CINXE.COM

CTI SIG Webinars and Online Training

<!doctype html><html lang="en" class="web tlp-clear" data-studio-config="eyJ4aHJDcmVkZW50aWFscyI6ZmFsc2UsInhockhlYWRlcnMiOnt9fQo="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>CTI SIG Webinars and Online Training</title> <meta property="og:title" content="CTI SIG Webinars and Online Training" /> <meta property="og:type" content="website" /> <meta property="og:image" content="https://www.first.org/_/img/first-big-icon.png" /> <meta property="og:url" content="https://www.first.org/global/sigs/cti/events/" /> <meta property="og:site_name" content="FIRST — Forum of Incident Response and Security Teams" /> <meta property="fb:profile_id" content="296983660669109" /> <meta property="twitter:card" content="summary" /> <meta property="twitter:site" content="@FIRSTdotOrg" /><meta name="viewport" content="initial-scale=1,maximum-scale=1.0,user-scalable=no" /><link rel="icon" type="image/png" href="/1st.png" /><link rel="apple-touch-icon" sizes="128x128" href="/favicon.png" /><link rel="stylesheet" type="text/css" href="/_/web.css?20250110194732" /></head><body><header><div id="header" data-studio="CU52CV1W8g"><div id="c4" data-studio="Yu8FjCC11g"><div id="topbar"> <div class="sites right"> <ul> <li><a href="https://support.first.org" class="kb-datalist"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a></li> <li><a href="https://portal.first.org" class="button"><span class="no-tiny">Member </span>Portal</a></li> </ul> </div> <div class="first-logo"> <p><a href="/"><img src="/_/img/first-org-simple-negative.svg" alt="FIRST.Org" title="FIRST" /></a></p> </div> <div class="nav"> <ul class="navbar"><li><a href="/about">About FIRST</a><ul><li><a href="/about/mission">Mission Statement</a></li><li><a href="/about/history">History</a></li><li><a href="/about/sdg">Sustainable Development Goals</a></li><li><a href="/about/organization">Organization</a><ul><li><a href="/about/organization/directors">Board of Directors</a></li><li><a>Operations Team</a><ul><li><a href="/about/organization/ccb">Community &amp; Capacity Building</a></li><li><a href="/about/organization/events">Event Office</a></li><li><a href="/about/organization/executive-director">Executive Director</a></li><li><a href="/about/organization/infrastructure">Infrastructure</a></li><li><a href="/about/organization/secretariat">Secretariat</a></li></ul></li><li><a href="/about/organization/committees">Committees</a><ul><li><a href="/about/organization/committees/compensation-committee">Compensation Committee</a></li><li><a href="/about/organization/committees/conference-program-committee">Conference Program Committee</a></li><li><a href="/about/organization/committees/membership-committee">Membership Committee</a></li><li><a href="/about/organization/committees/rules-committee">Rules Committee</a></li><li><a href="/about/organization/committees/standards">Standards Committee</a></li></ul></li><li><a href="/events/agm">Annual General Meeting</a></li><li><a href="/about/organization/reports">Annual Reports and Tax Filings</a></li></ul></li><li><a href="/about/policies">FIRST Policies</a><ul><li><a href="/about/policies/anti-corruption">Anti-Corruption Policy</a></li><li><a href="/about/policies/antitrust">Antitrust Policy</a></li><li><a href="/about/policies/bylaws">Bylaws</a></li><li><a href="/about/policies/board-duties">Board duties</a></li><li><a href="/about/bugs">Bug Bounty Program</a></li><li><a href="/about/policies/code-of-conduct">Code of Conduct</a></li><li><a href="/about/policies/conflict-policy">Conflict of Interest Policy</a></li><li><a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li><li><a href="/about/policies/gen-event-reg-refund-policy">General Event Registration Refund Policy</a></li><li><a href="/about/policies/event-site-selection">Guidelines for Site Selection for all FIRST events</a></li><li><a href="/identity">Identity &amp; Logo Usage</a></li><li><a href="/about/policies/mailing-list">Mailing List Policy</a></li><li><a href="/about/policies/media">Media Policy</a></li><li><a href="/about/policies/privacy">Privacy Policy</a></li><li><a href="/about/policies/registration-terms-conditions">Registration Terms &amp; Conditions</a></li><li><a href="/about/policies/terms">Services Terms of Use</a></li><li><a href="/about/policies/standards">Standards Policy</a></li><li><a href="/about/policies/diversity">Statement on Diversity &amp; Inclusion</a></li><li><a href="/about/policies/translation-policy">Translation Policy</a></li><li><a href="/about/policies/travel-policy">Travel Policy</a></li><li><a href="/about/policies/uniform-ipr">Uniform IPR Policy</a></li><li><a href="/about/policies/whistleblower-policy">Whistleblower Protection Policy</a></li></ul></li><li><a href="/about/partners">Partnerships</a><ul><li><a href="/global/partners">Partners</a></li><li><a href="/global/friends">Friends of FIRST</a></li><li><a href="/global/supporters/">FIRST Supporters</a></li><li><a href="/about/sponsors">FIRST Sponsors</a></li></ul></li><li><a href="/newsroom">Newsroom</a><ul><li><a href="/newsroom/news">What&#039;s New</a></li><li><a href="/newsroom/releases">Press Releases</a></li><li><a href="/newsroom/news/media">In the News</a></li><li><a href="/podcasts">Podcasts</a><ul><li><a href="/newsroom/news/first-impressions/">FIRST Impressions Podcast</a></li><li><a href="/newsroom/news/podcasts/">FIRSTCON Podcast</a></li></ul></li><li><a href="/newsroom/newsletters">Newsletters</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li></ul></li><li><a href="/about/procurement">Procurement</a></li><li><a href="/about/jobs/">Jobs</a></li><li><a href="/contact">Contact</a></li></ul></li><li><a href="/members">Membership</a><ul><li><a href="/membership/">Becoming a Member</a><ul><li><a href="/membership/process">Membership Process for Teams</a></li><li><a href="/membership/process-associates">Membership Process for Associates</a></li><li><a href="/membership/process-liaisons">Membership Process for Liaisons</a></li><li><a href="/membership/#Fees">Membership Fees</a></li></ul></li><li><a href="/members/teams">FIRST Teams</a></li><li><a href="/members/liaisons">FIRST Liaisons</a></li><li><a href="/members/map">Members around the