Workshop: "Bro: The IDS that should have had a new name by now"

Bro: The IDS that should have had a new name by now

Instructor: Andrew Beard

Duration: 3 Hours

Bro is gaining a significant amount of buzz in the community, but for those interested it can be difficult to figure out where to start. Students will learn:

• How Bro differs from other open-source IDS projects like Snort and Suricata

• The basic capabilities Bro provides “out of the box”

• How Bro can be extended to fit in their environment

• An introduction to the why and how of Bro scripting

The workshop will contain multiple labs where students will analyze and process packet captures using Bro in a virtualized environment. Bringing a laptop with VMware Workstation or Fusion (free trial is fine) is highly recommended, as an OVA of the environment will be available for students to use. A Docker image will also be made available for those optimistic enough to depend on the conference wifi.

Requirements:

• Laptop with administrator access

• VMware

About the Instructor:

Andrew Beard is a Software Architect for Arbor Networks’ ASERT threat research team. He holds a B.S. in Computer Engineering from the University of Maryland, College Park, with a minor in Dance Dance Revolution. Andrew has never been to Charleston before, but was convinced to drive six hours from Roanoke, Virginia with the promise of really good barbeque. He is often accused of being Gordon Freeman's evil twin and insists that no one is too old to own action figures.