Agenda ⇽ CERT-SOC & Anti-Abuse Working Group meeting in Mechelen, Belgium

Monday, March 31, 2025 19:30 to 21:30: 19:30 - 21:30
Non-Sponsored Informal Dinner&Drinks in Mechelen
We will meet in the restaurant, as we have a reserved space for our group.

Tuesday, April 1, 2025 08:30 to 22:30: 08:30 - 09:00
Registration starts
Lobby / Main Entrance; 09:00 - 09:35
Session 1 • JOINT SESSION • Welcome from the Hosts, Organisers and Sponsors
MEETING ROOM: tbc

Welcome to both groups:

- Telenet, (10' welcome speech & presentation)
- Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech)
- Sponsors welcome (3 min speech each); 09:35 - 09:40
Splitting into 2 groups
CERT-SOC: room tbc
Anti-Abuse: room tbc; 09:40 - 11:00
Session 2: "Introductions Roundtable and Company Updates (Part 1)"
MEETING ROOM: tbc

Roundtable intro: 10 min

Company updates (PART I)

Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.; 11:00 - 11:30
Coffee Break; 11:30 - 13:00
Session 3: Deception techniques and tooling: Honeypots(and Nets)
MEETING ROOM: tbc

Presentations expected from operators using the most sophisticated deception tooling out there.; 13:00 - 14:00
Lunch Break; 14:00 - 15:30
Session 4: Using AI for Analysis and Improving user communication in SOC
MEETING ROOM: tbc

In this session, operators are encouraged to share best practices in:

- using copilot and other AI sec. tools
- improving skills in detection engineering (by using AI)
- using AI for Analysis. Review of Reports for actual threat actors
- other best practices; 15:30 - 16:00
Coffee Break; 16:00 - 17:00
Session 5: Various Topics
Topic to be determined by Telenet; 18:30 - 19:30
Guided tour of Mechelen (ending in the restaurant); 19:30 - 22:30
Sponsored Dinner for All Attendees

Wednesday, April 2, 2025 09:15 to 15:15: 09:15 - 10:30
Session 6 • JOINT SESSION with Anti-Abuse working group: "Various topics and demos"
MEETING ROOM: tbc; 10:30 - 10:55
Coffee Break; 10:55 - 11:00
Groups Split
CERT-SOC: room tbc
Anti-Abuse: room tbc; 11:00 - 11:30
Company Updates (PART 2)
MEETING ROOM: tbc

Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.; 11:30 - 12:15
Session 7: Incident sharing roundtable
MEETING ROOM: tbc

Members share 5-10 min presentations (pre-prepared) about incidents they recently experienced; 12:15 - 13:00
Session 8: "Threat Hunting Exercises in European Telcos"
MEETING ROOM: tbc; 13:00 - 14:00
Lunch Break; 14:00 - 15:00
Session 9: Signalling Security Updates from European Telcos
MEETING ROOM: tbc; 15:00 - 15:15
Wrap Up Session and Topics for Next Time
MEETING ROOM: tbc

Roundtable: Each member mentions topics they wish to include in the next meeting agenda

Monday, March 31, 2025 19:30 to 21:30: 19:30 - 21:30
Non-Sponsored Informal Dinner&Drinks in Mechelen
We will meet in the restaurant, as we have a reserved space for our group.

Tuesday, April 1, 2025 08:30 to 22:00: 08:30 - 09:00
Registration starts
Lobby / Main Entrance; 09:00 - 09:35
Session 1 • JOINT SESSION • Welcome from the Hosts, Organisers and Sponsors
MEETING ROOM: tbc

Welcome to both groups:

- Telenet, (10' welcome speech & presentation)
- Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech)
- Sponsors welcome (3 min speech each); 09:35 - 09:40
Splitting into 2 groups
CERT-SOC: room tbc
Anti-Abuse: room tbc; 09:40 - 11:00
Session 2: "Introductions Roundtable and Company Updates"
MEETING ROOM: tbc

"Introduction of the Telenet Anti-Abuse Team & Responsibilities" - 15' presentation

Then, each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also mentioning expectations from this 2-day meeting. New members of the group may prepare a longer presentation.; 11:00 - 11:30
Coffee Break; 11:30 - 12:30
Session 3: "Exploitation of Residential Proxies • Fraud Schemes and Tactics"
Residential proxies, which route internet traffic through real residential IP addresses, are increasingly exploited in Europe for fraudulent activities that threaten telcos and their customers.

Presentation is expected from telcos experienced in combating these fraudulent activities.; 12:30 - 13:00
Session 3 (Continuation): "e-SIM Fraud"
MEETING ROOM: tbc; 13:00 - 14:00
Lunch Break; 14:00 - 15:30
Session 4: "Credential Stuffing"
Which advanced fraud detection systems and monitoring for unusual account activity are telcos in Europe using?

Presentations are expected from telecom operator representatives.; 15:30 - 16:00
Coffee Break; 16:00 - 17:00
Session 5: "Phishing Detection Tools + Bluewin Mail AWS Story (Abuse Handling)"
MEETING ROOM: tbc

Presentation by Swisscom; 18:30 - 19:00
Guided tour of Mechelen (ending in the restaurant); 19:00 - 22:00
Sponsored Dinner for All Attendees

Wednesday, April 2, 2025 09:15 to 03:15: 09:15 - 10:30
Session 6 • JOINT SESSION with Anti-Abuse working group: "Various topics and demos"
MEETING ROOM: tbc; 10:30 - 10:55
Coffee Break; 10:55 - 11:00
Groups Split
CERT-SOC: room tbc
Anti-Abuse: room tbc; 11:00 - 00:00
Session 7: "Global Reporting Sharing Experiences"; 00:00 - 01:00
Session 8: "Methodologies for Automating Communications with Customers"
MEETING ROOM: tbc

Walled garden approaches to be presented by telecom operators; 01:00 - 02:00
Lunch Break; 02:00 - 03:00
Session 9: "Various Topics"
MEETING ROOM: tbc; 03:00 - 03:15
Wrap Up Session and Topics for Next Time
MEETING ROOM: tbc

Roundtable: Each member mentions topics they wish to include in the next meeting agenda

Agenda

Registration