world</a></li></ul></li><li><a href="/global">Initiatives</a><ul><li><a href="/global/sigs">Special Interest Groups (SIGs)</a><ul><li><a href="/global/sigs/framework">SIGs Framework</a></li><li><a href="/global/sigs/academicsec" class="borderb">Academic Security SIG</a></li><li><a href="/global/sigs/ai-security">AI Security SIG</a></li><li><a href="/global/sigs/automation">Automation SIG</a></li><li><a href="/global/sigs/bigdata">Big Data SIG</a></li><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a><ul><li><a href="/cvss/calculator/4.0">Calculator</a></li><li><a href="/cvss/v4.0/specification-document">Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">User Guide</a></li><li><a href="/cvss/v4.0/examples">Examples</a></li><li><a href="/cvss/v4.0/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v4-0">CVSS v4.0 Documentation &amp; Resources</a><ul><li><a href="/cvss/calculator/4.0">CVSS v4.0 Calculator</a></li><li><a href="/cvss/v4.0/specification-document">CVSS v4.0 Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">CVSS v4.0 User Guide</a></li><li><a href="/cvss/v4.0/examples">CVSS v4.0 Examples</a></li><li><a href="/cvss/v4.0/faq">CVSS v4.0 FAQ</a></li></ul></li><li><a href="/cvss/v3-1">CVSS v3.1 Archive</a><ul><li><a href="/cvss/calculator/3.1">CVSS v3.1 Calculator</a></li><li><a href="/cvss/v3.1/specification-document">CVSS v3.1 Specification Document</a></li><li><a href="/cvss/v3.1/user-guide">CVSS v3.1 User Guide</a></li><li><a href="/cvss/v3.1/examples">CVSS v3.1 Examples</a></li><li><a href="/cvss/v3.1/use-design">CVSS v3.1 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v3-0">CVSS v3.0 Archive</a><ul><li><a href="/cvss/calculator/3.0">CVSS v3.0 Calculator</a></li><li><a href="/cvss/v3.0/specification-document">CVSS v3.0 Specification Document</a></li><li><a href="/cvss/v3.0/user-guide">CVSS v3.0 User Guide</a></li><li><a href="/cvss/v3.0/examples">CVSS v3.0 Examples</a></li><li><a href="/cvss/v3.0/use-design">CVSS v3.0 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v2">CVSS v2 Archive</a><ul><li><a href="/cvss/v2/guide">CVSS v2 Complete Documentation</a></li><li><a href="/cvss/v2/history">CVSS v2 History</a></li><li><a href="/cvss/v2/team">CVSS-SIG team</a></li><li><a href="/cvss/v2/meetings">SIG Meetings</a></li><li><a href="/cvss/v2/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v2/adopters">CVSS Adopters</a></li><li><a href="/cvss/v2/links">CVSS Links</a></li></ul></li><li><a href="/cvss/v1">CVSS v1 Archive</a><ul><li><a href="/cvss/v1/intro">Introduction to CVSS</a></li><li><a href="/cvss/v1/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v1/guide">Complete CVSS v1 Guide</a></li></ul></li><li><a href="/cvss/data-representations">JSON &amp; XML Data Representations</a></li><li><a href="/cvss/training">CVSS On-Line Training Course</a></li><li><a href="/cvss/identity">Identity &amp; logo usage</a></li></ul></li><li><a href="/global/sigs/csirt">CSIRT Framework Development SIG</a></li><li><a href="/global/sigs/cyberinsurance">Cyber Insurance SIG</a><ul><li><a href="/global/sigs/cyberinsurance/events">Cyber Insurance SIG Webinars</a></li></ul></li><li><a href="/global/sigs/cti">Cyber Threat Intelligence SIG</a><ul><li><a href="/global/sigs/cti/curriculum/">Curriculum</a><ul><li><a href="/global/sigs/cti/curriculum/introduction">Introduction</a></li><li><a href="/global/sigs/cti/curriculum/cti-introduction">Introduction to CTI as a General topic</a></li><li><a href="/global/sigs/cti/curriculum/methods-methodology">Methods and Methodology</a></li><li><a href="/global/sigs/cti/curriculum/pir">Priority Intelligence Requirement (PIR)</a></li><li><a href="/global/sigs/cti/curriculum/source-evaluation">Source Evaluation and Information Reliability</a></li><li><a href="/global/sigs/cti/curriculum/machine-human">Machine and Human Analysis Techniques (and Intelligence Cycle)</a></li><li><a href="/global/sigs/cti/curriculum/threat-modelling">Threat Modelling</a></li><li><a href="/global/sigs/cti/curriculum/training">Training</a></li><li><a href="/global/sigs/cti/curriculum/standards">Standards</a></li><li><a href="/global/sigs/cti/curriculum/glossary">Glossary</a></li><li><a href="/global/sigs/cti/curriculum/cti-reporting/">Communicating Uncertainties in CTI Reporting</a></li></ul></li><li><a href="/global/sigs/cti/events/">Webinars and Online Training</a></li><li><a href="/global/sigs/cti/cti-program">Building a CTI program and team</a><ul><li><a href="/global/sigs/cti/cti-program/program-stages">Program maturity stages</a><ul><li><a href="/global/sigs/cti/cti-program/stage1">CTI Maturity model - Stage 1</a></li><li><a href="/global/sigs/cti/cti-program/stage2">CTI Maturity model - Stage 2</a></li><li><a href="/global/sigs/cti/cti-program/stage3">CTI Maturity model - Stage 3</a></li></ul></li><li><a href="/global/sigs/cti/cti-program/starter-kit">Program Starter Kit</a></li><li><a href="/global/sigs/cti/cti-program/resources">Resources and supporting materials</a></li></ul></li></ul></li><li><a href="/global/sigs/digital-safety">Digital Safety SIG</a></li><li><a href="/global/sigs/dns">DNS Abuse SIG</a><ul><li><a href="/global/sigs/dns/stakeholder-advice/">Stakeholder Advice</a><ul><li><a>Detection</a><ul><li><a href="/global/sigs/dns/stakeholder-advice/detection/cache-poisoning">Cache Poisoning</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/dga">DGA Domains</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/dns-rebinding">DNS Rebinding</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/dns-server-compromise">DNS Server Compromise</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/dos-against-the-dns">DoS Against the DNS</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/domain-name-compromise">Domain Name Compromise</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/lame-delegations">Lame Delegations</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/local-resolver-hijacking">Local Resolver Hijacking</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/on-path-dns-attack">On-path DNS Attack</a></li><li><a href="/global/sigs/dns/stakeholder-advice/detection/stub-resolver-hijacking">Stub Resolver Hijacking</a></li></ul></li></ul></li><li><a href="/global/sigs/dns/policies">Code of Conduct &amp; Other Policies</a></li><li><a href="/global/sigs/dns/dns-abuse-examples">Examples of DNS Abuse</a></li></ul></li><li><a href="/global/sigs/ethics">Ethics SIG</a><ul><li><a href="/global/sigs/ethics/ethics-first">Ethics for Incident Response Teams</a></li></ul></li><li><a href="/epss/">Exploit Prediction Scoring System (EPSS)</a><ul><li><a href="/epss/model">The EPSS Model</a></li><li><a href="/epss/data_stats">Data and Statistics</a></li><li><a href="/epss/user-guide">User Guide</a></li><li><a href="/epss/research">EPSS Research and Presentations</a></li><li><a href="/epss/faq">Frequently Asked Questions</a></li><li><a href="/epss/who_is_using">Who is using EPSS?</a></li><li><a href="/epss/epss_tools">Open-source EPSS Tools</a></li><li><a href="/epss/api">API</a></li><li><a href="/epss/papers">Related Exploit Research</a></li><li><a>Blog</a><ul><li><a href="/epss/articles/prob_percentile_bins">Understanding EPSS Probabilities and Percentiles</a></li><li><a href="/epss/articles/log4shell">Log4Shell Use Case</a></li><li><a href="/epss/articles/estimating_old_cvss">Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities</a></li></ul></li><li><a href="/epss/partners">Data Partners</a></li></ul></li><li><a href="/global/sigs/msr/">FIRST Multi-Stakeholder Ransomware SIG</a></li><li><a href="/global/sigs/hfs/">Human Factors in Security SIG</a></li><li><a href="/global/sigs/ics">Industrial Control Systems SIG (ICS-SIG)</a></li><li><a href="/global/sigs/iep">Information Exchange Policy SIG (IEP-SIG)</a></li><li><a href="/global/sigs/information-sharing">Information Sharing SIG</a><ul><li><a href="/global/sigs/information-sharing/misp">Malware Information Sharing Platform</a></li></ul></li><li><a href="/global/sigs/le">Law Enforcement SIG</a></li><li><a href="/global/sigs/malware">Malware Analysis SIG</a><ul><li><a href="/global/sigs/malware/ma-framework">Malware Analysis Framework</a></li><li><a href="/global/sigs/malware/ma-framework/malwaretools">Malware Analysis Tools</a></li></ul></li><li><a href="/global/sigs/metrics">Metrics SIG</a><ul><li><a href="/global/sigs/metrics/events">Metrics SIG Webinars</a></li></ul></li><li><a href="/global/sigs/netsec/">NETSEC SIG</a></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/global/sigs/policy">Policy SIG</a></li><li><a href="/global/sigs/psirt">PSIRT SIG</a></li><li><a href="/global/sigs/red-team">Red Team SIG</a></li><li><a href="/global/sigs/cpg">Retail and Consumer Packaged Goods (CPG) SIG</a></li><li><a href="/global/sigs/ctf">Security Lounge SIG</a></li><li><a href="/global/sigs/tic/">Threat Intel Coalition SIG</a><ul><li><a href="/global/sigs/tic/membership-rules">Membership Requirements and Veto Rules</a></li></ul></li><li><a href="/global/sigs/tlp">Traffic Light Protocol (TLP-SIG)</a></li><li><a href="/global/sigs/transport">Transportation and Mobility SIG</a></li><li><a href="/global/sigs/vulnerability-coordination">Vulnerability Coordination</a><ul><li><a href="/global/sigs/vulnerability-coordination/multiparty">Multi-Party Vulnerability Coordination and Disclosure</a></li><li><a href="/global/sigs/vulnerability-coordination/multiparty/guidelines">Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure</a></li></ul></li><li><a href="/global/sigs/vrdx">Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)</a><ul><li><a href="/global/sigs/vrdx/vdb-catalog">Vulnerability Database Catalog</a></li></ul></li><li><a href="/global/sigs/wof">Women of FIRST</a></li></ul></li><li><a href="/global/governance">Internet Governance</a></li><li><a href="/global/irt-database">IR Database</a></li><li><a href="/global/fellowship">Fellowship Program</a><ul><li><a href="https://portal.first.org/fellowship">Application Form</a></li></ul></li><li><a href="/global/mentorship">Mentorship Program</a></li><li><a href="/hof">IR Hall of Fame</a><ul><li><a href="/hof/inductees">Hall of Fame Inductees</a></li></ul></li><li><a href="/global/victim-notification">Victim Notification</a></li><li><a href="/volunteers/">Volunteers at FIRST</a><ul><li><a href="/volunteers/list">FIRST Volunteers</a></li><li><a href="/volunteers/participation">Volunteer Contribution Record</a></li></ul></li><li><a href="#new">Previous Activities</a><ul><li><a href="/global/practices">Best Practices Contest</a></li></ul></li></ul></li><li><a href="/standards">Standards &amp; Publications</a><ul><li><a href="/standards">Standards</a><ul><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a></li><li><a href="/tlp">Traffic Light Protocol (TLP)</a><ul><li><a href="/tlp/use-cases">TLP Use Cases</a></li></ul></li><li><a href="/standards/frameworks/">Service Frameworks</a><ul><li><a href="/standards/frameworks/csirts">CSIRT Services Framework</a></li><li><a href="/standards/frameworks/psirts">PSIRT Services Framework</a></li></ul></li><li><a href="/iep">Information Exchange Policy (IEP)</a><ul><li><a href="/iep/iep_framework_2_0">IEP 2.0 Framework</a></li><li><a href="/iep/iep-json-2_0">IEP 2.0 JSON Specification</a></li><li><a href="/iep/iep-polices">Standard IEP Policies</a><ul><li><a href="https://www.first.org/iep/2.0/first-tlp-iep.iepj">IEP TLP Policy File</a></li><li><a href="https://www.first.org/iep/2.0/first-unknown-iep.iepj">IEP Unknown Policy File</a></li></ul></li><li><a href="/iep/iep_v1_0">IEP 1.0 Archive</a></li></ul></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/epss">Exploit Prediction Scoring System (EPSS)</a></li></ul></li><li><a href="/resources/papers">Publications</a></li></ul></li><li><a href="/events">Events</a></li><li><a href="/education">Education</a><ul><li><a href="/education/first-training">FIRST Training</a><ul><li><a href="/education/trainings">Training Courses</a></li><li><a href="/education/trainers">FIRST Trainers</a></li></ul></li></ul></li><li><a href="/blog">Blog</a></li></ul> </div> </div> <div id="home-buttons"> <p><a href="/join" data-title="Join"><img alt="Join" src="/_/img/icon-join.svg"><span class="tt-join">Join<span>Details about FIRST membership and joining as a full member or liaison.</span></span></a> <a href="/learn" data-title="Learn"><img alt="Learn" src="/_/img/icon-learn.svg"><span class="tt-learn">Learn<span>Training and workshop opportunities, and details about the FIRST learning platform.