09:00 - 09:05 | Welcome to ISOI 2 and Preview of the Day | Gadi Evron (Beyond Security) |
09:05 - 09:40 | Key-note: "Where is That Worm? The Changing Nature of Cyber-attacks" | Jerry Dixon (DHS, US-CERT manager) |
09:40 - 10:10 | "MSRC Exploit Zero Day Response - Case Studies" | Greg Galford (Microsoft) |
10:10 - 10:40 | "Zero-day Exploits in 2006 - the Microsoft Antimalware Team's Perspective" | Ziv Mador (Microsoft) |
10:40 - 11:10 | "Intelligence update: Targeted Trojan Attacks" | Alex Shipp (Messagelabs) |
11:10 - 11:40 | "Web War Games" | Hubbard Dan (Websense) |
11:40 - 12:10 | "Netflow revisited" | Barry Raveendran Greene (Cisco) |
12:10 - 12:45 | Lunch break | Got chow? |
12:45 - 13:10 | "Abusing SPF for a DDoS Amplification Attack DDoS on DNS" | Douglas Otis (Trendmicro) |
13:10 - 13:35 | "Building and Perfecting an AS-based Reporting System" | Randy Vaughn (Baylor) [Q&A with Gadi] |
13:35 - 14:00 | "Intelligence update: MiTM and Banking Trojan Horses" | Christoph Fischer (BFK) |
14:00 - 14:25 | "Trolling the BotNet Economy" | Chris Wee, Oliver Friedrichs (Symantec) |
14:00 - 14:25 | "DDoS and Botnets: Same as it Ever Was" | Jose Nazario (Arbor) |
14:25 - 14:50 | "Web Server Botnets and Hosting Farms as Attack Platforms" | Gadi Evron (Beyond Security) |
14:50 - 15:15 | "myNetWatchman Octopus - Reach Out and Touch a Spammer" | Lawrence Baldwin (myNetWatchman) |
15:15 - 15:40 | "Innovations in Using DNS as an Early Warning System for Attacks" | Paul "Fergie" Ferguson (Trendmicro), Gadi Evron |
15:40 - 16:05 | "Investigating Phishing Cases: Case Studies" | S.A. Andrew Fried (Department of Treasury) |
16:05 - 16:30 | "Conducting Spam-related Investigation" | Don Blumenthal (formerly FTC) |
16:30 - 16:55 | "SandBox Solutions are NOT the Ultimate Solutions and Can be Beaten: Case Studies" |
Righard J. Zwienenberg (Norman) |
16:55 - 17:20 | TBA | S.A. Tom Grasso (FBI) |
17:20 - 17:45 | "Case study: Blackworm - Sinkholing and Analysing the Spread of a Worm from Poisoned IP Data" |
Coleen Shannon (CAIDA) [Q&A with Gadi] |
17:45 - 18:00 | "20 Years Worth Of Bygone Days Of Virus Research" | Rob Slade (Grandpa Extraodinair) |
18:00 - 18:25 | "MS06-040: Exposure and Aftermath - A Case Study" | Daniel Schwalbe (Washington EDU) |
18:25 - 18:45 | "Slaying the Zombie: an .edu Case Study of Bot Detection, Mitigation and Analysis" |
Curt Wilson (SIU) |
18:45 - EOD | TBA | Roger Thompson (Explabs) |
09:00 - 09:05 | Preview of the day | Gadi Evron (Beyond Security) |
09:05 - 09:30 | "Lecture: Automatic Detection and Response to Bots and Botnets on ISP Networks" |
Donald Smith (Qwest) |
09:30 - 09:55 | "Lecture: Breaking Virtual Keyboards on Banks and eCommerce Sites" | Aviram Jenik (Beyond Security) |
09:55 - 10:10 | APWG spot | Dave Jevans (APWG) |
10:10 - 10:25 | PIRT spot | Paul Laudanski (CastleCops PIRT) |
10:25 - 10:40 | * spot | |
10:40 - 11:10 | "From Botnet to Shutdown and Prosecution: What to Do?" | Righard J. Zwienenberg (Norman) |
11:10 - 12:10 | "Finding Community and Industry Solutions for LEOs: Getting the Bad Guys" |
Andrew Fried (IRS), Tom Grasso (FBI), Don Blumenthal (formerly FTC), Levi Gundert (Secret Service) |
12:10 - 12:45 | Lunch break | Try Our Mountain Dew |
12:45 - 13:30 | "The future of Sandbox Technology" | Righard J. Zwienenberg (Norman), Carsten Willems, Randy Vaughn (Baylor), Thorsten Holz |
13:30 - 14:00 | "The Changing Role of Service Providers in the Fight" | Danny McPherson (Arbor), Barry Greene (Cisco), Donald Smith (Qwest) |
14:00 - 14:30 | Planning Internet-wide Zero Day Response | Gadi Evron, Greg Galford (Microsoft MSRC), Oliver Friedrichs (Symantec), Joe Hartmann (Trendmicro), Barry Greene (Cisco), Randy Abrams (ESET), Jerry Dixon (US-CERT) |
14:30 - 15:00 | "Creating an updated BCP 38 at the IETF" | Paul "Fergie" Ferguson (Trendmicro), Radia Perlman (Sun) |
15:00 - 15:30 | "Planning an Intelligence War" | Gadi Evron (Beyond Security) |
15:30 - 16:00 | TBA | Mike Reavey (Microsoft MSRC Manager) |
16:00 - 16:30 | "Affecting Change in the Spam War" | Lawrence Baldwin (myNetWatchman), Marcus H. Sachs (SRI for DHS S&P, SANS ISC) |
16:30 - 16:45 | Introducing USENIX HOTBOTS `07 | Michael Bailey (UMICH), Evan Cooke (UMICH) |
16:45 - 17:00 | Intelligence update: fastflux | A. L. |
17:00 - 17:15 | Boxing Match (gloves needed!) | Gadi Evron (Beyond Security) vs. William Salusky (AOL) |
17:15 - 19:00 | "Open Community Discussion, and Planning Future Activities" | Greg Galford (Microsoft MSRC), Paul Vixie ?? (ISC), Kevin Hong (KrCERT) |
All day | Ski trip | Ziv ?? |