Meeting TF-CSIRT and the FIRST Regional Symposium Europe 2023

As esCert we are part of the FIRST (Forum of Incident Response and Security Teams) and we try to go to some events that FIRST organizes. This year (Marc Catrisse and Albert Renom) we attended the TF-CSIRT Meeting and the FIRST Regional Symposium Europe 2023 was held from 31 January to 2 February 2023 at the Euskalduna Conference Centre in Bilbao. These days are an event held three times a year that brings together computer security professionals from across Europe to share experiences, knowledge and the latest trends in this field.

The format is formal and includes management, technical and practical components. Symposia usually offer 1-2 full days of plenary sessions along with a full day of practical training. The agenda of the event can be found at the following link https://www.first.org/events/symposium/bilbao2023/program

If you look at the agenda the first thing that catches our attention are the "TLP" tags of various colors. So what is the TLP? Well, it’s the "TRAFFIC LIGHT PROTOCOL" (https://www.first.org/tlp/). The TLP was created to facilitate greater exchange of potentially sensitive information and more effective collaboration. The exchange of information occurs from one source of information to one or more recipients. TLP is a set of four labels that are used to indicate the sharing limits that recipients must apply. The four labels used by FIRTS are: TLP:CLEAR, TLP:GREEN, TLP:AMBER and TLP:RED. By way of summary we will say that TLP:CLEAR does not have any limitation, TLP:GREEN limited diffusion within the community, TLP:AMBER limited diffusion to those people who need to know within the organization and TLP:RED cannot make diffusion. Therefore I can only comment that I found the TLP:CLEAR, the rest are confidential.

To not get too bored I will tell you that the session that I found very interesting is the session: Tracking Attackers in Open Source Supply Chain Attacks: The New Frontier. The presentation was about how developers can be vulnerable to malware. We all use npm orders to install some package or library that you can help us in the development of our project, well, this presentation explained how hackers can modify code repositories to enter lines of malicious code and when we install this code via npm, either we download the malware or it creates a security hole or anything else bad. This presentation ended by explaining the system used to detect and report these malicious packets (https://red-lili.info/ )

But this symposium is not all work, there is also networking and the event that was organized in these days took place on Tuesday night at the Guggenheim Museum in Bilbao. The first thing that surprised us was that there was "dress code", we had to go "Smart Casual", therefore, more clothes that we had to add to our suitcase. And I must admit that the act surprised me, since the act that took place in the museum could, dinner (there was a catering), listen to music from a live group or visit the entire museum (which was open only for us).

In short, these days we have learned things, we have grown our network of contacts and why not, we have also enjoyed the gastronomy of Bilbao.