</span></span></a> <a href="/participate" data-title="Participate"><img alt="Participate" src="/_/img/icon-participate.svg"><span class="tt-participate">Participate<span>Read about upcoming events, SIGs, and know what is going on.</span></span></a></p> </div></div></div></header><div id="body" data-studio="CU52CV1W8g"><div id="c1" data-studio="Yu8FjCC11g" class="sort-list-startDate"><h1 id="Webinars-and-Online-Training">Webinars and Online Training</h1> <h2 id="Cyber-Threat-Intelligence-SIG">Cyber Threat Intelligence SIG</h2> <div id="c2" data-studio="Yu8FjCC11g" class="toc-h3"><ul class="paper-files search-list paginate" data-paginate="10" title="publications" data-item="publication"><li class="search-item" data-event="cti-sig" data-title="An awareness of network intrusion aiming VPN router vulnerability" data-speakers="Ryosuke Nomoto (Cyber Emergency Center)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><h3 id="pAn-awareness-of-network-intrusion-aiming-VPN-router-vulnerability" itemprop="name">An awareness of network intrusion aiming VPN router vulnerability</h3><p class="p-speaker" itemprop="author">Ryosuke Nomoto (Cyber Emergency Center)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Mr. Ryosuke Nomoto was graduated from Kyushu Institute ofTechnology (Iizuka, Fukuoka) and now is working in Cyber Emergency Center, Forensics/Log analyst at LAC/LACERT team. He is focusing his research into on-going intrusion for systems he monitored in ASPAC area.</p> </blockquote> <p>Since pandemic era where VPN becomes more in usage, it has been monitored intrusion activities into VPN Router system exploited a specific vulnerability, allowing the attacker to gain root privileges by rewriting the system files to tamper the VPN access to conduct further malicious operation.This presentation is a model to understand such threat that is condensed with information explaining the &quot; how, whom, when and what for&quot; such exploitation has been conducted, for all of us to learn the better way to mitigate such incident to happen in the future.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>An awareness of network intrusion aiming VPN router vulnerability<span class="icon-calendar"></span></strong></p><p itemprop="startDate">September 16, 2024 09:00-09:30</p></div><div class="files"><div class="file"><video poster="/_/img/videos/Ryosuke-Nomoto-Webminar-Intrusion-VPN-Router.jpg" preload="none" controls="controls"><source src="/resources/papers/cti-sig/Ryosuke-Nomoto-Webminar-Intrusion-VPN-Router.mp4" type="video/mp4"></source></video></div><div class="file"><p class="h-filename"><span class="icon-file file-pdf"></span><a itemprop="url" href="/resources/papers/cti-sig/Ryosuke-Nomoto-Webminar-Intrusion-VPN-Router.pdf">Ryosuke-Nomoto-Webminar-Intrusion-VPN-Router.pdf</a></p><p class="p-md5">MD5: 8f928d018741b93246a3e81bcd9f196a</p><p class="p-format" itemprop="fileFormat">Format: application/pdf</p><p class="p-modified">Last Update: September 16th, 2024</p><p class="p-size">Size: 1.23 Mb</p></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Attacks On Infrastructure During Cyber Conflicts" data-speakers="Fyodor Yarochkin (Trend Micro, TW)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-tw"> TW</span></span><h3 id="pAttacks-On-Infrastructure-During-Cyber-Conflicts" itemprop="name">Attacks On Infrastructure During Cyber Conflicts</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Fyodor Yarochkin" src="/_/img/people/3212a24996633da32601502608d3f9c0.jpg" /><span class="text">Fyodor Yarochkin</span></span></span>Fyodor Yarochkin (Trend Micro, TW)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.</p> </blockquote> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Attacks On Infrastructure During Cyber Conflicts<span class="icon-calendar"></span></strong></p><p itemprop="startDate">February 16, 2024 11:30-17:00</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/Attacks-On-Infrastructure-During-Cyber-Conflicts.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Beware of Geeks Bearing Gifts - Media Effects Used in Influence Operations (part 2)" data-speakers="Krassimir Tzvetanov (Purdue University, US)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-us"> US</span></span><span class="tlp tlp-clear">TLP:CLEAR</span><h3 id="pBeware-of-Geeks-Bearing-Gifts-Media-Effects-Used-in-Influence-Operations-part-2" itemprop="name">Beware of Geeks Bearing Gifts - Media Effects Used in Influence Operations (part 2)</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Krassimir Tzvetanov" src="/_/img/people/2fd21dde3be130851c0c680dec5c1087.jpg" /><span class="text">Krassimir Tzvetanov</span></span></span>Krassimir Tzvetanov (Purdue University, US)</p><div class="p-abstract" itemprop="description"><p>Over the past decade, the term &quot;fake news&quot; has become overused and divisive, prompting many to dismiss it outright. This raises questions about how this narrative benefits society—or even aids adversaries. Discussions around &quot;active measures&quot; often miss the mark, failing to grasp the broader implications of such tactics. In today’s information age, traditional cautionary warnings evolve into modern ones like “Beware of geeks bearing gifts,” underscoring the potential manipulation of seemingly benign messages.</p> <p>This presentation will explore reflexive influence operations, techniques that exploit messaging to align segments of a target audience with adversary objectives. By examining second- and third-order effects, the discussion aims to reveal how such operations succeed in reshaping perceptions and achieving strategic goals. Examples illustrating these tactics will also be provided..</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Beware of Geeks Bearing Gifts<span class="icon-calendar"></span></strong></p><p itemprop="startDate">January 2, 2025 09:00-10:00</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="/resources/papers/cti-sig/beware-of-geeks-bearing-gifts.