, 2016 13:45-14:30
parmar-multinational-environment.pdf
MD5: b26222d47f76634f737a7e29087532bc
Format: application/pdf
Last Update: March 3rd, 2016
Size: 721.24 Kb
Andrew Kompanek (CERT/CC), Pawel Pawlinski (CERT Polska / NASK)
Pawel Pawlinski is a specialist in the Security Projects Team at CERT Polska. His main interests in the domain of network security include intrusion detection systems, anomaly detection algorithms, client honeypots and visualization. Currently he is involved in the design of the Honey Spider Network 2.0 project and a platform for sharing security-related data. He holds an MSc degree in Computer Science from the Faculty of Electronics and Information Technology in Warsaw University of Technology.
February 24, 2016 14:30-15:15
kompanek-pawlinski-evaluating-threat-ntelligence-feeds.pdf
MD5: cbafcb2bf20796621bc50611183945c3
Format: application/pdf
Last Update: March 3rd, 2016
Size: 429.68 Kb
Alexandre DulaunoyAlexandre Dulaunoy (CIRCL, LU)
Alexandre Dulaunoy encountered his first computer in the eighties, and he disassembled it to know how the thing works. While pursuing his logical path towards information security and free software, he worked as senior security network consultant at different places (e.g. Ubizen, now Cybertrust). He co-founded a startup called Conostix, which specialised in information security management. For the past 6 years, he was the manager of global information security at SES, a leading international satellite operator. He is now working at CIRCL in the research and operational fields. He is also a lecturer in information security at Paul-Verlaine University in Metz and the University of Luxembourg. He is also the lead developer of various open source tools including cve-search and member of the MISP core team.
February 25, 2016 14:30-15:15
MD5: 649bb9671519a8826acee3b5afda83f9
Format: application/pdf
Last Update: March 4th, 2016
Size: 485.59 Kb
Joep Gommers (EclecticIQ), Marko Dragoljevic (EclecticIQ)
February 24, 2016 11:30-12:00
dragoljevic-gommers-from-cyber-security.pdf
MD5: 690e8d83f2bdac1945ac6794c01896fe
Format: application/pdf
Last Update: March 3rd, 2016
Size: 4.81 Mb
Jörg AbrahamJörg Abraham (Shell, NL)
Mr. Jörg Abraham is a Senior Threat Intelligence Analyst in the EclecticIQ Fusion Center. He is responsible for analyzing Cyber Threats and providing accurate, timely and structured intelligence relevant to EclecticIQ's customers. Before joining EclecticIQ he has been working for Royal Dutch Shell for more than 10 years in various Cyber Defense positions. Mr. Jörg Abraham is a Certified Information System Security professional (CISSP) and GIAC Certified Forensic Analyst (GCFA).
February 25, 2016 15:45-16:30
Hiroshi Soeda (JPCERT)
February 25, 2016 11:45-12:15
soeda-hiryu-the-ioc-management.pdf
MD5: 6a75aef4a7596b6e1647904fbea11d8d
Format: application/pdf
Last Update: March 4th, 2016
Size: 1020.74 Kb
Aaron KaplanAaron Kaplan (CERT.at, AT)
Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.
February 25, 2016 14:00-14:30
Trey Darley (Soltra)
February 25, 2016 10:00-10:45
darley-moving-beyond-threatbutt.txt
MD5: d41d8cd98f00b204e9800998ecf8427e
Format: text/plain
Last Update: March 4th, 2016
Size: 0 B
Richard StruseRichard Struse (DHS, US)
Richard Struse is the Chief Strategist for Cyber Threat Intelligence (CTI) at The MITRE Corporation, leading the effort to improve cyber defense by better understanding the adversary’s tactics and techniques. In addition, he is the chair of the Cyber Threat Intelligence Technical Committee within OASIS, an international standards development organization. In 2018, Mr. Struse was elected to serve on the board of directors of OASIS. Previously, Mr. Struse served as the Chief Advanced Technology Officer for the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) where he was responsible for technology vision, strategy and implementation in support of the NCCIC’s mission. Mr. Struse is the creator of the STIX and TAXII automated information sharing initiatives which have been widely adopted across the public and private sectors. In October 2014, Secretary of Homeland Security Jeh Johnson presented Mr. Struse with one of the department’s highest honors, the Secretary’s Award for Excellence, in recognition of his pioneering work on STIX and TAXII. Prior to joining DHS, Mr. Struse was Vice President of Research and Development at VOXEM, Inc., where he was responsible for the architecture, design and development of a high-performance, extreme high- reliability communications software platform that is in use in telecommunications systems around the world. He began his technical career at Bell Laboratories where his work focused on tools to automate software development and the UNIX operating system. In 2015 Mr. Struse was named by Federal Computer Week as one of the “Federal 100” in recognition of his leadership role in the development of cyber threat intelligence technology standards. In 2016, OASIS selected Mr. Struse to receive their “Distinguished Contributor” award for his work as “a pioneer in the development of the STIX, TAXII, and CybOX standards and was instrumental in successfully transitioning the CTI work to OASIS.”
