"Pivnica Medvedgrad", a nice brewery/pub in the city centre, Ilica Street 49, Zagreb Google maps directions: https://maps.app.goo.gl/EjXGoumHD1rg8w1fA
We will meet in the pub, as we have a reserved space for our group.
*In case you are accommodated in the Hilton Garden Inn hotel - I will guide a small group from there to the pub starting from the hotel lobby at 18:45.
Registration starts
Lobby / Main Entrance
Session 1 • Joint Session • Welcome from the Hosts, Organisers and Sponsors
MEETING ROOM: Business Showroom
Welcome to both groups:
- Saša Ilić, CISO, Hrvatski Telekom, 10' welcome speech & presentation - Andrija Višić, ETIS Central Office, "Updates from ETIS" (5 min speech) - Sponsors welcome: Spamhaus; Ripjar (3 min speech each)
Splitting into 2 groups
CERT-SOC: Meeting Room: Big One AAWG: Meeting Room: Business Showroom
Session 2: Introductions Roundtable
Meeting Room: "Big One"
Session 2: Company Updates
Meeting Room: Business Showroom
Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also delivering expectations from this 2-day meeting. New members of the group may prepare a longer presentation.
Coffee Break
Session 3: "Developing logging and monitoring capabilities in the Network Logging domain"
Meeting Room: "Big One"
Roundtable input (5-10 min long) from selected participants on:
- Current Logging and Monitoring Practices - Log Retention and Compliance - Security Information and Event Management (SIEM) used daily - Threat Detection & Response - Automation and Orchestration - Log Data Quality and Integrity - Evolving Threat Landscape - Future Needs and Innovation - Case Studies and Real-World Examples
Confirmed Presentations: - Dag Bredahl, Telenor Norway
Session 4: Discovery Tooling and Security Tooling
Meeting Room: "Big One"
Confirmed presentation: - "Presentation on Discovery tooling for asset discovery and risk identification", by David Nairn, BT, 20' + Q&A
Lunch Break
Buffet Lunch in the Hilton hotel next to the venue
Session 5: Incidents • sharing session on most recent experiences
Meeting Room: "Big One"
Participants can prepare presentations on their experience with at least 1 recent incident. Any slides shared are expected to be sent to av@etis.org 3 working days in advance of the meeting, mentioning the TLP level.
Reserved slots: - "LockBit" Fabian Marquardt, Deutsche Telekom, 20' - "Aggregators", by Vodafone Germany, 30'
Coffee Break
Session 6: SS7 security • updates on most recent threats
Meeting Room: "Big One"
Members can prepare presentations of their most recent activities related to fighting threat actors on the SS7 security landscape.
Toolkits will be presented, along with advocacy activities related to a specific threat actor.
Please share presentation proposals with Andrija Višić at av@etis.org
Walking tour (finishing in the restaurant)
We will take a guided tour from the entrance of Hotel Dubrovnik (Location link: https://maps.app.goo.gl/fejPpsAADPpxTMM47) through the Zagreb old town and finalise our tour in the restaurant where we all meet for a community dinner.
Community Dinner in a nearby Restaurant
"SOL Tapas" restaurant, Ban Josip Jelacic Square 9, Zagreb, which is just a short walk away from the Hotel Dubrovnik or at the end of our walking tour if you are joining us for the tour.
Google Maps Directions: https://maps.app.goo.gl/f26eQxeq6XDMFmaD8
Session 7 • Joint Session with Anti-Abuse working group: "Various topics"
Meeting Room: Business Showroom
Reserved slots (including Q&A):
- "SOC - How to detect things that were not meant to be revealed", Pero Kristic, Combis d.o.o., 20'
- "Navigating the NIS2 Directive: Strengthening Cybersecurity in the EU", Kristina Orsanic Kopic, Combis d.o.o., 20'
- Developing better AI and LLM/Chat style solutions, Matt Chinnery, Ripjar, 20'
- Update from ETIS Central Office, Andrija Visic, ETIS Central Office, 10'
Coffee Break
Session 8: Joint Session for both Groups: "Suppliers' Demos"
Meeting Room: Business Showroom
Each sponsor of the ETIS meeting will have a 15' slot + Q&A
- Ripjar, 15'
Splitting into 2 groups
CERT-SOC: Meeting Room: Big One AAWG: Meeting Room: Business Showroom
Session 9: Cyber Threat Intelligence and Emerging Threats
Meeting Room: "Big One"
Presentation 1: "Quad7 Botnet und Entra ID attacks", by Fabian Marquardt, DT, 30'
Presentation 2: "Overwatch – Mapping vulnerable operators via the GRX/IPX networks", Alexandre De Oliveira, Post Luxembourg, 15'
- short description: "We have seen in the past years, operators getting compromised by state actors via overexposed sensitive services on the GRX/IPX. We will present methodology, results on the situation of European networks, what we see and if operators could just be already compromised."
Discussion, 10'
Lunch Break
Buffet Lunch in the Hilton hotel next to the venue
Session 10: Joint Session: "Microsoft Copilot for Security"
Meeting Room: Business Showroom
"Microsoft Copilot for Security", Juraj Šimunec, Hrvatski Telekom, 20'
- Pricing overview (consumption model explanation, automating capacity deployment ) - Understanding Access and Permissions to run Prompts vs Permissions to Access M365 resources - Prompts and Promptbooks - Custom Plugins --> potential opportunity for the integration with relevant 3rd party systems
Session 11: How Cyber Exercises are organised in European telcos
Meeting Room: "Big One"
Tabletop exercise: "Backdoor breaches Card Game", Swisscom - for all attendees of the CERT-SOC WG
Presentation from Arnim Eijkhoudt, KPN on the ways to use the ETIS MISP (10')
Roundtable: What to discuss in our next ETIS CERT-SOC WG meeting?
Informal dinner&drinks in Zagreb
"Pivnica Medvedgrad", a nice brewery/pub in the city centre, Ilica Street 49, Zagreb Google maps directions: https://maps.app.goo.gl/EjXGoumHD1rg8w1fA
We will meet in the pub, as we have a reserved space for our group.
*In case you are accommodated in the Hilton Garden Inn hotel - I will guide a small group from there to the pub starting from the hotel lobby at 18:45.
Registration starts
Lobby / Main Entrance
Session 1 • Joint Session: Welcome from the Hosts, Organisers and Sponsors
MEETING ROOM: Business Showroom
Welcome to both groups:
- Saša Ilić, CISO, Hrvatski Telekom, 10' welcome speech & presentation - Andrija Višić, ETIS Central Office, "Updates from ETIS", 5 min speech - Sponsors welcome: Spamhaus; Ripjar (3 min speech each)
Splitting into 2 groups
CERT-SOC: Meeting Room: Big One AAWG: Meeting Room: Business Showroom
Session 2: Introductions Roundtable
Meeting Room: "Business Showroom"
Session 2: Company Updates + Presentation of a Telco Frauds Landscape
Meeting Room: "Business Showroom"
Each company is allocated 2 minutes to present recent challenges, threats, incidents, projects, and future plans. Also delivering expectations from this 2-day meeting.
Coffee Break
Session 3: Anti-Abuse Best Practice Sharing • Roundtable of Topics of Interest
Meeting Room: "Business Showroom"
All participants to prepare for discussion on the following topics, showcasing some of their best practices with or without slides:
- "Advanced Techniques in SIM Swap Prevention": Discussing the latest methods to detect and prevent SIM swap attacks (Dag Eng, Telenor Norway, 5')
- "Combating Robocalls and Phone Spoofing": Exploring innovative technologies and regulatory frameworks (Dag Eng, Telenor Norway 5')
- "AI and Machine Learning in Fraud Detection": Leveraging AI and machine learning algorithms
- "Secure Identity Verification Methods": Enhancing customer authentication processes without compromising user experience
- "Fraudulent Account Takeovers and Credential Stuffing"
+ Presentation on StopPhishing project, by Michael Van Landeghem, Proximus, 15'
Lunch Break
Buffet Lunch in the Hilton hotel next to the venue
Session 4: Telecom Fraud and Scam Awareness: Global Perspectives
Meeting Room: "Business Showroom"
Please share presentation proposals with Andrija Višić at av@etis.org
1. Presentation: "Abusix Global Reporting Project" - presentation of the collaboration with ETIS, Tobias Knecht, Abusix CEO
2. Presentation: "Who is facilitating the facilitators?", Emanuele Balla, Spamhaus
Coffee Break
Session 5: Communication and Engagement with Customers to Prevent Fraud and Abuse (Part I)
Meeting Room: "Business Showroom"
- "SISA 10th Anniversary & using www.ibarry.ch for helping your customers", from an abuse desk perspective, Presentation from Thomas Lademann, Swisscom, 20'
Discussion session
Walking tour (finishing in the restaurant)
We will take a guided tour from the entrance of Hotel Dubrovnik (Location link: https://maps.app.goo.gl/fejPpsAADPpxTMM47) through the Zagreb old town and finalise our tour in the restaurant where we all meet for a community dinner.
Community Dinner in a nearby Restaurant
"SOL Tapas" restaurant, Ban Josip Jelacic Square 9, Zagreb, which is just a short walk away from the Hotel Dubrovnik or at the end of our walking tour if you are joining us for the tour.
Google Maps Directions: https://maps.app.goo.gl/f26eQxeq6XDMFmaD8
Session 7 • Joint Session with Anti-Abuse working group: "Various topics"
Meeting Room: Business Showroom
Reserved slots (including Q&A):
- "SOC - How to detect things that were not meant to be revealed", Pero Kristic, Combis d.o.o., 20'
- "Navigating the NIS2 Directive: Strengthening Cybersecurity in the EU", Kristina Orsanic Kopic, Combis d.o.o., 20'
- Developing better AI and LLM/Chat style solutions, Matt Chinnery, Ripjar, 20'
- Update from ETIS Central Office, Andrija Visic, ETIS Central Office, 10'
Coffee Break
Session 8: Joint Session for both Groups: "Suppliers' Demos"
Meeting Room: Business Showroom
Each sponsor of the ETIS meeting will have a 15' slot + Q&A:
- Ripjar, 15'
Splitting into 2 groups
CERT-SOC: Meeting Room: Big One AAWG: Meeting Room: Business Showroom
Session 9: Communication and Engagement with Customers to Prevent Fraud and Abuse (Part II)
Meeting Room: "Business Showroom"
Reserved slots: - "Elisa's approach to customer communication about fraud", Lauri Ramo, Elisa, 20'
Description: Pros and cons for customer service to handle abuse-related communication with the customer.
Discussion session
Lunch Break
Buffet Lunch in the Hilton hotel next to the venue
Session 10: Joint Session: "Microsoft Copilot for Security"
Meeting Room: Business Showroom
"Microsoft Copilot for Security", Juraj Šimunec, Hrvatski Telekom, 20'
- Pricing overview (consumption model explanation, automating capacity deployment ) - Understanding Access and Permissions to run Prompts vs Permissions to Access M365 resources - Prompts and Promptbooks - Custom Plugins --> potential opportunity for the integration with relevant 3rd party systems
Session 11: Roundtable discussion: "How to share vast amounts of useful 'attack data' telcos hold"
Meeting Room: "Business Showroom"
Roundtable: What are some ways you might be aware of, for distributing 'attack data' to the various ISPs – so proper cleanups can be made?