Workshop announcement: BSides Boulder Detection Workshop

By kernelmethod on Wednesday, May 24, 2023

The BSides Boulder crew is thrilled to have Jason Williams, Jack Mott, and Francis Trudeau join us to teach a workshop on detection tools and methodology! The workshop is open to everyone who attends BSides at no additional cost.

Sign up for the workshop through our Eventbrite, or on the day of the event1!

Workshop abstract follows:

BSides Boulder 2023: Detection workshop

the full potential of open-source security tools at this BSides Boulder Detection Workshop! This immersive workshop offers beginners and intermediate users an invaluable opportunity to learn how to harness the power of popular open-source network and static detection engines: YARA and Suricata. Dive deep into the fundamentals of detection engineering and learn how to combine signals to rapidly detect and surface threats in your environment.

Sharpen your skills by analyzing real-world malware and phishing samples drawn from the current threat landscape. Collaborate with fellow security analysts and learn from the experiences of seasoned experts, all while expanding your toolbox for combating cyber threats.

A virtual machine with all workshop materials and tools pre-installed will be provided to attendees for a seamless learning experience. A basic understanding of Linux command line, working with packet captures, and common file analysis is recommended for maximum learning. The minimum machine specs to run the VM are 8GB of RAM.

The workshop will be divided into a morning and afternoon sessions, focusing on Yara in the morning and Suricata in the afternoon. Attendance at both sessions is not mandatory, providing flexibility for attendees busy conference schedules.

Rough schedule:

  • Morning session (2 hours): static detection with YARA
  • Afternoon session (2-3 hours): network detection Suricata and possibly additional incidents and exercises as time allows

  1. As space allows. ↩︎

We would like to thank the following people: Best Boy => Still Wills Cat (234-55-2987) Lead Pew-Pew-er => Will Shand (345-26-7645)