Colloque

FIRST Technical Colloquium - Osaka 2018

FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST members and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams.

FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST members and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the operation of incident response and security teams. This is the fourth time to have TC in Japan, and the topic of this time is “IoT”.

For you that are new in FIRST or never have attended a TC, the colloquium typically provides one whole day of plenary sessions for informal discussions and presentations on topics of FIRST membership interest, or that are more sensitive in nature and related to the day-to-day work of participants.

The FIRST colloquia are typically hosted by members and since 2005 are being organized in a regional basis — the current regions being Latin-America, North-America, Europe and Asia-Pacific. For each region the goal is to organize one TC per year — either standing on its own, or jointly with regional CSIRT initiatives.

The Osaka TC intends to have presentation track and hands-on class(es). In addition, 2nd Summit Days (Global Vulnerability Reporting Summit) after 5 years at TC in Kyoto 2012 will be held for sharing vulnerability information on a global basis.

Presentation by Steve Clement (CIRCL)

Steve Clement is a security engineer working for CIRCL and has been on-staff since 2008. Experienced in the security of Unix systems like Open and FreeBSD his passions turn around sharing this knowledge to the hungry and foolish. Further on Steve is a strong advocate for Free and Open Source Soft-/Hard-ware in an open world with less intellectual boundaries.

Reigning in the raw Power of PyMISP thanks to Python

  • Topic and objectives: The tutorial will be based around using the Python MISP module (pyMISP). Specifically using the MISP API in a pythonic way. More generally the talk is a motivation for the participants that always wanted to automate certain things, but never really got around doing it.

  • Outline of the content:
    • Introduction into pyMISP and its core
    • Show various ways to easily extract data from MISP
    • Further process data and send it to other independent MISP instance
    • Pull in external sources and automate co-relation
    • A few visualization examples
    • Present viper and how it can fit into the set up
    • Let participants come up with their use cases
  • Intended audience: Generally anyone interested in threat information sharing, both those new to MISP and active users. An understanding of the basics of cyber threat information sharing is a plus. A good practical understanding of programming languages is needed. No Python-guru status needed, some experience will help a little. Everything will be Python 3.x only.
  • Share with care: