6 posts categorized "Africa" Feed

Jul 29, 2016

Workshop and Training in Botswana

Dumela!

This is hello in Tswana, a widely spoken language in Botswana. I’m Moris, Katsuhiro Mori, working at Global Coordination Division of JPCERT/CC. Recently I visited Gaborone, Botswana with Sparky, my colleague and an expert of cyber security training in Africa, for joining Africa Internet Summit (AIS) 2016 held from May 29 through June 10. AIS is an annual, regional, multi-stakeholder ICT conference since 2013, which aims to bring the African Internet community, drawn from governmental institutions, public and private sectors, academia and civil society, to interact with the global Internet community on Internet development in Africa. JPCERT/CC has been joining events by the African Internet community about twice a year since 2010. Dr. Suguru Yamaguchi, who had served as one of JPCERT/CC’s board members, was a key person to start outreach activities in Africa. In the African CSIRT community, he is known for sowing the seeds of CSIRT capacity building activities in Africa. But sadly, he passed away on May 9, 2016. We would like to take over his will to enhance cyber security and create close communication with African countries, especially CSIRT communities.

Here, I would like to write about the workshop which I engaged as a trainer for the first time.

June 1st

This time, we conducted a training for AfricaCERT members on malware analysis. The curriculum consisted of malware basics, malware analysis basics, malware analysis environment setup, surface analysis methods and runtime analysis methods. These five sections are the basics of malware analysis, and JPCERT/CC’s Analysis Center also uses these methods. We hope attendees have learned a lot from this material.

TitleComponents
Malware Basics About technical terms of Malware
Malware Analysis Basics About technical terms of Malware Analysis
Malware Analysis Environment Setup Installing software and setting configuration
Surface Analysis Methods Introducing Malware tools and analyzing files using the tools
Runtime Analysis Methods Analyzing sample malware, watching network packets, registry, and process activities
Photo taken at the training
1

When I started to lecture on malware analysis environment setup, I felt it was difficult to prepare the same environment in each attendee’s device. Although what we had prepared was for Windows 7 64 bit, there were some participants with Mac OS.

Figure 1: Setting of environment using Virtualbox
2

It is very important to create malware analysis environment in a proper manner; otherwise malware may spread to another PC through the LAN or USB devices. This setup took a lot of time, so we moved to lecture on surface analysis methods, which does not require environment setup.

Basically, we started to analyze malware from surface analysis – that is, observing malware without actually running it. Sometimes we can obtain enough information from surface analysis, or in other cases, we would need to get further information from runtime analysis. We analyzed malware by using tools and searching information through the Internet.

June 2nd

Runtime analysis method is analyzing malware by executing it on a PC (with a special environment). We observed malware behavior from process, network activity and registry by using some tools. It is important that CSIRTs have malware analysis skills, especially in case of malware observed in a limited range of regions, or customized malware, since sometimes they are not yet adapted by anti-virus vendors.

After malware analysis, Sparky conducted a workshop on CyberGreen. This is a project lead by JPCERT/CC to measure and improve cyber health. We help CSIRTs focus their remediation efforts on the most important risks; to help understand where improvements can be made and how, together, we can achieve a more sustainable, secure, and resilient cyber ecosystem.

Sparky talking about CyberGreen project
3

June 3rd

There was a cerebration for CERT-FR and JPCERT/CC who have been supporting the African Internet community. JPCERT/CC, Dr. Suguru Yamaguchi and Sparky were given the “Meritorious Service Award” by AfricaCERT. AfricaCERT members talked about memories with Dr. Suguru and his contribution. I was moved by their stories. Unfortunately, I did not and will not ever have a chance to meet him, but I felt his great achievements will be alive here in Africa. I have to take over his will and support CSIRT establishment in the African region as a member of JPCERT/CC.

Sparky was given an award from Prof. Nii Quaynor
4
Certificate of achievement given for Dr. Suguru Yamaguchi
5

Thank you for reading.

- Katsuhiro Mori

May 23, 2016

Workshop and Training in Congo

Nice to see you!

My name is Jimmy, Hajime Komaba, working at Enterprise Support Group of JPCERT/CC, a department which takes care of Nippon CSIRT Association (NCA, a community of various enterprise and organizational CSIRTs in Japan) and Council of Anti-Phishing Japan (APC).

