Program 2025

tir. 07. okt.

9:00 - 14:00
Pre-Conference Workshop: Hands-On Investigation of Malware Delivery
Sopra Steria, Posthuset
9:00 - 16:00
Pre-Conference Workshop: Incident Response Manager Training
mnemonic, Henrik Ibsens Gt 100

ons. 08. okt.

9:00 - 9:30
Registration and Coffee
Eldorado Hub, Torggata 9B
9:30 - 9:45
Welcome Remarks | Ingvild Giset & Hans-Petter Fjeld
9:45 - 10:15
SHAZAM - A Targeted Invoice Scammer | Jørgen Bøhnsdalen, Helse- Og KommuneCERT
10:15 - 10:30
Break
10:30 - 11:00
Exploiting Adversary Infrastructure | Martin Öberg, Visma
11:00 - 11:15
Break
11:15 - 11:45
Threat Hunting for Beginners | Ågot Stornes, NAV
11:45 - 12:45
Lunch
12:45 - 13:15
Tracking the Adversaries in the Middle | Magnus Refsnes, mnemonic
13:15 - 13:30
Break
13:30 - 14:00
CEO Fraud - Playing along with the Bad Guys | Linn Kristin Klausen, DNB
14:00 - 14:15
Break
14:15 - 14:45
Lessons in Modern Resilience: Closing the Gaps We Didn’t See | Petter B. Bjørklund & Sivert S. Lund, Norges Bank
14:45 - 15:00
Break
15:00 - 15:45
Confusing and (Somewhat) Amusing – Red Ishtar’s Ever Evolving TTPs Over Multiple Years | Jono Davis, PwC
15:45 - 16:00
Closing Remarks | Ingvild Giset & Hans-Petter Fjeld
16:15 - 18:00
Community Get-Together
Oslo Streetfood, Torggata 16B

tor. 09. okt.

9:00 - 9:30
Registration and Coffee
Eldorado Hub, Torggata 9B
9:30 - 9:45
Welcome Remarks | Ingvild Giset & Hans-Petter Fjeld
9:45 - 10:15
The Curious Case of the Storage Spoofing | Jesse Voet, LyondellBasell
10:15 - 10:30
Break
10:30 - 11:15
Stop Hitting Yourself: Turning Evasion Techniques Against Malware | Patrick Staubmann, VMRay
11:15 - 11:30
Break
11:30 - 12:00
APT Defense Without Illusions: Good Practices, Bad Habits, and How to Fix Them | Raymond Hagen, Digdir
12:00 - 13:00
Lunch
13:00 - 13:30
Who did it? Getting started with Threat Actor Profiling | Marthe R. Rogndokken, Sopra Steria
13:30 - 13:45
Break
13:45 - 14:15
We need the factory up by Sunday! | Håkon Prestvik, Defendable
14:15 - 14:30
Break
14:30 - 15:15
Analyzing a Nation-State Linux Rootkit: Inside the DPRK's Latest Malware | Craig H. Rowland, Sandfly
15:15 - 15:30
Closing Remarks | Ingvild Giset & Hans-Petter Fjeld

Program 2025

tir. 07. okt.

Pre-Conference Workshop: Hands-On Investigation of Malware Delivery

Pre-Conference Workshop: Incident Response Manager Training

ons. 08. okt.

Registration and Coffee

Welcome Remarks | Ingvild Giset & Hans-Petter Fjeld

SHAZAM - A Targeted Invoice Scammer | Jørgen Bøhnsdalen, Helse- Og KommuneCERT

Break

Exploiting Adversary Infrastructure | Martin Öberg, Visma

Break

Threat Hunting for Beginners | Ågot Stornes, NAV

Lunch

Tracking the Adversaries in the Middle | Magnus Refsnes, mnemonic

Break

CEO Fraud - Playing along with the Bad Guys | Linn Kristin Klausen, DNB

Break

Lessons in Modern Resilience: Closing the Gaps We Didn’t See | Petter B. Bjørklund & Sivert S. Lund, Norges Bank

Break

Confusing and (Somewhat) Amusing – Red Ishtar’s Ever Evolving TTPs Over Multiple Years | Jono Davis, PwC

Closing Remarks | Ingvild Giset & Hans-Petter Fjeld

Community Get-Together

tor. 09. okt.

Registration and Coffee

Welcome Remarks | Ingvild Giset & Hans-Petter Fjeld

The Curious Case of the Storage Spoofing | Jesse Voet, LyondellBasell

Break

Stop Hitting Yourself: Turning Evasion Techniques Against Malware | Patrick Staubmann, VMRay

Break

APT Defense Without Illusions: Good Practices, Bad Habits, and How to Fix Them | Raymond Hagen, Digdir

Lunch

Who did it? Getting started with Threat Actor Profiling | Marthe R. Rogndokken, Sopra Steria

Break

We need the factory up by Sunday! | Håkon Prestvik, Defendable

Break

Analyzing a Nation-State Linux Rootkit: Inside the DPRK's Latest Malware | Craig H. Rowland, Sandfly

Closing Remarks | Ingvild Giset & Hans-Petter Fjeld

FIRST Norway

oslo-tc@first.org

About FIRST Norway

FIRST

Forum of Incident Response and Security Teams

first-sec@first.org

About FIRST

Shortcuts