My suricon talk got accepted
-
My suricon talk got accepted
I'm doing a double-header on some new suricata features I've been messing with recently, along with a discussion on exploit reproduction for detection engineers.
-
M mttaggart@infosec.exchange shared this topic
-
My suricon talk got accepted
I'm doing a double-header on some new suricata features I've been messing with recently, along with a discussion on exploit reproduction for detection engineers.
@da_667 W00P W00P
-
My suricon talk got accepted
I'm doing a double-header on some new suricata features I've been messing with recently, along with a discussion on exploit reproduction for detection engineers.
for some of the new features, I definitely want to highlight the availability of websocket protocol support. I also plan on talking about nDPI features, and how the requires keyword will make experimenting with new features in the ET ruleset fairly easy.
The second half of the presentation is a sort of (somewhat) live presentation on some stuff I do when I have access to a proof of concept exploit. What do you do when you have proof of concept code, but don't have easy access to the software or the device that is actually vulnerable? Turns out, getting a pcap for these cases isn't very difficult, and gives you what you need to write rules for it.
-
for some of the new features, I definitely want to highlight the availability of websocket protocol support. I also plan on talking about nDPI features, and how the requires keyword will make experimenting with new features in the ET ruleset fairly easy.
The second half of the presentation is a sort of (somewhat) live presentation on some stuff I do when I have access to a proof of concept exploit. What do you do when you have proof of concept code, but don't have easy access to the software or the device that is actually vulnerable? Turns out, getting a pcap for these cases isn't very difficult, and gives you what you need to write rules for it.
fuck, now I have to write a slide deck.
-
fuck, now I have to write a slide deck.
but on the bright side, I get to go to Lisbon, Portugal.
also FUCK. I should probably learn a little bit of Portuguese.
-
fuck, now I have to write a slide deck.
@da_667 LOL. guess what I am doing right now. I will create a 15 slides deck. which my manager will reduce down to 8 slides, his manager down to 4 and at the final presentation it will be one line in someone else's slide deck.
story of our lives
-
My suricon talk got accepted
I'm doing a double-header on some new suricata features I've been messing with recently, along with a discussion on exploit reproduction for detection engineers.
@da_667 congrats!
-
fuck, now I have to write a slide deck.
@da_667
Wing it.