It’s been quite a while ago, but last November, I was given an opportunity to travel to the Republic of Congo with my colleague, Koichiro (Sparky) Komiyama. Today, I would like to share the experience from my first trip to Africa and about AfricaCERT’s event.

AfricaCERT is a forum of CSIRTs in Africa, with the aim of promoting cybersecurity on the Continent. One of their key activities is the trainings and lectures for their members. Last year, one of the trainings and lectures took place in Pointe Noire, the Republic of Congo, from 28th November to 1st December. JPCERT/CC, a supporting member of AfricaCERT, was invited as a trainer for the programs planned for the first two days. The sessions consisted of a lecture about CSIRTs in Japan, such as activities of NCA, followed by some hands-on trainings. Our sessions attracted about 28 trainees from various African countries including Cote d’Ivoire, Chad, Angola, Guinea, etc. The participants were engaged in cyber security missions as air traffic controllers, telecom company officials, and so on. For the sessions on the later days, CERT-FR from France, also a supporting member of AfricaCERT, was also invited as a trainer.

29th November (Morning session)

I was an assistant for this session, while Sparky was the main trainer. When he started talking about the various CSIRTs in Japan, the participants seemed to be interested in the topic at once. Lately in Africa, “CSIRT” is one of the hot topics, and there are many companies and organizations that are interested in launching one. Serving as the Secretariat for NCA, JPCERT/CC introduced its organization overview and activities. This included the fact that NCA’s members now count up to more than 100 teams (and more to come in 2016), which is almost double from 2014. The participants were surprised at this number. As well as aiming to support organizations who wish to launch a new CSIRT, NCA also has diverse Working Groups in order to provide opportunities for teams to exchange information on CSIRT operation, incident case studies and latest cyber threats.

Photo1final

(Photo of me at the training)

29th (Afternoon session) – 30th November

The next program was a hands-on session, mainly for log management using SSH server. Sparky and I introduced how to collect and sort information from a vast amount of log data using shell commands. The participants were engaged in each task enthusiastically. This picture above was taken while I was teaching how to use those commands and confirm the results.

Photo2

(Photo of Sparky with banner)

At the event, we found this banner (above) with the pictures of key persons who have assisted in spearheading Internet in Africa. This is Sparky pointing the picture of Dr. Suguru Yamaguchi1, a member of JPCERT/CC’s Board of Directors, and one of the initiators and a contributor of AfricaCERT. Of course, having travelled to Africa more than 12 times now, Sparky’s photo was on the banner as well.

What impressed me during the training were the bright and enthusiastic eyes of the participants. I felt that each attendee was actively engaged in each task and trying to make the most of the training. As a trainer, I also enjoyed conducting the training to such participants, and I recall those moments every now and then.

Various different trainings and events by AfricaCERT will keep going. I hope to return to Africa in the near future if any opportunity arises. In order to provide continuous assistance in CSIRT development in Africa, JPCERT/CC will continue such activities by making more visits.

I will never forget those bright eyes of the participants in the Republic of Congo, and will work on my projects here at JPCERT/CC until my next return.

Thank you for reading.

- Hajime Komaba

(Translated by Yukako Uchida)


1We are deeply saddened to announce that Dr. Suguru Yamaguchi, a member of the Board of Directors of JPCERT/CC, passed away on May 9, 2016.

Statement of Condolences

https://www.jpcert.or.jp/english/about/2016/PR20160512R.html

 

Jan 15, 2015

AfricaCERT Workshop and Training in Mauritius

Happy New Year 2015 to everyone!

I am Toru Yamauchi, Research Director of JPCERT/CC.

JPCERT/CC has been contributing to the CSIRT community in Africa in order to enhance the global cybersecurity activity. In the rapid ICT development in Africa, it is getting more important for them to accelerate human development in cybersecurity area and to establish regional cooperation especially among National CSIRTs. I would like to introduce our recent on-site training program in Mauritius by my colleague Sparky (Mr. Koichiro Komiyama) and me in late November 2014, based on JPCERT/CC’s collaboration with AfricaCERT.

