Swineocalypse Now: From Spl0it to Snort Detection in Minutes

Presented at Summercon 2009, June 6, 2009, 3 p.m. (60 minutes).

WORKSHOP The Snort intrusion prevention and detection system is the world's most widely-deployed IDS/IPS. In addition, it is free (as in speech, not beer)! One of Snort's strengths is its ability to describe powerful detection logic in a high-level rules language. In this workshop we'll start with the basics of Snort rule writing and work our way into advanced topics such as preprocessor normalization and decoding, resistance to evasion techniques, detection of web application attacks, and the creation of Snort Dynamic Rules (i.e., shared object rules). PREREQUISITES A VMware Server v1.x image will be provided to attendees of the workshop. The provided VMware image includes the latest stable release of Snort running on a minimal CentOS Linux platform. Attendees who wish to use the VMware image should come prepared with their own computer and a compatible installation of VMware Server (free as in beer), VMware Workstation, or VMware Player (free as in beer). VMware Server http://www.vmware.com/products/server/ VMware Player http://www.vmware.com/products/player/

Presenters:

  • PBR90X
    Genetically engineered in a secret lab deep beneath Stone Mountain, the man code named PBR90X was endowed with a superhuman intellect and a metabolism dependent on Pabst Blue Ribbon lager and Jim Beam bourbon. Trained by the Company from childhood in elite cyber warfare techniques, PBR90X later assumed the identity of a mild-mannered software engineer and security researcher. He currently directs the research operations of a leading security services provider.

Similar Presentations: