Tag Archive | training

Suricata Hosting Two Training Sessions at SharkFest’20 US

Mark your calendars! This July, Suricata will be in Kansas City, MO at SharkFest’20 US, hosting two intense, 90 minute crash courses on intrusion analysis/threat hunting and signature development.

The first training, Practical Signature Development for Open Source IDS, focuses on expert methods and techniques for writing network signatures to efficiently hunt and detect the greatest and most common threats facing organizations today. In addition to Suricata, we’ll utilize leading open source security tools, specifically WireShark, to teach traffic analysis fundamentals, custom signature writing and how to test your signatures for accuracy and performance.

Suricata experts with real-world experience in customizing and tailoring the solution to identify and hunt threats will equip you with the ability to analyze and interpret hostile network traffic to create agile rules for detection and mitigation.

Attendees of the second session, Intrusion Analysis and Threat Hunting with Suricata, will learn how to dig deep into network traffic to uncover key evidence of a compromise has occurred, identify new forms of attack and develop the skills necessary to proactively search for Indicators of Compromise and evidence of new breaches. The course will also explore key phases of adversary tactics and techniques from delivery mechanisms to post-infection traffic and data exfiltration, offering a true hands-on analysis experience.

Join us at SharkFest’20 US and maximize your open-source capabilities with Suricata.

For more information on the conference, visit https://sharkfestus.wireshark.org/

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat Asia

Due to concerns surrounding the COVID-19 virus, BlackHat Asia has rescheduled the conference to Sept 29 – Oct 2, 2020. We’re excited to announce that OISF will be at the Marina Bay Sands in Singapore this September/October for Black Hat Asia, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on Sept 29 – Oct 2, 2020 at Black Hat Singapore and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/asia-20/training/schedule/index.html#intrusion-analysis-and-threat-hunting-with-open-source-tools-18067

Early-bird pricing ends July 24th – we hope to see you in Singapore!

Trainers: Members of the OISF team

OISF/Suricata to Offer Intrusion Detection and Threat Hunting Training Course at Black Hat USA

We’re excited to announce that OISF will be at the Mandalay Bay in Las Vegas this August for Black Hat USA, with our experts hosting a four-day power training on Intrusion Detection and Threat Hunting with Open Source Tools.

Our goal with this training is to help attendees build a foundation for an effective threat hunting program, as well as provide ideas and strategies to help increase the efficiency of existing programs. When it comes to detecting threat actors and malware operations, you can’t leave stones unturned.

If you’re a beginner in the open source space looking to mature your skills, this comprehensive training is a can’t-miss. Join us on August 1-4 at Black Hat USA and take your threat hunting capabilities to the next level. For more details on the session, check out the training page on Black Hat’s website – https://www.blackhat.com/us-20/training/schedule/#intrusion-analysis-and-threat-hunting-with-open-source-tools-19091

This course will cover the fundamental aspects of Suricata such as rule comprehension, managing rule sets, validating alerts, working through false positives/negatives and customizing rules to provide more network traffic visibility. We’ll dive into an in-depth analysis of network traffic and the development of threat hunting strategies to detect anomalous or malicious activity with tools such as Moloch, Kibana and CyberChef. Additionally, we’ll have several hands-on, real-world exercises to reinforce the detection techniques and tactics explained throughout the course.

Early bird pricing for the training ends on May 22, so act fast!

BlackHat USA August 2020

Trainers: Members of the OISF team

Webinar – Enhancing Your Cuckoo Sandbox with Suricata: Installation and Configuration

The Cuckoo Sandbox has become one of the most popular open-source frameworks for the automation of malware analysis. One of the many benefits of Cuckoo is the ability to expand its capabilities through additional services and tools, such as Suricata. In this webinar, we will walk you through how to get Suricata up and running in a Cuckoo sandbox to get better network traffic analysis. This webinar will begin from a base installation of Cuckoo and show you how to install Suricata, configure Cuckoo to utilize Suricata as a post-processing module and how to update your initial rule set. We will also explore more advanced Suricata setup options to help with performance such as interacting through a unix socket. By the end of this workshop you will be able leverage Suricata’s IDS alerts to help with your malware analysis workflow.

Cuckoo network analysis enriched with Suricata IDS alerts

This is a free webinar but seats are limited. To sign-up, go to https://zoom.us/meeting/register/v5UtceihrzosujnYxCGEhLRCbNdofG2nzQ

Presented by: Josh Stroschein

Announcing the first Suricata User Conference in Barcelona

oisf-barcelonaWe are excited to announce our first annual OISF / Suricata User Conference happening this November in Barcelona, Spain!

Join us for an exciting two days of Suricata and IDS/IPS development talks, brainstorming sessions, and amazing speakers. You can also attend a 2-day Suricata training event prior to the conference to make it a full-week of learning!

The conference is FREE and open to the public – however, we ask that people register via our events website so we can ensure to accommodate everyone in regards to space and lunches. Visit: http://www.oisfevents.net.

NOTE: the 2-day Suricata training during this week is a paid event and space will fill up – so register at https://suricata-2day-barcelona.eventbrite.com

We look forward to seeing you there! As always if you have questions, contact us at info@oisf.net.

The OISF Team

5-Day Suricata Developer Training

A short time ago we announced the first edition of the Suricata Developer training. I thought it be a good time to explain what we have in mind.

