Loading…
FloCon 2017 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Training [clear filter]
Monday, January 9
 

7:00am

The Linux Command Line for Network Traffic Analysis

New to flow analysis and command-line interfaces? Most tools that help you work with flow, such as SiLK, make heavy use of a command-line interface instead of the more familiar point-and-click systems many of us are used to. To harness the full capability of flow analysis, you also need some command-line proficiency. In this early-morning boot camp, Tim will get you up to speed on the command line and set you on your way to taking full advantage of the power it has to offer for flow analysis.

No prior experience is required; however, you will need to bring your own laptop.

Speakers
avatar for Timothy Shimeall

Timothy Shimeall

Senior Network Situational Awareness Analyst, CERT Program at Software Engineering Institute
The only person to make more than ten consecutive appearances at FloCon, Tim is the Senior Network Situational Awareness Analyst of the CERT Program at the Software Engineering Institute (SEI). Tim is responsible for developing methods to support decision making in security at and... Read More →



Monday January 9, 2017 7:00am - 8:30am
Shutters West 7450 Hazard Center Dr.

8:30am

Offsite Training Session: Security Onion in the Classroom

Security Onion is a well known linux distribution used for network security monitoring. It includes a large number of tools in one place that make it an excellent classroom resource. In this workshop attendees will learn how Security Onion can be used in the classroom. Attendees will be given an overview of the tools available in Security Onion and be provided a demonstration on how open source data can be used to create challenging labs for classroom use. Some sample labs will be used in the class by attendees.


Speakers
avatar for Chris Simpson

Chris Simpson

Director, National University Center for Cybersecurity
Chris Simpson is the Director of the National University Center for Cybersecurity and is the Program Lead for National University Bachelor of Science in Cybersecurity program. He has developed innovative curriculum and labs in ethical hacking, pentesting, and incident response... Read More →


Monday January 9, 2017 8:30am - 11:00am
National University 9388 Lightwave Avenue San Diego, CA 92123-1426

9:00am

Morning Training Session, Track I: Network Traffic Analysis - SILK

This course introduces you to network flow analysis using the CERT open source SiLK tool suite. Network flow analysis enables retrospective analysis of a network’s traffic to help with forensic analysis, passive network profiling, and threat discovery.

Network flow analysis benefits from the very long retention of flow data due to the extremely small size of flow records, allowing examination of traffic going back much further in time than is possible with analysis of full-packet capture. Network flow analysis also helps you solve many privacy issues inherent in packet analysis. The SiLK tool suite is uniquely suited to analyzing extremely large networks with massive amounts of traffic. 

No prior knowledge of network flow analysis is necessary, but familiarity with IP, TCP, and UDP is required.

As part of participating in hands-on labs, you will be provided with a copy of the Linux based tools and data needed in the training; however, you must bring your own laptop.  An introductory Linux tutorial will be offered prior to the SiLK training for those who want it.


Speakers
avatar for Matthew Heckathorn

Matthew Heckathorn

Network Security Analyst, CERT Division, Software Engineering Institute
Matt is a Network Security Analyst in the CERT Division at Carnegie Mellon University’s Software Engineering Institute. He is a member of the Operational Analysis Transition Team and is tasked with raising awareness of the tools and knowledge the CERT Division can provide. Matt... Read More →
avatar for Paul Krystosek

Paul Krystosek

Network Security Analyst, CERT Division, Software Engineering Institute
Paul is a Senior Member of the Technical Staff of the CERT Operational Analysis Team at Carnegie Mellon University’s Software Engineering Institute. Paul joined the SEI in 2008. Prior to that, he was at Lawrence Livermore National Laboratory as a member of CIAC, the Computer Incident... Read More →



Monday January 9, 2017 9:00am - 12:30pm
Shutters West 7450 Hazard Center Dr.