February 24, 2016 15:45-16:30
Cory Mazzola (US-CERT, US)
February 24, 2016 16:30-17:30
mazzola-operationalizing-threat-intelligence.pdf
MD5: 4bb668fc3910e9c2ce0f07e260665b93
Format: application/pdf
Last Update: March 3rd, 2016
Size: 1.72 Mb
Freddy Dezeure (CERT-EU)
Freddy Dezeure graduated as Master of Science in Engineering in 1982. After joining the European Commission in 1987, he has held a variety of management functions in administrative, financial and operational areas, in particular in information technology. Since 2007 he is Head of the External Audit Unit in the Directorate General Information Society and Media and since the 1st of June 2011 he leads the CERT pre-configuration Team for the EU Institutions.
February 24, 2016 10:00-11:00
dezeure-real-world-information.pdf
MD5: bf40a6bed0af92de688e0eee3bc455ce
Format: application/pdf
Last Update: March 3rd, 2016
Size: 3.46 Mb
John Wunder (MITRE)
February 23, 2016 10:15-12:30, February 23, 2016 13:45-15:15, February 23, 2016 15:45-17:00
wunder-stix-taxii-Overview.pdf
MD5: 1bc65bd8afad36d2d09d29dd10aaef0a
Format: application/pdf
Last Update: March 4th, 2016
Size: 3.48 Mb
wunder-modeling-and-mapping.pdf
MD5: 2d336778bb2c599fc3d3ad3d3f19325f
Format: application/pdf
Last Update: March 4th, 2016
Size: 578.92 Kb
MD5: 0bcbedd0f56317f8071c4959b57151f7
Format: application/pdf
Last Update: March 4th, 2016
Size: 1.48 Mb
wunder-stix-for-developers.pdf
MD5: 39b99cf71eae12c629759a814b735911
Format: application/pdf
Last Update: March 4th, 2016
Size: 2.71 Mb
MD5: 934cb5a3d22891cb93e999e446c95405
Format: application/pdf
Last Update: March 4th, 2016
Size: 188.19 Kb
MD5: 66bd73340ef2320d21f31f7d3cacd154
Format: application/pdf
Last Update: March 4th, 2016
Size: 645.48 Kb
Grobauer (Siemens)
February 25, 2016 16:30-17:15
grobauer-data-model-musings.pdf
MD5: fd6f5d72ce332a922ff7aa94ddb885c3
Format: application/pdf
Last Update: March 4th, 2016
Size: 1.5 Mb
Ray Irving (FS-ISAC)
February 24, 2016 12:00-12:45
irving-threat-intelligence-sharing.pdf
MD5: 36727df54f42a3106b9dc59a5f00c1a1
Format: application/pdf
Last Update: March 3rd, 2016
Size: 2.02 Mb
Gavin ReidGavin Reid (HUMAN Security, US)
February 24, 2016 09:15-10:00
MD5: 8f0f5d904120e196e931fee1857b12a3
Format: application/pdf
Last Update: March 3rd, 2016
Size: 90.84 Mb
Tomas Sander (Hewlett Packard Enterprise)
February 25, 2016 11:15-11:45
sander-user-aspects-of-threat-information.pdf
MD5: a7e58d44d01f3d180ab97fbcefb24d29
Format: application/pdf
Last Update: March 4th, 2016
Size: 812 Kb