08:55 - 09:00 | Welcome to ISOI 2 and Preview of the Day | Gadi Evron (Beyond Security) |
09:00 - 09:30 | "Google adwords .. .the dangers of dealing with the Russian mafia" | Roger Thompson (Exp Labs) |
09:30 - 10:00 | "Incident Response During the Recent Attack" | Hillar Aarelaid (Estonian CERT) |
10:00 - 10:30 | "Strategic Lessons From the Estonian 'First Internet War'" | Gadi Evron (Beyond Security) |
10:30 - 11:00 | "Targeted attacks (spear phishing): A demonstration and analysis of a former Office 0-day" |
Rob Hensig (Microsoft) |
11:00 - 11:30 | "FastFlux Update: Monitoring the IPv4 Network in 3D" | N. Bourbaki |
11:30 - 12:00 | "What you should be asking me as a routing vendor" | Barry Raveendran Greene (Cisco) |
12:00 - 12:40 | Lunch break | Got chow? |
12:40 - 13:05 | "Storm Worms...When it rains it pours" | Dan Hubbard (Websense) Joe Stewart (SecureWorks) |
13:05 - 13:30 | "Phishing and the IRS - New Methods" | Andrew Fried (Treasury Department) |
13:30 - 14:00 | "Cyber Threat Analytics and the BotHunter Tool" | Marcus H. Sachs (SANS ISC) |
14:00 - 14:25 | "Beware: TNT!!! (The Newest Threat)" | Righard J. Zwienenberg (Norman) |
14:25 - 14:45 | Snack break | apparently Gadi slipped up |
14:45 - 15:10 | "Infrastructure Security and Internet Attack Statistics" | Danny McPherson (Arbor) |
15:10 - 15:35 | "Botnets in a Hosting Environment" | James Pleger (Honeywell) |
15:35 - 16:00 | "The Spammer Evolves - Migration to WebMail" | William Salusky (AOL) |
16:00 - 16:25 | "Vulnerabilities used to hack sites for phishing" | John LaCour (Mark Monitor) |
16:25 - 16:50 | "Managing the response to eCrime, Lessons Learnt in the UK Financial Sector" |
Tom Salmond (Ernst & Young) |
16:50 - 17:10 | "Domain Registrations Revenue of Blacklisted, Phished, and Malware Hosting" |
Rick Wesson (Support Intelligence) |
17:10 - 17:35 | "How Not to Hide if You're a Russian Hacker Living in India" | Paul Ferguson (Trend Micro) |
17:35 - 18:00 | "Six Degrees of Bot Herders - Data Aggregation and Relationships" |
Andre' M. DiMino (The Shadowserver Foundation) |
09:00 - 09:05 | Preview of the day | Gadi Evron (Beyond Security) |
09:05 - 09:30 | "Automated Static Analysis of Malware" | Jose Nazarijo (Arbor) |
09:30 - 09:55 | "Mpack and Honeyjax (Web 2.0 honeypots)" | Dan Hubbard (Websense) |
09:55 - 10:10 | APWG spot | Dave Jevans (APWG) |
10:10 - 10:25 | Break | No joke |
10:25 - 10:40 | *spot | |
10:40 - 11:10 | "HaxTor - Tor for eCrime?" | Lawrence Baldwin (MyNetWatchman) |
11:10 - 12:10 | "Finding Community and Industry Solutions for LEOs: Getting the Bad Guys" |
Lotsa agents |
12:10 - 12:45 | Lunch break | Try Our Falafel |
12:45 - 13:15 | "The Changing Role of Service Providers in the Fight" | Lotsa providers |
13:15 - 13:45 | "Kitten Hashes and Botastic Rainbow Redirects" | David Dagon (Damballa) |
13:45 - 14:15 | "Fighting Cybercrime at the Source" | Joe Stewart (SecureWorks) |
14:15 - 14:45 | "Open discussion: What is a bot?" | Allysa Myers (McAfee) |
14:45 - 15:05 | TBA | Johannes Ullrich (SANS ISC) |
15:05 - 15:20 | "Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic" |
Jose' Carlos Brustoloni (University of Pittsburgh) joint publication with Ricardo Villamarin-Salomon |
15:20 - 15:50 | "Affecting Change" | Marcus H. Sachs (SANS ISC), Randy Abrams, Gadi Evron (Beyond Security), Paul Ferguson (Trend Micro) |
15:50 - 16:20 | Fastflux solutions | Steve Crocker (ICANN SSAC), William Salusky (AOL), Ram Mohan (Aflias), Dave Piscitello (ICANN SSAC), Gadi Evron (Beyond Security), N. Bourbaki |
16:20 - 16:45 | Boxing Match (gloves needed!) | |
16:45 - 17:15 | "Modeling phished and compromised user accounts" | Mark Seiden (MSB Associates) |
17:15 - 17:45 | "Thank you, what's next?" | Greg Galford (Scuba from Florida), Righard J. Zwienenberg (Norman) |