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item" data-event="cti-sig" data-title="Everyday work with OSINT and Telegram" data-speakers="Philippe Lin (Senior Threat Researcher)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="tlp tlp-amber">TLP:AMBER</span><h3 id="pEveryday-work-with-OSINT-and-Telegram" itemprop="name">Everyday work with OSINT and Telegram</h3><p class="p-speaker" itemprop="author">Philippe Lin (Senior Threat Researcher)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Philippe Lin is a senior threat researcher with Trend Micro. He was into big data analysis, machine learning, NLP, SDR and all sorts of nerdy things.</p> </blockquote> <p>In this talk Phillipe shares how to setup Telegram in a Docker container and automate channel scraping.</p> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Everyday work with OSINT and Telegram<span class="icon-calendar"></span></strong></p><p itemprop="startDate">September 16, 2024 09:30-10:00</p></div><div class="files"><div class="file"><video poster="/_/img/videos/Everyday-work-with-OSINT-and-Telegram.jpg" preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/cti-sig/Everyday-work-with-OSINT-and-Telegram.mp4" type="video/mp4"></source></video></div><div class="file"><p class="h-filename"><span class="icon-file file-url"></span><a itemprop="url" href="https://portal.first.org/s/webinars/cti-sig/first-cti-telegram-osint.zip">Scripts used in the presentation.</a></p></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="How to summarize CTI reports" data-speakers="Aaron Kaplan (EC-DIGIT-CSIRC, AT)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-at"> AT</span></span><h3 id="pHow-to-summarize-CTI-reports" itemprop="name">How to summarize CTI reports</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Aaron Kaplan" src="/_/img/people/d261216398159ba797325d1b4bd12bb8.jpg" /><span class="text">Aaron Kaplan</span></span></span>Aaron Kaplan (EC-DIGIT-CSIRC, AT)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.</p> </blockquote> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>How to summarize CTI reports<span class="icon-calendar"></span></strong></p><p itemprop="startDate">July 13, 2023 11:30-18:45</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/FIRST-CTI-SIG-How-to-summarize-CTI-reports.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="IoT Hacks - Unexpected Angles of Human Process Compromises" data-speakers="Fyodor Yarochkin (Trend Micro, TW)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-tw"> TW</span></span><span class="tlp tlp-green">TLP:GREEN</span><h3 id="pIoT-Hacks-Unexpected-Angles-of-Human-Process-Compromises" itemprop="name">IoT Hacks - Unexpected Angles of Human Process Compromises</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Fyodor Yarochkin" src="/_/img/people/3212a24996633da32601502608d3f9c0.jpg" /><span class="text">Fyodor Yarochkin</span></span></span>Fyodor Yarochkin (Trend Micro, TW)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Dr. Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.</p> </blockquote> <p>Fyodor explores the evolution of tools designed to influence public opinion, focusing on physical devices that can shape perception, such as IoT cameras, vehicle telematics, and various other systems.</p> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>IoT Hacks - Unexpected Angles of Human Process Compromises<span class="icon-calendar"></span></strong></p><p itemprop="startDate">November 13, 2024 17:20-18:00</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/cti-sig/iot-hacks-unexpected-angles-human-process-compromises.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Jupyter Notebook for Link Analysis in OSINT" data-speakers="Jason Lancaster (SpyCloud)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><h3 id="pJupyter-Notebook-for-Link-Analysis-in-OSINT" itemprop="name">Jupyter Notebook for Link Analysis in OSINT</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Jason Lancaster" src="/_/img/people/a4027a096a23e069be510285c94c4419.jpg" /><span class="text">Jason Lancaster</span></span></span>Jason Lancaster (SpyCloud)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Jason Lancaster is Senior Vice President, Sales Engineering and Investigations at SpyCloud. He began his career performing pen testing, designing and implementing secure network infrastructures. First as a government contractor and then at a Fortune 500 healthcare company. In 2003, he joined TippingPoint where he held several roles including SE Director. TippingPoint was acquired by 3Com in 2005 and later by HP in 2010.</p> <p>At HP, Jason ran a cross-functional team as Director with the Office of Advanced Technology. In 2013, Jason co-founded HP Field Intelligence, as part of the Security Research organization, delivering actionable threat intelligence to a wide audience.</p> <p>Jason spent 15 months at a cloud security start-up CloudPassage prior to joining SpyCloud, where he leads the Investigations and Sales Engineering teams.</p> </blockquote> <p>This talk introduces Jupyter Notebook as an analytic platform for OSINT investigations. Pandas dataframes and built-in methods allow for importing many data types from many different sources. Methods for cleaning and normalizing data for analysis are discussed. Details of how to analyze, visualize, and develop intelligence from open source data are presented in an easy to consume way. This provides the building blocks to capture investigative methodology and scale for great efficiency. Jupyter notebook allows analysts to capture their methods, document processes, and produce results that are easy to understand.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong> Jupyter Notebook for Link Analysis in OSINT<span class="icon-calendar"></span></strong></p><p itemprop="startDate">September 20, 2023 11:30-17:00</p></div><div class="files"><div class="file"><video poster="/resources/papers/cti-sig/Jupyter-Notebook-for-Link-Analysis-in-OSINT-FINAL-poster.jpg" preload="none" controls="controls"><source src="/resources/papers/cti-sig/Jupyter-Notebook-for-Link-Analysis-in-OSINT-FINAL.mp4" type="video/mp4"></source><source src="/resources/papers/cti-sig/Jupyter-Notebook-for-Link-Analysis-in-OSINT-FINAL-optimized.webm" type="video/webm"></source><source src="/resources/papers/cti-sig/Jupyter-Notebook-for-Link-Analysis-in-OSINT-FINAL-optimized.