First, we’re planning to make this an annual event. I’m very excited about this. It should be great fun to have a week of development related discussions. I’m sure we can all learn a great deal, and share lots of ideas. Of course the social part is a nice addition.

Also, this is a great “stick behind the door” (as we’d say in Dutch) to finally get some much needed dev docs done, including architecture overview diagrams, etc.
What will we be teaching:

  1. General Suricata development basics: everything from git, how to QA, unittests, debugging, etc.
  2. Architecture overview
    1. API’s
    2. threading
    3. packets, flows, detection and output
  3. Extending Suricata — the beef of the training:
    1. packet decoders and detection plugins
    2. app layer protocol detection, parsing, state keeping
    3. app layer detection engine integration
    4. adding logging modules

Structure

Each day will start with lectures on each of the topics. You will get an overview of the API, learn about performance aspects, how threading comes into play, etc.

After this there will be assignments/challenges to apply the newly learned skills. This should be very interactive with lots of room for questions and discussions. We’ll be providing various assignments for multiple skill levels.

Teachers

From OISF we will have lead developer Victor Julien, core developers Eric Leblond and Jason Ish in the room to give the lectures and help answer questions. Also present to assist in general Suricata related questions: Matt Jonkman and Peter Manev.

Participants

So who is this for? We target people who what to learn how to extend Suricata. If you want to add protocols, detection options or maybe new output methods, then this is for you. Or maybe you want to be a ‘core’ developer on Suricata. Then this would be an excellent start of getting into it.

Skill-set:
– advanced C experience
– Linux Experience
– Network / Security Experience
– Basic Suricata End User Experience
=> for testing your code

If you’re not yet experienced with running Suricata, we would like to suggest attending a user training first. If you book your dev seat first hit us up for discount code on one of the training sessions. We’re planning one in Europe before summer, exact date and location is to be announced.

Money

We’ll be charging for the trainings. The revenue is used to cover the cost of the event itself (travel, hotels, etc). Whats left goes into the foundations general development budget. So by attending the training you will support Suricata’s development.

Location

This first edition is generously hosted by Napatech in Copenhagen, Denmark.
If you want to book, please do so through this Eventbrite link:
https://www.eventbrite.com/e/5-day-suricata-developer-training-in-copenhagen-denmark-open-to-the-public-tickets-15667305332
Questions and general feedback and thoughts are welcome!

Get Trained January 26 and 27 in San Jose, CA!

Join us for this dynamic, hands-on, 2-day Suricata training event! Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s development team.

This training session will take place on January 26 and 27 at the Tilera HQ in San Jose, CA. It will be given by Suricata expert Peter Manev, and OISF president and Emerging Threats CTO Matt Jonkman.

Some of topics that will be covered over the course of the 2-days include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Advanced Tuning
  • Integration with Other Tools

You can register through eventbrite here. More info on the Suricata Training Program can be found here.

This event is generously hosted by our long time supporters: Tilera.

tilera_logo_pms361_plain

We hope to see you there!

Get Trained at DeepSec in Vienna

DeepSecLogoJoin us for this dynamic, hands-on, 2-day training session. Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s lead developers.

This training session will take place on November 18 and 19 at the DeepSec conference in Vienna . It will be given by Suricata lead developer Victor Julien, OISF president and Emerging Threats CTO Matt Jonkman, Suricata developer Eric Leblond and Suricata expert Peter Manev.

Some of topics that will be covered at this course include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Integration with Other Tools

You can register at the DeepSec conference registration page here.

More info on the Suricata Training Program can be found here.

We hope to see you there!

Get Trained at Hack.lu in Luxembourg

Join us for this dynamic, hands-on, full day  Suricata workshop! Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s lead developers.

This workshop will take place on October 20 in the conference hotel of the excellent Hack.lu conference. It will be given by Suricata lead developer Victor Julien, Suricata developer Eric Leblond and Suricata expert Peter Manev.

Some of topics that will be covered at this course include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Integration with Other Tools

You can register through eventbrite here: https://www.eventbrite.com/e/suricata-workshop-hacklu-tickets-13329929177240pxlogohacklu2014.

More info on the Suricata Training Program can be found here.

This event is generously hosted by our friends from Hack.lu.

A registration / ticket for the Hack.lu conference is NOT required for this event. Of course, we do highly recommend the conference!

We hope to see you there!

Get Trained in Amsterdam!

Join us for this dynamic, hands-on, 2-day Suricata training event! Developers and security professionals will walk-away with not only a greater proficiency in Suricata’s core technology; but will have the unique opportunity to bring questions, challenges, and new ideas directly to Suricata’s lead developers.

This training session will take place on October 13 and 14 in down town Amsterdam. It will be given by Suricata lead developer Victor Julien, and OISF president and Emerging Threats CTO Matt Jonkman.

Some of topics that will be covered over the course of the 2-days include:

  • Compiling, Installing, and Configuring Suricata
  • Performance Factors, Rules and Rulesets
  • Capture Methods and Performance
  • Event / Data Outputs and Capture Hardware
  • Troubleshooting Common Problems
  • Advanced Tuning
  • Integration with Other Tools

You can register through eventbrite here: https://www.eventbrite.com/e/suricata-training-event-tickets-13264631871. More info on the Suricata Training Program can be found here.

This event is generously hosted by our friends from Intelworks.

We hope to see you there!