FIRST 2013 – another point of view

Being another lucky attendee of the conference representing Kudelski Security team, I want to share a complementary viewpoint on this 25th Annual Conference, organized by FIRST (Forum of Incident Response and Security Teams). If the post my colleague wrote didn’t make you wish you were there, I might not be able to convince you either!

..Oh !
…Wait !
Maybe, the Security Challenge organized by the Dragon Research Group would entice you?.. Or, the presence of and talk by Paul Vixie?.. Guys from Team Cymru?.. From redhat?!

Wat Phra Kaew (in Grand Palace precinct) – Bangkok

With over 9000 more than 60 talks, classified in three different tracks, from technical to more managerial ones, various topics were covered. With the number of talks competing with the number of temples in Bangkok, I was unfortunately not able to visit all of the talks, nor sum up all of the temples… or the other way around!? However, here are some slides of the given presentations (not all of them are available, as some contained sensitive material). Of course, I recommend you at least to view the slides of the “Deep Technical Dive” talks. As presentations are never as verbose as talks, I selected a few interesting topics and give you the links for further reading enjoyment:

  • DDoS: A good overview of DDoS attacks, with the analysis of the “Triple Crown” DDoS attack campaign (timeline, methodology, used tools…) has been given in Roland Dobbins’s presentation. The second part of his presentation provides some tools and methodologies to mitigate the (often underestimated) impacts of these kinds of attacks. The speaker, wishing an interactive session, “took notes for us” and filled up the slides. These are indeed very complete and can be almost read as a paper.
  • IPv6: Those interested in this trending topic, especially in the security issues related to it, will find references (and mailing lists) in John Kristoff’s talk.
  • Botnet: Przemek Jaroszewski presented us the Takeover of Virut domains by CERT Polska and NASK.
  • Trojan and APT: Here you will find the analysis of two remote-access trojan horses Trojan-Foxy and the more recent Trojan-Foxy-DES (named after the encryption key used “thequickbrownfxjmpsvalzydg”). The links were given along with the analysis of an APT (Advanced Persistent Threat) by Andreas Schuster.

Even though many other presentations and topics from the conference deserve their fame in this post, some are confidential, some are difficult to relate and others might have their own blog posts! So, to conclude, I leave you with the conference’s tagline: “Incidence Response: sharing to win” or, as a speaker said, “Incidence Response: Sharing to make it harder” ; )

– drb

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s