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Media Effects Used in Influence Operations (part 1)" data-speakers="Krassimir Tzvetanov (Purdue University, US)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-us"> US</span></span><span class="tlp tlp-clear">TLP:CLEAR</span><h3 id="pMedia-Effects-Used-in-Influence-Operations-part-1" itemprop="name">Media Effects Used in Influence Operations (part 1)</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Krassimir Tzvetanov" src="/_/img/people/2fd21dde3be130851c0c680dec5c1087.jpg" /><span class="text">Krassimir Tzvetanov</span></span></span>Krassimir Tzvetanov (Purdue University, US)</p><div class="p-abstract" itemprop="description"><blockquote> <p>For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain. Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.</p> </blockquote> <p>Overview: In this presentation the author goes over the building blocks of Influence Operations using mass and social media. It covers subjects such as hypodermic needle model, two-step flow of information, gatekeeping, agenda-setting, priming, framing, spiral of silence, echo chambers and cultivation.</p> <p>In addition, it looks at some of the larger scale operations focused on subversion.</p> <p><a href="https://forces.systems/io/tutorials/influenceops101/index.html"><strong>Additional materials</strong></a></p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Media Effects Used in Influence Operations (part 1)<span class="icon-calendar"></span></strong></p><p itemprop="startDate">October 17, 2024 09:00-09:50</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="/resources/papers/cti-sig/MediaEffectsUsedInInfluenceOperations-part1.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Understanding Criminal Business Behind Supply Chain Attacks on Android" data-speakers="Fyodor Yarochkin (Trend Micro, TW)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-tw"> TW</span></span><h3 id="pUnderstanding-Criminal-Business-Behind-Supply-Chain-Attacks-on-Android" itemprop="name">Understanding Criminal Business Behind Supply Chain Attacks on Android</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Fyodor Yarochkin" src="/_/img/people/3212a24996633da32601502608d3f9c0.jpg" /><span class="text">Fyodor Yarochkin</span></span></span>Fyodor Yarochkin (Trend Micro, TW)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Fyodor Yarochkin is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.</p> </blockquote> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Understanding Criminal Business Behind Supply Chain Attacks on Android <span class="icon-calendar"></span></strong></p><p itemprop="startDate">February 16, 2024 11:30-17:00</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/Understanding-Criminal-Business-Behind-Supply-Chain-Attacks-on-Android.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Use and abuse of residential proxy networks" data-speakers="Fyodor Yarochkin (Trend Micro, TW)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-tw"> TW</span></span><h3 id="pUse-and-abuse-of-residential-proxy-networks" itemprop="name">Use and abuse of residential proxy networks</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Fyodor Yarochkin" src="/_/img/people/3212a24996633da32601502608d3f9c0.jpg" /><span class="text">Fyodor Yarochkin</span></span></span>Fyodor Yarochkin (Trend Micro, TW)</p><div class="p-abstract" itemprop="description"><blockquote> <p><strong>Dr. Fyodor Yarochkin</strong> is a Senior Researcher, Forward-Looking Threat Research Senior at Trend Micro with a Ph.D. from EE, National Taiwan University. An early Snort Developer and Open Source Evangelist as well as a Programmer, his professional experience includes several years as a threat investigator and over eight years as an Information Security Analyst.</p> </blockquote> <p>Fyodor Yarochkin discusses the evolving landscape of cybercrime, particularly the shift from traditional bulletproof hosting services to residential proxies. Researchers, including himself, have noted a growing caution in discussing these entities publicly. Residential proxies are easier and cheaper to maintain and present more complex challenges for defenders because they complicate traffic filtering.</p> <p>Yarochkin has created a framework, termed a &quot;residential proxy honeypot,&quot; to analyze traffic patterns from these proxies. He emphasizes the importance of understanding how these networks operate to effectively monitor and mitigate abuses.</p> <p>He notes that the residential proxy ecosystem is diverse, featuring numerous small providers alongside larger companies, and highlights the varied marketing strategies used, including black hat forums and Telegram channels. The languages supported by proxy providers often reflect their target customer bases.</p> <p>Finally, he concludes that there are no truly &quot;good&quot; residential proxy providers, as they all facilitate the bypassing of restrictions, raising ethical concerns about their operations.</p> <p>This presentation is for FIRST Members only, authentication is required on <a href="https://portal.first.org">FIRST Portal</a> to preview the video.</p></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Use and abuse of residential proxy networks<span class="icon-calendar"></span></strong></p><p itemprop="startDate">September 25, 2024 09:00-09:30</p></div><div class="files"><div class="file"><video poster="/_/img/videos/Use-and-abuse-of-residential-proxy-networks-2.jpg" preload="none" controls="controls"><source src="https://portal.first.org/s/webinars/Use-and-abuse-of-residential-proxy-networks-2.