 

Outline of Mauritius and ICT

The Republic of Mauritius is an island nation in the Indian Ocean which is located about 2,000 kilometers off the southeast coast of the African Continent.  The majority of the population is Indo-Mauritians. We felt that its culture is different from the African Continent because of its history.

 

Government of Mauritius is promoting the ICT industry as well as tourism industry. It aims to make the country an ICT hub in the Indian Ocean through the Internet and invites ICT companies from overseas. The headquarters of AFRINIC* are also located in Ebene City, Mauritius.

* African Network Information Center as the Regional Internet Registry for Africa and Indian Ocean.

Img_2063

(On a beautiful street in an early morning in Port Louis, the capital of Mauritius)

 

 

Training Courses at AfricaCERT Workshop, Mauritius

We conducted a training program at Hennessy Park Hotel, Ebene City on November 25, 2014. It was organized as the AfricaCERT workshop which was one of the programs under AFRINIC 21.  

 

AfricaCERT was officially established in 2012 as the African forum of Computer Emergency Response Teams. Currently the forum is led by Mr. Jean Robert Hountomey, Mr. Jacques Houngbo and Mr. Marcus Adomey. JPCERT/CC has been supporting their activities mainly in the CSIRT Training Courses for its technical staff. We have been conducting 10 training courses from November 2010 up to this time. In Mauritius, we also collaborated with FIRST which provides the training courses (TRANSITS) for CSIRT professionals all over the world. In the course we accommodated about 30 participants from various African regions: Benin, Botswana, Burkina Faso, Cameroon, Chad, the Comoros, Congo, Djibouti, Gabon, Ghana, Ivory Coast, Kenya, La Reunion, Mauritius, Mozambique, Rwanda, South Africa, Tunisia and Zambia. The participants include some staff working at a National CSIRT.   

 

Img_2245_2

(At the AfricaCERT Workshop)

 

In JPCERT/CC’s training, we had the following two parts:

i) Technical exercise on Apache Log Analysis (Basic and Advanced)

ii) Introduction of Cybersecurity in Japan, including JPCERT/CC’s activities

 

Sparky led the Apache Log Analysis (Basic and Advanced) exercise. He delivered intensive hands-on training to provide practical skills and capabilities in incident response which can be utilized at their local organizations. This exercise was timely because Apache log analysis is one of the key techniques to deal with web-based attacks such as XSS (cross site scripting), CSRF (cross site request forgeries) and so forth. I hope that the trainees continue to study how to analyze the indicators like Apache log, which is needed for their CSIRT operations.

 

Img_2191

(Sparky at the training)

 

Subsequently, I gave a lecture on “Cybersecurity in Japan and JPCERT/CC”. Especially, I introduced the “Cyber Security Basic Act”, which was just approved by the Japanese Diet on November 6, 2014 to strengthen Japan’s cybersecurity measures. I also talked about the roles of JPCERT/CC as a technical CSIRT and a neutral organization. Some participants asked the reason why JPCERT/CC conducts the training in Africa. We answered that we hope to develop human resources not only for Africa but also for Japan itself under the global Internet space. ”Your security is my security” – it is important to pay attention to security capability of other stakeholders of the Internet in order to enhance the cybersecurity in a global level. I was personally happy that Dr. Nii Quaynor, “Father of African Internet” who has been supporting our activities from the beginning, seconded our point of view.

 

 

Friendship with the Security Community in Africa

Besides the trainings, we were able to build up a good relationship with the people of AfricaCERT. Sparky is already known in AfricaCERT community as one of the Board Members of FIRST.

 

On November 28, we were invited to the national event of Cybersecurity Day by Mauritian National Computer Security Incident Response Team (CERT-MU). We were so impressed by the cybersecurity policies implemented by Mauritius people.

 

We spent a significant week in Mauritius in supporting the AfricaCERT event. JPCERT/CC will keep in touch with them to maintain the peace and safety of the Internet in the global community. Therefore we are happy to work with not only AfricaCERT but any other National/Industry CSIRTs in this rapidly growing region.

 

If you have any inquiries on this topic or our CSIRT training programs, please contact us at “global-cc[at]jpcert.or.jp”.

