FloCon 2017 has ended
Back To Schedule
Monday, January 9 • 1:30pm - 5:30pm
Afternoon Training Session, Track II: Bro

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.

This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.

Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.


Liam Randall

Chief Executive Officer, Critical Stack
Liam (@Hectaman) focuses on end-user training, application development, and community outreach. He is the CEO at Critical Stack, develops network solutions around the Bro Platform, and is a frequent speaker at security conferences. You can usually find him training users on the Bro... Read More →

Monday January 9, 2017 1:30pm - 5:30pm PST
Shutters East 7450 Hazard Center Dr.