This two session training covers basic skills necessary to be an effective cyber analyst. Analytic acumen or “how to think” is the topic for the morning session. This session will focus on the underlying analytical skillset. The session will start with an introduction to the analytic process and then cover logical fallacies and awareness of assumptions and biases. Practical application of portions of the analytic process will be the topic of the afternoon session. Here we will step into the shoes of Alex Smith, a SOC team lead for ACME Corporation, as he encounters a number of challenging situations. In each situation, you will dictate what actions Alex takes. These decisions have consequences as their outcomes could save or doom ACME Corporation.
Suricata, the world’s leading IDS/IPS engine, provides the most versatile network security tool available today. Developed and maintained by a core team of developers and an open source community, Suricata is the “Swiss Army Knife” for network security monitoring. This training will demonstrate the latest in Suricata’s dynamic capabilities including:
At the completion of this training, attendees will gain a greater understanding of Suricata’s versatility and power. They will also have the unique opportunity to discuss any questions directly with members of the Suricata development team.
Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.
This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.
Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.
This two session training covers basic skills necessary to be an effective cyber analyst. Analytic acumen or “how to think” is the topic for the morning session. This session will focus on the underlying analytical skillset. The session will start with an introduction to the analytic process and then cover logical fallacies and awareness of assumptions and biases. Practical application of portions of the analytic process will be the topic of the afternoon session. Here we will step into the shoes of Alex Smith, a SOC team lead for ACME Corporation, as he encounters a number of challenging situations. In each situation, you will dictate what actions Alex takes. These decisions have consequences as their outcomes could save or doom ACME Corporation.
In "Threat Hunting with Suricata" we will teach various methods and techniques to aid in detecting and hunting for popular threats facing organizations today. This workshop will focus on writing efficient IDS rules for hunting and detecting threats, as well as discussing strategies around leveraging Suricata alerts in this context.
Attendees will gain invaluable insight into the techniques behind creating long lasting efficient rules for Suricata IDS. Lab exercises will train attendees how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware, Backdoors, Targeted Threats, and more. Attendees will leave the class armed with the knowledge of how to write quality Suricata IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats.
Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.
This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.
Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.