 

Thank you for reading.

-        Toru Yamauchi

Jul 09, 2014

AfricaCERT Training in Djibouti

I am Toru Yamauchi, Research Director of JPCERT/CC.

JPCERT/CC has been contributing to CSIRT community in Africa since 2010 in order to enhance the global cybersecurity activity. In the rapid ICT development in Africa, it is getting important for African community to accelerate human resource development of cybersecurity and to establish the regional cooperation especially among National CSIRTs. I would like to introduce our recent on-site training program in Djibouti by my colleague Sparky (Koichiro Komiyama) and me, based on the collaboration with AfricaCERT.

 

Training courses as AfricaCERT Workshop, Djibouti

JPCERT/CC’s training program in Djibouti was conducted on May 29 and 30. It was a part of “AfricaCERT workshop”, which was one of the programs under Africa Internet Summit 2014 (AIS14) and AfNOG 2014.  

 

Dsc07938_5

 

AfricaCERT was established in 2012 as the African forum of computer emergency response teams. JPCERT/CC has been supporting their activities mainly in the CERT Training Course for Technical Staff. We have been conducting 9 training sessions since May 2010.

 

This time in Djibouti, we accommodated about 40 participants from 17 countries over the African region (Burkina Faso, Cameroon, Djibouti, DR Congo, Gambia, Ghana, Ivory Coast, Kenya, Malawi, Mauritius, Nigeria, Seychelles, Somalia, South Africa, Sudan, Tanzania and Zambia). Some people were from National CSIRTs under the governments. Other people were from universities and the private sector such as telecom companies.

We also supported TRANSITS training conducted by trainers from FIRST on May 26-28. The details are also on FIRST Web site. (http://www.first.org/newsroom/releases/20140604)

 

The result of the AfricaCERT workshop is reported by AfricaCERT’s Press Release as follows:

http://www.africacert.org/home/english-press-release/

 

In JPCERT/CC’s part, we had two modules as follows:

i) Introduction of cybersecurity in Japan, including JPCERT/CC’s activity

ii) Technical exercise on network forensic

 

Dsc07946_edit

Me speaking at the workshop

 

In the first session of the training course, I had a chance to speak about “Cybersecurity in Japan” for the participant’s reference of the policies of Japan which is not widely known outside of country. I talked about the history of internet, information security, and government’s policy on cybersecurity in Japan. The participants were so serious listening to my explanation. I was impressed by it, and I assumed that African people are eager to know the experiences in other region.

Subsequently, Sparky made a two-day network forensic exercise. He conducted hands-on training so that the participants would acquire the practical skills and capabilities which can be utilized when they go back to their home country. This session went quite successful - I assume that African people are fond of hands-on training rather than just listening to lectures. This discovery will help us arrange the next training contents in the African region.

Img_1390_edit

Sparky at the training

 

Mutual collaboration between AfricaCERT and JPCERT/CC

 

Besides the trainings, we were able to create a good relationship with the people of AfricaCERT. Sparky is already recognized in African community because of the trainings in the past four years. Sparky and I talked with the participants from many countries, and we made significant discussion. We were also invited to the meeting between the Government of Djibouti and AfricaCERT people on how to establish National CSIRT in Djibouti. Sparky made a brief presentation on CSIRTs culture and philosophy. I believe it helps participants to think about their National CSIRT in each country.

 

I would like to say African people were so competent and active for cybersecurity operation. I personally enjoyed the friendship with a lot of African people in this trip.

 

Finally, JPCERT/CC will continue to support the CSIRT community in Africa as well as keeping its close relationship with AfricaCERT, which we believe will stand on its feet in the near future, supported by the community in the region.   

 

If you have any inquiries on this topic or our CSIRT training program, please contact us at “global-cc[at]jpcert.or.jp”

 

Sunset on Djibouti Coast where I went to pick up some beautiful seashells

 

-        Toru Yamauchi

Aug 26, 2011

CSIRT in Africa, AfricaCERT

Hello this is Sparky and let me update JPCERT's activities in Africa since my last post "CSIRT Training for Africa".

Training course in Dar es Salaam, Tanzania

I have been to Africa twice this past year to provide training for future CSIRT managers and engineers. My second destination in Africa was Dar es Salaam, Tanzania.

A six day training course took place in conjunction with Afnog-12 from May 20 to June 4. JPCERT/CC board member Prof. Suguru Yamaguchi and I were given the opportunity to join the event as trainers. Together with 23 participants from 8 different countries, we’ve shared our skills and knowledge on CSIRT establishment in our country/company. I myself was in charge of giving a two day lecture on web application security. It seemed like the participants worked on the hands-on exercise with enthusiasm.

P6030251
Prof. Yamaguchi giving lecture

It is worth noting that about half of our entire program was conducted by African trainers themselves from Benin, Somalia, Senegal, etc. They all took part in the training as volunteers. They not only demonstrated their expertise in information security and CSIRT knowledge that they acquired through the previous trainings, but also moderated the discussion among the class. I think this made the training course interactive and fruitful.
As I wrote in my previous post "I also strongly believe that any CSIRT in Africa should be established by Africans themselves.", JPCERT/CC will keep on supporting African instructors to roll out CSIRT training in the region.

Dsc00088_2
Group photo

African CSIRT is about to take off

I also would like to introduce you two efforts that have been initiated:

Kenya Computer Incident Response Team (KE-CIRT): In July this year, CCK (The Communications Commission of Kenya) officially announced launch of CSIRT to help Kenyan internet users. You might also be interested in the fact that in Kenya, there are a few other efforts to create ISP CSIRT simultaneously. I hope they collaborate together to tackle the issues on cyber security.

AfricaCERT : Right after our CSIRT training in Tanzania, a BoF meeting was held to discuss about the feasibility of continent wide CSIRT, AfricaCERT. This exciting project is now open to comment on the project blueprint. Thus I encourage readers to respond to the request for comment. Thank you!

Lastly, I would particularly like to express my great appreciation to Dr Kilnam Chon of AAF and Afnog for the great opportunity.
All the trainees, thank you for your feedback and comments. We look forward to seeing you next time in Cameroon this November!

- Koichiro (Sparky) Komiyama

Nov 26, 2010

CSIRT Training for Africa

Hello, this is Koichiro "Sparky" Komiyama. I'm the manager of the Global Coordination Division in JPCERT/CC.  Our team's main missions are 1) to communicate with CSIRTs / Security groups in other countries, and 2) to help other countries / economies develop their own CSIRTs.  In this post I would like to introduce readers to one aspect of our CSIRT development work.

By the request by Dr Kilnam Chon, the leader of the Africa Asia Forum , JPCERT gave training for African engineers in Johannesburg, South Africa. It was a three day course held in conjunction with AfriNIC-13 from November 20 to 22.  JPCERT board member Professor Suguru Yamaguchi  and I attended as trainers.

Together with the class, we studied the wide range of technical topics which we think are valuable for engineers working at a CSIRT. It also included hands-on activities, with participants analyzing network traffic with Wireshark on their own.

Aaf_2

More than 25 people from all over Africa joined the course this time, exceeding our expectations.

There are several reasons we think it's important to help others forming CSIRTs.  Personally, I believe in the idea of "Your Security is My Security". In a borderless environment like the internet, we depend on other countries heavily for our own security.  Accordingly, to keep our internet safe, we have to help others keep safe too.  Due to rapid economic growth, African internet usage is expanding.  Africa needs new strategies to cope, CSIRTs being one of these.

I also strongly believe that any CSIRT in Africa should be established by Africans themselves. We may give them materials, support their own training course development, as well as any other support that we can provide, but still we are just supporters. In the past few days, I've talked to many participants and I'm very glad that they are very positive about establishing CSIRTs.  The challenge for the partnership between African teams and JPCERT/CC is not straightforward, however we are confident about its future.

We'll come back to Africa next year to provide training, incorporating the valuable feedback received from participants this time around.  See you all in Dar es Salaam next May.

I would particularly like to express my great appreciation to Dr Kilnam Chon from AAF and AfriNIC for the great opportunity.  I'd also like to thank the Japanese Ministry of Economy Trade and Industry(METI) for their continuous support. Last but not least, thanks to all the training participants - see you next time!

Sa_training_group