Presented at
ShmooCon IX (2013),
Unknown date/time
(Unknown duration).
Moloch is a highly scalable and open source full packet capture system that has just been published to the world in October of 2012 (http://github.com/aol/moloch). Moloch has the ability to parse and index billions of network sessions to provide an extremely fast and easy to use web application for navigating large collections of PCAP based on IP/GeoIP/ASN/hostname/URL/filetype and more. It can capture from the wire live for use as a network forensics tool to investigate compromises. Moloch also serves as a great way for searching and interacting with large PCAP repositories for research (malware traffic, exploit/scanning traffic). Moloch's web API also makes it extremely easy to integrate with existing SEIM's or other alerting tools/consoles to help speed up analysis.
Presenters:
-
Andy Wick
Andy Wick and Eoin Miller are members of AOL's Computer Emergency Response Team. Andy Wick has more than 15 years of development experience at AOL. He has recently come into the CERT group and has begun developing tools for defense and forensics. Eoin Miller specializes in using IDS and full packet capture systems to identify drive by exploit kits and the traffic that feeds them (malvertising in particular). He regularly contributes the developed signatures to EmergingThreats/OISF and other groups.
-
Eoin Miller
Andy Wick and Eoin Miller are members of AOL's Computer Emergency Response Team. Andy Wick has more than 15 years of development experience at AOL. He has recently come into the CERT group and has begun developing tools for defense and forensics. Eoin Miller specializes in using IDS and full packet capture systems to identify drive by exploit kits and the traffic that feeds them (malvertising in particular). He regularly contributes the developed signatures to EmergingThreats/OISF and other groups.
Links:
Similar Presentations: