FloCon 2019 has ended
Back To Schedule
Monday, January 7 • 1:00pm - 4:30pm
Afternoon Track II: Threat Hunting with Suricata LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

In "Threat Hunting with Suricata," we will teach various methods and techniques to aid in detecting and hunting for popular threats facing organizations today. This workshop will focus on writing efficient IDS rules for hunting and detecting threats, as well as discussing strategies around leveraging Suricata alerts in this context.

Attendees will gain invaluable insight into the techniques behind creating long-lasting, efficient rules for Suricata IDS. Lab exercises will train attendees on how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware, Backdoors, Targeted Threats, and more. Attendees will leave the class armed with the knowledge of how to write quality Suricata IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats.

To help facilitate, we've created a training VM for use during the workshop. You can download this VM at the following URL:
URL: https://www.openinfosecfoundation.org/training/flocon2019/
User: SuricataFloCon
PW: BLAdqEcyy2bl0OAUJZVv

Please take the time to download the VM before the workshop and run it on the machine you plan to bring to training. This way, if you have any problems loading the VM, etc. we can hopefully troubleshoot it before the workshop so we can spend more time on the material! We will provide the uername/password to login at the beginning of the workshop.

Please bring with you:
- a laptop with virtualization software installed, such as VirtualBox or VMWare, and tested to be working. We'll be using a 64bit VM image.
- 2 vCPUs and 6GB RAM will be optimal for the VM.
- Ideally, you have root/admin rights on your laptop as well as access to your system BIOS.  While this is not strictly necessary, experience shows that it's helpful when trying to resolve VM issues, networking issue, etc.

Suricata Training Team

avatar for Eric Leblond

Eric Leblond

Developer, Open Information Security Foundation (OISF)
Eric Leblond is an active member of the security and open source communities.  He is a Netfilter Core Team member, working mainly on communications between the kernel and userland.  He has worked on the development of Suricata (the open source IDS/IPS network engine) since 2009... Read More →
avatar for Josh Stroschein

Josh Stroschein

Academic Liaison, Open Information Security Foundation (OISF)
Dr. Josh Stroschein serves as Academic Liaison and Trainer for The Open Information Security Foundation (OISF) in addition to his role as an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration... Read More →

Monday January 7, 2019 1:00pm - 4:30pm EST
Grand Ballroom North 300 Bourbon St, New Orleans, LA 70130, USA