Description: https://www.defcon.org/images/defcon-16/dc16-presentations/dc-16-feinstein.pdf Snort has become a standard component of many IT security environments. Snort is mature and widely deployed, and is no longer viewed as new or exciting by the industry. However, with such widespread deployment, enhancing Snort.s capabilities offers the potential for a large and immediate impact. Instead of chasing the industry.s new-hotness of the day, it frequently makes more sense to add new capabilities to an existing security control.
With this in mind, the author set out to implement new and innovative capabilities in the form of GPL-licensed Snort plug-ins. The author will introduce the Snort plug-in architecture and the relevant APIs used when implementing extensions to Snort. Lessons learned and pitfalls to avoid when developing Snort plug-ins will be covered. Some interesting code snippets will be discussed. Ideas for future work in the area of Snort extensions will be presented.
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 16 , Defcon 16 , dc-16 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.