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Using Apple Sysdiagnose for Forensics and Integrity Check" data-speakers="Emilien Le Jamtel (CERT-EU, BE), David Durvaux (European Commission, BE), Aaron Kaplan (EC-DIGIT-CSIRC, AT)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-be"> BE</span><span class="country flag flag-at"> AT</span></span><h3 id="pUsing-Apple-Sysdiagnose-for-Forensics-and-Integrity-Check" itemprop="name">Using Apple Sysdiagnose for Forensics and Integrity Check</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="David Durvaux" src="/_/img/people/a43e7bb4793b952216f1d8e62c18cc0d6c73779f.jpg" /><span class="text">David Durvaux</span></span><span class="p-picture"><img alt="Aaron Kaplan" src="/_/img/people/d261216398159ba797325d1b4bd12bb8.jpg" /><span class="text">Aaron Kaplan</span></span></span>Emilien Le Jamtel (CERT-EU, BE), David Durvaux (European Commission, BE), Aaron Kaplan (EC-DIGIT-CSIRC, AT)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Emilien Le Jamtel is a cyber security expert since 15 years. After building its technical skill in offensive security, he joined CERT-EU in 2014 as a Threat Intelligence Analyst before quickly moving to the Digital Forensics and Incident Response team. Since 2021, Emilien is now leading the DevSecOps team responsible for the infrastructure and tooling used by CERT-EU staff. Emilien is a regular speaker at IT Security conferences such as FIRST, hack.lu, Botconf or NorthSec.</p> <p>David Durvaux owns a master in applied sciences in computer sciences ("Ingénieur Civil informaticien") from the Université Catholique de Louvain (UCL) with an orientation in computer networks, distributed applications and security. David is now working for CERT.be as Security Analyst and is a contributor to the AbuseHelper open-source project.</p> <p>Aaron Kaplan studied computer sciences and mathematics in Vienna, Austria Since 2008 he works at CERT.at. The, he is (next to Tomas Lima (ex-CERT.pt)) one of the main architects of IntelMQ and the whole approach of incident handling automation at CERT.at. Aaron is proud to have served FIRST.org as member of the board of directors between 2014 and 2018. He also is a regular speaker at IT security conferences. He is founder of Funkfeuer.at - a wireless mesh network covering the whole city of Vienna and beyond. Currently he looks at data science driven approaches to IT security.</p> </blockquote></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Using Apple Sysdiagnose for Forensics and Integrity Check<span class="icon-calendar"></span></strong></p><p itemprop="startDate">July 24, 2023 08:30-10:45</p></div><div class="files"><div class="file"><video poster="/resources/papers/cti-sig/CTI-SIG-Using-Apple-Sysdiagnose-for-Forensics-and-Integrity-Check-poster.jpg" preload="none" controls="controls"><source src="/resources/papers/cti-sig/CTI-SIG-Using-Apple-Sysdiagnose-for-Forensics-and-Integrity-Check.mp4" type="video/mp4"></source><source src="/resources/papers/cti-sig/CTI-SIG-Using-Apple-Sysdiagnose-for-Forensics-and-Integrity-Check-optimized.webm" type="video/webm"></source><source src="/resources/papers/cti-sig/CTI-SIG-Using-Apple-Sysdiagnose-for-Forensics-and-Integrity-Check-optimized.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="Using Jupyter Notebook for Incident Response" data-speakers="Dr. Serge Droz (FIRST / FDFA, CH)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-ch"> CH</span></span><h3 id="pUsing-Jupyter-Notebook-for-Incident-Response" itemprop="name">Using Jupyter Notebook for Incident Response</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Dr. Serge Droz" src="/_/img/people/d0ce26ee6decbc92513f103b8176001e.jpg" /><span class="text">Dr. Serge Droz</span></span></span>Dr. Serge Droz (FIRST / FDFA, CH)</p><div class="p-abstract" itemprop="description"><blockquote> <p>Serge Droz is a senior IT-Security expert and seasoned incident responder. After more than twenty years work in different CSIRTs he now works as a senior adviser for the Swiss FDFA. He studied physics at ETH Zurich and the University of Alberta, Canada and holds a PhD in theoretical astrophysics. He has worked in private industry and academia in Switzerland and Canada in different security roles as well as at the national CERT in Switzerland.</p> <p>Serge is a member of the board of directors of FIRST (Forum for Incident Response and Security Teams), the premier organisation of recognised global leaders in incident response. In this role he actively participates in discussion relating to cyber security at various policy bodies, in particular related to norm building.</p> <p>Serge is an active speaker and a regular trainer for CSIRT (Computer Security Incident Response Team) courses around the world.</p> <p>Today incident response often involves analyzing large amounts of data (think log files, output of forensic analysis). Some of the analysis will be repetitive, some will be specific to the incident.</p> <p>Modern data analysis tools allow conducting this work efficiently and in a documented manner. Jupyter Notebooks using the pandas framework are popular among data scientists but not so much in the security community. We try to change the latter.</p> <p>In this talk we present a basic intro into Jupyter and pandas, illustrating this with real live examples.</p> <p>Links:</p> <ul> <li><a href="https://www.educative.io/blog/pandas-cheat-sheet">https://www.educative.io/blog/pandas-cheat-sheet</a></li> <li><a href="https://matplotlib.org/">https://matplotlib.org/</a></li> <li><a href="https://seaborn.pydata.org/examples/index.html">https://seaborn.pydata.org/examples/index.html</a></li> <li><a href="https://saturncloud.io/blog/processing-log-files-with-pandas-leveraging-dictionaries-and-lists-to-create-dataframes/">https://saturncloud.io/blog/processing-log-files-with-pandas-leveraging-dictionaries-and-lists-to-create-dataframes/</a></li> <li><a href="https://openrefine.org/">https://openrefine.org/</a></li> </ul> </blockquote></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>Using Jupyter Notebook for Incident Response<span class="icon-calendar"></span></strong></p><p itemprop="startDate">August 28, 2023 09:00-10:30</p></div><div class="files"><div class="file"><video poster="/resources/papers/cti-sig/Using-Jupyter-Notebook-for-Incident-Response-censored-v1-poster.jpg" preload="none" controls="controls"><source src="/resources/papers/cti-sig/Using-Jupyter-Notebook-for-Incident-Response-censored-v1.mp4" type="video/mp4"></source><source src="/resources/papers/cti-sig/Using-Jupyter-Notebook-for-Incident-Response-censored-v1-optimized.webm" type="video/webm"></source><source src="/resources/papers/cti-sig/Using-Jupyter-Notebook-for-Incident-Response-censored-v1-optimized.mp4" type="video/mp4"></source></video></div></div></li><li class="search-item pictures" data-event="cti-sig" data-title="What defines the field of Cyber Threat Intelligence and its disciplines?" data-speakers="Krassimir Tzvetanov (Purdue University, US)" itemscope itemtype="http://schema.org/TechArticle"><a href="#body" class="backtop icon-ctrl"></a><span class="flags"><span class="country flag flag-us"> US</span></span><h3 id="pWhat-defines-the-field-of-Cyber-Threat-Intelligence-and-its-disciplines" itemprop="name">What defines the field of Cyber Threat Intelligence and its disciplines?