Loading…
FloCon 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training [clear filter]
Monday, January 7
 

8:30am EST

Morning Track I: How to Be An Analyst
Limited Capacity seats available

This two-session training covers basic skills necessary to be an effective cyber analyst. The central course focus is analytical acumen, or “how to think.” Framing the analysis, context and data gathering are discussed in the morning session, starting with an introduction to the analytic process. Microanalysis, macroanalysis, and reporting are discussed in the afternoon. The session will cover logical fallacies and awareness of assumptions and biases. Practical application of portions of the analytic process will be interspersed through both sessions, building around a scenario of a company at risk while conducting its business processes.

Speakers
avatar for Tim Shimeall

Tim Shimeall

Senior Member of the Technical Staff, CERT Division, Software Engineering Institute
The only person to make more than 10 consecutive appearances at FloCon, Tim Shimeall is a Senior Network Situational Awareness Analyst for the CERT Division of the Software Engineering Institute (SEI). Shimeall develops methods to support decision making in network security at and... Read More →
avatar for Timur Snoke

Timur Snoke

Sr. Network Defense Analyst, CERT Division - Software Engineering Institute
Timur Snoke is a member of the technical staff and the Situational Awareness team in SEI’s Monitoring and Response Directorate. His primary focus is identifying gaps in network security capabilities to support the research and development of new sources and methods for network... Read More →



Monday January 7, 2019 8:30am - 12:00pm EST
Grand Ballroom South 300 Bourbon St, New Orleans, LA 70130, USA

8:30am EST

Morning Track II: Suricata Training
Limited Capacity seats available

Suricata, the world’s leading IDS/IPS engine, provides the most versatile network security tool available today. Developed and maintained by a core team of developers and an open source community, Suricata is the “Swiss Army Knife” for network security monitoring. This training will demonstrate the latest in Suricata’s dynamic capabilities including:
  • Introduction to the newest version of Suricata
  • Suricata as a passive DNS probe
  • Suricata as an SSL monitor
  • Suricata as a malware detection probe
  • Suricata as a flow probe
  • And some exciting new features… 
At the completion of this training, attendees will gain a greater understanding of Suricata’s versatility and power. They will also have the unique opportunity to discuss any questions directly with members of the Suricata development team.

COURSE MATERIALS:
To help facilitate, we've created a training VM for use during the workshop. You can download this VM at the following URL:
URL: https://www.openinfosecfoundation.org/training/flocon2019/
User: SuricataFloCon
PW: BLAdqEcyy2bl0OAUJZVv

Please take the time to download the VM before the workshop and run it on the machine you plan to bring to training. This way, if you have any problems loading the VM, etc. we can hopefully troubleshoot it before the workshop so we can spend more time on the material! We will provide the uername/password to login at the beginning of the workshop.

Please bring with you:
- a laptop with virtualization software installed, such as VirtualBox or VMWare, and tested to be working. We'll be using a 64bit VM image.
- 2 vCPUs and 6GB RAM will be optimal for the VM.
- Ideally, you have root/admin rights on your laptop as well as access to your system BIOS.  While this is not strictly necessary, experience shows that it's helpful when trying to resolve VM issues, networking issue, etc.

Sincerely,
Suricata Training Team

Speakers
avatar for Eric Leblond

Eric Leblond

Developer, Open Information Security Foundation (OISF)
Eric Leblond is an active member of the security and open source communities.  He is a Netfilter Core Team member, working mainly on communications between the kernel and userland.  He has worked on the development of Suricata (the open source IDS/IPS network engine) since 2009... Read More →
avatar for Josh Stroschein

Josh Stroschein

Academic Liaison, Open Information Security Foundation (OISF)
Dr. Josh Stroschein serves as Academic Liaison and Trainer for The Open Information Security Foundation (OISF) in addition to his role as an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration... Read More →


Monday January 7, 2019 8:30am - 12:00pm EST
Grand Ballroom North 300 Bourbon St, New Orleans, LA 70130, USA

8:30am EST

Morning Track III: Bro Training
Limited Capacity seats available

Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.

This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.

Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.

Speakers
avatar for Liam Randall

Liam Randall

President, Critical Stack - A Division of Capital One
Liam Randall (@Hectaman) focuses on end-user training, application development, and community outreach. He is the CEO at Critical Stack, develops network solutions around the Bro Platform, and is a frequent speaker at security conferences. You can usually find him training users on... Read More →


Monday January 7, 2019 8:30am - 12:00pm EST
Acadia Suite 300 Bourbon St, New Orleans, LA 70130, USA

1:00pm EST

Afternoon Track I: How to Be An Analyst
Limited Capacity seats available

This two-session training covers basic skills necessary to be an effective cyber analyst. The central course focus is analytical acumen, or “how to think.” Framing the analysis, context and data gathering are discussed in the morning session, starting with an introduction to the analytic process. Microanalysis, macroanalysis, and reporting are discussed in the afternoon. The session will cover logical fallacies and awareness of assumptions and biases. Practical application of portions of the analytic process will be interspersed through both sessions, building around a scenario of a company at risk while conducting its business processes.