9:00am

Morning Training Session, Track II: Suricata

Suricata, the world’s leading IDS/IPS engine, provides the most versatile network security tool available today. Developed and maintained by a core team of developers and an open source community, Suricata is the “Swiss Army Knife” for network security monitoring. This training will demonstrate the latest in Suricata’s dynamic capabilities including:

  • Introduction to the newest version of Suricata
  • Suricata as a passive DNS probe
  • Suricata as an SSL monitor
  • Suricata as a malware
  • Suricata as a flow probe
  • A some exciting new features…

At the completion of this training, attendees will gain a greater understanding of Suricata’s versatility and power. They will also have the unique opportunity to discuss any questions directly with members of the Suricata development team. 


Speakers
avatar for Eric Leblond

Eric Leblond

CEO, Stamus Networks
Eric is an active member of the security and open source communities.  He is a Netfilter Core Team member working mainly on communications between kernel and userland.  He works on the development of Suricata, the open source IDS/IPS network engine since 2009 and his is also one... Read More →


Monday January 9, 2017 9:00am - 12:30pm
Shutters East 7450 Hazard Center Dr.

1:30pm

Afternoon Training Session, Track I: Network Traffic Analysis - SILK

This course introduces you to network flow analysis using the CERT open source SiLK tool suite. Network flow analysis enables retrospective analysis of a network’s traffic to help with forensic analysis, passive network profiling, and threat discovery.

Network flow analysis benefits from the very long retention of flow data due to the extremely small size of flow records, allowing examination of traffic going back much further in time than is possible with analysis of full-packet capture. Network flow analysis also helps you solve many privacy issues inherent in packet analysis. The SiLK tool suite is uniquely suited to analyzing extremely large networks with massive amounts of traffic. 

No prior knowledge of network flow analysis is necessary, but familiarity with IP, TCP, and UDP is required.

As part of participating in hands-on labs, you will be provided with a copy of the Linux based tools and data needed in the training; however, you must bring your own laptop.  An introductory Linux tutorial will be offered prior to the SiLK training for those who want it.


Speakers
avatar for Matthew Heckathorn

Matthew Heckathorn

Network Security Analyst, CERT Division, Software Engineering Institute
Matt is a Network Security Analyst in the CERT Division at Carnegie Mellon University’s Software Engineering Institute. He is a member of the Operational Analysis Transition Team and is tasked with raising awareness of the tools and knowledge the CERT Division can provide. Matt... Read More →
avatar for Paul Krystosek

Paul Krystosek

Network Security Analyst, CERT Division, Software Engineering Institute
Paul is a Senior Member of the Technical Staff of the CERT Operational Analysis Team at Carnegie Mellon University’s Software Engineering Institute. Paul joined the SEI in 2008. Prior to that, he was at Lawrence Livermore National Laboratory as a member of CIAC, the Computer Incident... Read More →



Monday January 9, 2017 1:30pm - 5:00pm
Shutters West 7450 Hazard Center Dr.

1:30pm

Afternoon Training Session, Track II: Bro
Bro is a stateful, protocol-aware, open source, high-speed network monitor with applications such as a next generation intrusion detection system, real-time network discovery tool, historical network analysis tool, real-time network intelligence, and more. With a powerful event-based programming language at its core, the Bro Platform ships with powerful frameworks-signature detection, the ability to extract and analyze files, and the capability to integrate massive amounts of local and external intel—all at incredibly high rates.

This tutorial focuses on helping you understand some of the many tasks that you can accomplish with the Bro Platform using a hands-on Virtual Machine. Beginning with an introduction to the Bro Platform, this fast-paced tutorial helps experienced network operators quickly get up to speed on leveraging the technology. Students work with traffic samples of distributed denial-of-service (DDoS) attacks, deploy large sets of threat intelligence, analyze compromised host traffic, dynamically generate streaming network analytics, and more.

Students should be well versed in TCP/IP and networking fundamentals and come prepared with an x86 x64 workstation (Linux, Windows, or Mac) to run the Bro training VM. A remote SSH-based host will be available for students who cannot run the VM.

Speakers
LR

Liam Randall

Chief Executive Officer, Critical Stack
Liam (@Hectaman) focuses on end-user training, application development, and community outreach. He is the CEO at Critical Stack, develops network solutions around the Bro Platform, and is a frequent speaker at security conferences. You can usually find him training users on the Bro... Read More →


Monday January 9, 2017 1:30pm - 5:30pm
Shutters East 7450 Hazard Center Dr.