BroIDS Crash Course

Presented at BSidesDC 2014, Oct. 19, 2014, 10 a.m. (240 minutes)

Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and more. With a powerful event based programming language at the core the Bro Platform ships with powerful frameworks- signature detection, the ability to extract and analyze files, capability to integrate massive amounts of local and external intel all at incredibly high rates. Using a hands on approach and by replaying dozens of pcaps through Bro we will focus on equipping attendees with real world practical skills they can immediately take back to their organizations. This four hour crash course will equip attendees with the practical knowledge they need to install, administrate, and customize Bro for their specific use; while we will focus on using the built in features of Bro, we will also briefly cover the programming model.

Attendees should have a working knowledge of both TCP/IP and a basic familiarity with a Linux shell. They should come prepared with an x86 based machine capable of running a provided VirtualBox x64 bit VM; Windows, Linux or Mac machines should all work just fine.


Presenters:

  • Liam Randall
    Liam Randall is a long-time security consultant, trainer, and open-source contributor. As a member of the Bro core development team he frequently speaks and consults on advanced high speed network intrusion detection systems. He has spoken at Shmoocon 2013, NoVA Hackers, the Bro Exchange, and has been a feature guest on shows such as PaulDotCom. He currently resides in Cincinnati, OH with his beautiful wife and two kids; they expect to release another minor version (1.13) on 9/30/2012. Liam is presently employed as the managing partner of Broala, the Bro consulting company. His new book, "Applied NSM" (http://www.appliednsm.com) will be published this fall by Syngress Press.

Links:

Similar Presentations: