Description: Liam Randall
Bro is a stateful, protocol aware open source high speed network monitor with applications as a next generation intrusion detection system, real time network discovery tool, historical network analysis tool, real time network intelligence, and dynamic active response. Originally developed by Vern Paxson, he now leads the core team of developers/researchers at both the International Computer Science Institute in Berkeley, CA and the National Center for Supercomputing Applications in Urbana-Champaign, IL.
Bro provides a security team with logs of highly structured data about their network, a turing complete scripting language through which they can interact with real time stateful network events, and flexible open interfaces through which Bro can be programmed. Pragmatically able to interface with the entire network stack Bro includes support for IPv6, tunneled traffic, SSL and more. In this presentation we present multiple case studies and are releasing their corresponding Bro scripts with source.
Bro Introduction: Overview of Events and Logs
Beyond signature based IDS; utilizing Bro as a programmatic network monitor to detect events
Real time passive network service discovery with Bro on complex traffic links (MPLS/IPv4/ IPv6)
Brotego: a Bro/Maltego integration for incident response and network analysis
Liam was working in Information Technology long before it was hip to be in tech. After earning his CS degree he has worked as network administrator on some very large networks in both the public and private sectors. He has spent the last few years auditing, training and setting up internal security teams dealing with myriad of compliance, regulatory and technical issues primarily in the banking, telecommunications, and education sectors.
In his free time Liam volunteers on a number of open source projects, running CTFs, and produces of large variety of spirits.
For more information, please visit : - https://www.shmoocon.org/
Tags: securitytube , hacking , hackers , information security , convention , computer security , shmoocon13 , shmoocon-2013 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.