Workshop: "Bro: The IDS that should have had a new name by now"
Friday November 9th 2018 6:00 pm – 9:00 pm
Bro: The IDS that should have had a new name by now
Instructor: Andrew Beard
Duration: 3 Hours
Bro is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start. Students will learn:
How Bro differs from other open-source IDS projects like Snort and Suricata
The basic capabilities Bro provides “out of the box”
How Bro can be extended to fit in their environment
An introduction to the why and how of Bro scripting
The workshop will contain multiple labs where students will analyze and process packet captures using Bro in a virtualized environment. Bringing a laptop with VMware Workstation or Fusion (free trial is fine) is highly recommended, as an OVA of the environment will be available for students to use. A Docker image will also be made available for those optimistic enough to depend on the conference wifi.
Laptop with administrator access
About the Instructor:
Andrew Beard is a Software Architect for Arbor Networks’ ASERT threat research team. He holds a B.S. in Computer Engineering from the University of Maryland, College Park, with a minor in Dance Dance Revolution. Andrew has never been to Charleston before, but was convinced to drive six hours from Roanoke, Virginia with the promise of really good barbeque. He is often accused of being Gordon Freeman's evil twin and insists that no one is too old to own action figures.