November 24 – 25: Forum of Incident Response and Security Teams – Transits I training

Course Summary

The CSIRT training course aims to develop the knowledge and skills that are needed by staff who are members of a Computer Security Incident Response Team, who will join such a team, or who are involved in creating such a team.

Trainees are typically experienced system, network or IT managers. (Interested persons from other backgrounds are welcome to contact the organizers to discuss the suitability of the course for them). They are expected to have an awareness of the security issues involved in connecting computers to the Internet. They must be committed to using their skills to improve the security of computers and networks. For the technical side of the course, familiarity with the normal operation of TCP/IP networks, addresses, port numbers and protocols will be assumed.
The following modules are covered:

CSIRT Organization
Describes how CSIRTs fit into their organizations: planning the CSIRT, defining the constituency of the team and gaining management authority for it, deciding the services the team will offer, working with those outside the organization, staffing the CSIRT, funding. Students will discuss their own organization and how their team fits into it.

Technical Introduction
A basic introduction to the main attack vectors that malicious parties use to attack systems: intruders and their motivations, botnets, network protocols and how they can be abused, operating systems and services, types of vulnerability, information gathering, breaking in, hiding traces, denial-of-service attacks.

CSIRT Operations
Describes the facilities, systems and tools needed by CSIRTs to operate successfully: housing the CSIRT, equipment, e-mail, remote access, information and contacts, servers and networks, incident response plans and procedures, tracking systems. As an exercise students will discuss and develop incident response plans for their own teams.

Legal Issues
A high level overview of the areas of legislation that are likely to affect CSIRTs in their work and that team members need to be aware of: origins of computer legislation, problems, data protection, computer misuse, working with law enforcement, monitoring, evidence.

How to Apply:

In order for your application to be processed efficiently, we request that you send your application to project(at) with:
– in the subject : africacert V – Forum of Incident Response and Security Teams Training.
– providing the information specified below:

*** Full Name, address and short description (maximum 200 words) of the organization by which the applicant is employed.

Note: It is very important that you provide us with your personal institutional email address and not a generic one or an online service.
This is to ensure good communications and to verify the validity of the application.

*** Name, job title, postal address, phone and fax number and e-mail address of the person at management level within this organization who supports the application and can provide more information about the applicant.

*** Team Information (if team in operation); contact information and Charter according to RFC 2350 – (

Applications will be accepted on a FIRST-COME-FIRST-SERVED basis.

Selection criteria will include the education and experience of the applicants, the contribution that they will be able to make to the overall security of the Internet. The workshop organizers may ask advice on the applications from the managers of the applicants and from appropriate members of the African Internet community.

November 26 – APday: Training with JPCERT and KrCERT
This is one day training course on Network Monitoring and Traffic Analysis (Advanced)

CSIRT training for technical staff: advanced network monitoring


This is a one day workshop focusing on Network Monitoring and Traffic Analysisy.


Network Monitoring and Traffic Analysis (Advanced)


Network monitoring is one of the ways to understand what is happening within the network. This session will cover the basic knowledge of network monitoring and issues that we should know (Ex: legal issues, privacy issues, encryption, covert channel, etc.). This training course provide participants hands-on experience on analyzing traffic generated by malware, botnet and other malicious tools.

November 27 – AfricaCERT Cybersecurity Day. (Hosted by CICERT)

08:00–09:00 Registration
09:00–12:30 Morning Session
9:00 – 10:30 Session 1: Opening
Dr Nii Quaynor Welcome Address – AfricaCERT Update
M. Jean Robert Hountomey – AfricaCERT Update
M. Koichiro Komiyama Toward global recognition (JPCERT) – AfricaCERT Report 2013
Ms. Jinsook Kim (KISA/KrCERT) – Introduction of Kisa
M. Benoit Morel The Cyber threat: the most complex threat against modern societies what can we do about it? A role for AfricaCERT
10:30–11h Coffee Break
11h – 12:30 Session 2
Dr. Samir Abdel Gawad (EGCERT) – A Real Time Approach for malicious detection
M. Mouhamed Diop (AfriRegister / Kheweul) – AfriRegister & AfricaCERT: Partnership for a common Agenda
M. Valdes Nzali – Collaboration Between Infosec Community and CERT Teams Project Sonar case
M. Jacques Houngbo – AfricaCERT Membership Model
12:30 – 13:30 Lunch Break
13:30 – 15:00 Session 3:
Me A. CISSE – La lutte contre la cybercriminalité: textes et pratiques au Senegal
Colonel F. Ouedraogo – Le Burkina-Faso et la lutte contre la cybercriminalité : expériences et perspectives
Lt de Police Papa Gueye – L’Intervention policière dans la lutte contre la cybercriminalité au Sénégal, une expérience de terrain »,
M. Ernest Bokar – Pesentation du CICERT
15:00 – 15:30 Cofee Break
15:30 – 17:00 Session 4
M. Jean Robert Hountomey – FIRST Presentation
M. David Crochemore – Presentation de l’ANSSI France
M. Abdul-Hakeem Ajijola – OIC-CERT Presentation
M. Abdul-Hakeem Ajijola – Computer Emergency Readiness and Response (CERRT) in ng Panel AfricaCERT Way forwards and Open Discussions