</h3><p class="p-speaker" itemprop="author"><span class="p-pictures"><span class="p-picture"><img alt="Krassimir Tzvetanov" src="/_/img/people/2fd21dde3be130851c0c680dec5c1087.jpg" /><span class="text">Krassimir Tzvetanov</span></span></span>Krassimir Tzvetanov (Purdue University, US)</p><div class="p-abstract" itemprop="description"><blockquote> <p>For the past five years Krassimir Tzvetanov has been a graduate student at Purdue University focusing on Homeland Security, Threat Intelligence, Operational Security and Influence Operations, in the cyber domain.Before that, Krassimir was a security engineer at a small CDN, where he focused on incident response, investigations and threat research. Previously he worked for companies like Cisco and A10 focusing on threat research and information exchange, DDoS mitigation, product security. Before that Krassimir held several operational (SRE) and security positions at companies like Google and Yahoo! And Cisco. Krassimir is very active in the security research and investigation community and has contributed to FIRST SIGs. He is also a co-founder and ran the BayThreat security conference, and has volunteered in different roles at DefCon, ShmooCon, and DC650. Krassimir holds Bachelors in Electrical Engineering (Communications), Masters in Digital Forensics and Investigations, and Masters in Homeland security.</p> </blockquote></div><div class="p-publication schedule" itemprop="publication" itemscope itemtype="http://schema.org/PublicationEvent"><p class="p-event" itemprop="name"><strong>What defines the field of Cyber Threat Intelligence and its disciplines?<span class="icon-calendar"></span></strong></p><p itemprop="startDate">July 1, 2024 08:00-08:30</p></div><div class="files"><div class="file"><video preload="none" controls="controls"><source src="/resources/papers/cti-sig/What-defines-the-field-of-Cyber-Threat-Intelligence-and-its-disciplines.mp4" type="video/mp4"></source></video></div></div></li></ul></div></div></div><div id="navbar" data-studio="CU52CV1W8g"><div id="c5" data-studio="Yu8FjCC11g"><ul class="navbar"><li><a href="/global/sigs/cti">Cyber Threat Intelligence SIG</a><ul><li><a href="/global/sigs/cti/curriculum/">Curriculum</a><ul><li><a href="/global/sigs/cti/curriculum/introduction">Introduction</a></li><li><a href="/global/sigs/cti/curriculum/cti-introduction">Introduction to CTI as a General topic</a></li><li><a href="/global/sigs/cti/curriculum/methods-methodology">Methods and Methodology</a></li><li><a href="/global/sigs/cti/curriculum/pir">Priority Intelligence Requirement (PIR)</a></li><li><a href="/global/sigs/cti/curriculum/source-evaluation">Source Evaluation and Information Reliability</a></li><li><a href="/global/sigs/cti/curriculum/machine-human">Machine and Human Analysis Techniques (and Intelligence Cycle)</a></li><li><a href="/global/sigs/cti/curriculum/threat-modelling">Threat Modelling</a></li><li><a href="/global/sigs/cti/curriculum/training">Training</a></li><li><a href="/global/sigs/cti/curriculum/standards">Standards</a></li><li><a href="/global/sigs/cti/curriculum/glossary">Glossary</a></li><li><a href="/global/sigs/cti/curriculum/cti-reporting/">Communicating Uncertainties in CTI Reporting</a></li></ul></li><li><a href="/global/sigs/cti/events/">Webinars and Online Training</a></li><li><a href="/global/sigs/cti/cti-program">Building a CTI program and team</a><ul><li><a href="/global/sigs/cti/cti-program/program-stages">Program maturity stages</a><ul><li><a href="/global/sigs/cti/cti-program/stage1">CTI Maturity model - Stage 1</a></li><li><a href="/global/sigs/cti/cti-program/stage2">CTI Maturity model - Stage 2</a></li><li><a href="/global/sigs/cti/cti-program/stage3">CTI Maturity model - Stage 3</a></li></ul></li><li><a href="/global/sigs/cti/cti-program/starter-kit">Program Starter Kit</a></li><li><a href="/global/sigs/cti/cti-program/resources">Resources and supporting materials</a></li></ul></li></ul></li></ul></div></div><div id="sidebar" data-studio="CU52CV1W8g"></div><footer><div id="footer" data-studio="CU52CV1W8g"><div id="c3" data-studio="Yu8FjCC11g"><div class="content"> <div class="support"> <div class="kbsearch bottom"> <p><a href="https://support.first.org"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a> <input class="kb-search" type="search" placeholder="Do you need help?"></p> </div> </div> <div id="socialnetworks"><a href="/about/sdg" title="FIRST Supported Sustainable Development Goals (SDG)" class="icon-sdg"></a><a rel="me" href="https://bsky.app/profile/first.org" target="_blank" title="BlueSky @first.org" class="icon-bluesky"></a><a rel="me" href="https://infosec.exchange/@firstdotorg" target="_blank" title="@FIRSTdotOrg@infosec.exchange" class="icon-mastodon"></a><a href="https://twitter.com/FIRSTdotOrg" target="_blank" title="Twitter @FIRSTdotOrg" class="icon-tw"></a><a href="https://www.linkedin.com/company/firstdotorg" target="_blank" title="FIRST.Org at LinkedIn" class="icon-linkedin"></a><a href="https://www.facebook.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Facebook" class="icon-fb"></a><a href="https://github.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Github" class="icon-github"></a><a href="https://www.youtube.com/c/FIRSTdotorg" target="_blank" title="FIRST.Org at Youtube" class="icon-youtube"></a><a href="/podcasts" title="FIRST.Org Podcasts" class="icon-podcast"></a></div> <p><a href="/copyright">Copyright</a> © 2015—2025 by Forum of Incident Response and Security Teams, Inc. All Rights Reserved.</p> </div> <p><span class="tlp"></span></p></div></div></footer><script nonce="kf37hP1g9Eeg4_QFAvznng" async="async" src="/_/web.js?20250108234724"></script><script nonce="kf37hP1g9Eeg4_QFAvznng" async="async" src="/_/s.js?20250103-103952"></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10