Introduction to Bro Network Security Monitor

Register for workshop

Registration opens on 26th February, 9pm

Open Registration

Infos

Start: 2018-04-08 11:00
End: 2018-04-08 13:00
Location: Walter-Gropius-Straße 5, 80807 München

Abstract

Bro is an open-source Network Security Monitor (NSM) and analytics platform. Even though it has been around since the mid 90’s, its main user base was primarily universities, research labs and supercomputing centers. In the past few years however, more and more security professionals in the industry turned their attention to this powerful tool, as it runs on commodity hardware, thus providing a low-cost alternative to commercial solutions.

At its core, Bro inspects traffic and creates extensive set of well-structured, tab-separated log files that record a network’s activity. Nonetheless, Bro is a lot more than just a traditional signature-based IDS. While it supports such standard functionality as well, Bro’s scripting language allows security analysts to perform arbitrary analysis tasks such as extracting files from sessions, detecting malware by interfacing with external source, detecting brute-forcing, etc. It comes with a large set of pre-built standard libraries, just like Python.

Overview

During this two-hour workshop, we will learn about Bro’s capabilities and cover the following topics:

  • Introduction to Bro
  • Bro architecture
  • Bro events and logs
  • Bro signatures
  • Bro scripting
  • Bro and ELK

Requirements:

  • A laptop with at least 8 GB of RAM and more than 30 GB of free disk space
  • VMWare Workstation or VMWare Player installed

Eva Szilagyi

Eva Szilagyi is managing partner and CEO of Alzette Information Security, a consulting company based in Luxembourg. She has more than 8 years of professional experience in penetration testing, security source code review, digital forensics, IT auditing, telecommunication networks and security research. Previously, she was working for companies like Vodafone Hungary, Ernst & Young Hungary and Deloitte Luxembourg.

Eva has master’s degrees in electrical engineering and in networks and telecommunication. She holds several IT security certifications such as GSEC, GICSP, GSSP-JAVA, GWAPT, GMOB, eWPT and eJPT. Eva is member of the organizer team of BSidesLuxembourg.

 

David Szili

David Szili is managing partner and CTO of Alzette Information Security, a consulting company based in Luxembourg. He has more than 8 years of professional experience in penetration testing, red teaming, vulnerability assessment, vulnerability management, security monitoring, security architecture design, incident response, digital forensics and software development. Previously, he was working for companies like POST Telecom PSF Luxembourg, Dimension Data Luxembourg, Deloitte Hungary, and Balabit.

David has master’s degrees in computer engineering and in networks and telecommunication and a bachelor’s degree in electrical engineering. He holds several IT security certifications such as GSEC, GCED, GCIA, GCIH, GMON, GNFA, GMOB, OSCP, OSWP and CEH. David speaks on a regular basis at international conferences like Hack.lu, BruCON, Hacktivity, Nuit du Hack, BSidesBUD, BSidesLjubljana and he is member of the organizer team of BSidesLuxembourg. He blogs about information security at jumpespjump.blogspot.com.

In his spare time, David likes to work on hobby electronics projects, develop new IT security tools or hone his skills with CTFs and bug bounty programs.