Speakers
avatar for Tim Shimeall

Tim Shimeall

Senior Member of the Technical Staff, CERT Division, Software Engineering Institute
The only person to make more than 10 consecutive appearances at FloCon, Tim Shimeall is a Senior Network Situational Awareness Analyst for the CERT Division of the Software Engineering Institute (SEI). Shimeall develops methods to support decision making in network security at and... Read More →
avatar for Timur Snoke

Timur Snoke

Sr. Network Defense Analyst, CERT Division - Software Engineering Institute
Timur Snoke is a member of the technical staff and the Situational Awareness team in SEI’s Monitoring and Response Directorate. His primary focus is identifying gaps in network security capabilities to support the research and development of new sources and methods for network... Read More →



Monday January 7, 2019 1:00pm - 4:30pm EST
Grand Ballroom South 300 Bourbon St, New Orleans, LA 70130, USA

1:00pm EST

Afternoon Track II: Threat Hunting with Suricata
Limited Capacity seats available

In "Threat Hunting with Suricata," we will teach various methods and techniques to aid in detecting and hunting for popular threats facing organizations today. This workshop will focus on writing efficient IDS rules for hunting and detecting threats, as well as discussing strategies around leveraging Suricata alerts in this context.

Attendees will gain invaluable insight into the techniques behind creating long-lasting, efficient rules for Suricata IDS. Lab exercises will train attendees on how to analyze and interpret hostile network traffic into agile IDS rules for detecting threats, including but not limited to: Exploit Kits, Ransomware, Phishing Attacks, Crimeware, Backdoors, Targeted Threats, and more. Attendees will leave the class armed with the knowledge of how to write quality Suricata IDS signatures for their environment, enhancing their organization’s ability to respond and detect threats.

COURSE MATERIALS:
To help facilitate, we've created a training VM for use during the workshop. You can download this VM at the following URL:
URL: https://www.openinfosecfoundation.org/training/flocon2019/
User: SuricataFloCon
PW: BLAdqEcyy2bl0OAUJZVv

Please take the time to download the VM before the workshop and run it on the machine you plan to bring to training. This way, if you have any problems loading the VM, etc. we can hopefully troubleshoot it before the workshop so we can spend more time on the material! We will provide the uername/password to login at the beginning of the workshop.

Please bring with you:
- a laptop with virtualization software installed, such as VirtualBox or VMWare, and tested to be working. We'll be using a 64bit VM image.
- 2 vCPUs and 6GB RAM will be optimal for the VM.
- Ideally, you have root/admin rights on your laptop as well as access to your system BIOS.  While this is not strictly necessary, experience shows that it's helpful when trying to resolve VM issues, networking issue, etc.

Sincerely,
Suricata Training Team

Speakers
avatar for Eric Leblond

Eric Leblond

Developer, Open Information Security Foundation (OISF)
Eric Leblond is an active member of the security and open source communities.  He is a Netfilter Core Team member, working mainly on communications between the kernel and userland.  He has worked on the development of Suricata (the open source IDS/IPS network engine) since 2009... Read More →
avatar for Josh Stroschein

Josh Stroschein

Academic Liaison, Open Information Security Foundation (OISF)
Dr. Josh Stroschein serves as Academic Liaison and Trainer for The Open Information Security Foundation (OISF) in addition to his role as an Assistant Professor at Dakota State University where he teaches malware analysis, software exploitation, reverse engineering, and penetration... Read More →


Monday January 7, 2019 1:00pm - 4:30pm EST
Grand Ballroom North 300 Bourbon St, New Orleans, LA 70130, USA

1:00pm EST

Afternoon Track III: Bro Training
Limited Capacity seats available

Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.

This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.

Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.

Speakers
avatar for Liam Randall

Liam Randall

President, Critical Stack - A Division of Capital One
Liam Randall (@Hectaman) focuses on end-user training, application development, and community outreach. He is the CEO at Critical Stack, develops network solutions around the Bro Platform, and is a frequent speaker at security conferences. You can usually find him training users on... Read More →


Monday January 7, 2019 1:00pm - 4:30pm EST
Acadia Suite 300 Bourbon St, New Orleans, LA 70130, USA