Alex Kirk – Snort Rules Writing | Security B-Sides Orlando - April 5-6 2014

Alex Kirk – Snort Rules Writing

Bio

Alex Kirk is a Security Engineer for Sourcefire (now a part of Cisco) covering the southeast US. Previously, he spent 9.5 years with the company’s Vulnerability Research Team, where he focused on Snort signature writing, packet/vulnerability/malware analysis, etc.; in his last 4 years there, Alex ran the VRT’s intelligence-sharing programs. He contributed a pair of Snort-related chapters to “Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century,” and was a regular contributor to the widely-read VRT blog (http://vrt-blog.snort.org/). He speaks at conferences worldwide on topics as diverse as “Malware Mythbusting” and “Reducing 0-Day Exposure Through Information-Sharing”, at venues including FIRST, Ekoparty, H2HC, HITB Malaysia, Ruxcon, CARO, You Sh0t the Sheriff, and of course other B-Sides locations.

Abstract

I take four different types of exploits, commonly seen in the wild today, demonstrate the logic necessary to detect them, and then show how to express that logic in the form of Snort rules. The material is designed to appeal to both the novice and intermediate Snort rule writer – no previous experience is necessary, but more advanced topics are also covered for current IDS analysts. The talk is at its best when the audience is asking questions and being interactive, so please, come in and join me!

Can I get CPE?

You absolutely can! Follow this link to get your attendance form. Please be sure to bring a signed copy to the event.

When and Where?

April 5-6, 2014
8001 International Drive
Orlando, FL 32819

Call for papers!

Wide open! Go sign up to be a presenter! If you think it's cool, we would too.

Social & Contact

Copyright © 2013 Security B-Sides Orlando & Jonathan Singer