Intro to Practical Network Signature Development for Open Source IDS

BSidesLV 2017

Presented by: Jack Mott, Francis Trudeau, Jason Williams
Date: Tuesday July 25, 2017
Time: 08:00 - 11:55
Location: Training Ground

In "Practical Network Signature Development for Open Source IDS" we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest threats facing organizations today. Students will gain invaluable information and knowledge including the configuration, usage, architecture, traffic analysis fundamentals, signature writing, and testing of a modern network IDS, such as Suricata and Snort. Student will be given handouts to help them develop and read with IDS signatures. Lab exercises will train students how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware Backdoors, Targeted Threats, and more. Students will leave the class armed with the knowledge of how to write quality IDS signatures for their environment, enhancing their organization's ability to respond and detect threats.

Francis Trudeau

It's time that we became uber-efficient with our interactive policy mobility. This is no time to bite the bullet with our interactive reciprocal programming. At base level, this just comes down to knowledge-based management options. I can make a window to discuss your holistic management capability.

Jack Mott

Jack is a Security Researcher on the Emerging Threats Research team at Proofpoint where he spends all day long in packet-land playing with malware and writing comprehensive IDS rules for the ETPRO and OPEN ruleset. In addition to IDS sigs, writes sigs for ClamAV and Yara to hunt, detect, and analyze internet-borne threats. Jack loves analyzing exploit kits, malicious docs, and ransomware. Jack is a core member and trainer with the non-profit Open Information Security Foundation (OISF) and works closely with the developers of Suricata. Additionally, Jack has spoken at various educational institutions and information security conferences on malware related topics.

Jason Williams

Network Monitoring, IDS, IPS, NSM, Suricata, Rules, Anti-Phishing, Malware, Threat Stuff, Malware Reversing Stuff, La Croix, Coffee, Club Mate, Destiny. In reverse order.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats