Introduction to Practical Network Signature Development for Open Source IDS...

Introduction to Practical Network Signature Development for Open Source IDS

Instructor - Jack Mott, Jason Williams

Pre-Requisites - Familiarity with TCP/IP, familiarity with packet analysis tools (Wireshark, etc), Basic Malware Analysis fundamentals.

Abstract - "In "Introduction to Practical Network Signature Development for Open Source IDS" we will teach expert methods and techniques for writing network signatures to efficiently detect the greatest threats facing organizations today. This class is designed for an analyst who spends their days investigating and responding to network IDS alerts and has something everyone can take back with them-- entry level or expert. Students will gain invaluable information and knowledge including usage, theory, malware traffic analysis fundamentals, and enhanced signature writing, for Open Source IDS such as Suricata and Snort. Student will be given handouts to help them develop and read with IDS signatures. Lab exercises will train students how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware Backdoors, Targeted Threats, and more. Students will leave the class armed with the knowledge of how to write quality IDS signatures for their environment, enhancing their organization's ability to respond and detect threats.

Required materials - Nothing required, but if the student wishes, they may bring a computer capable of analyzing PCAPs and running Snort or Suricata to follow along with the presentation. Labs are provided for after class / take home practice.