Using Bro NSM for Malware Analysis

EvolveSec is excited to have Robert Simmons of ThreatConnect talk to the group about how to use Bro Network Security Monitor! 

Abstract:

The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. If one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option. This talk examines how to use Bro NSM as a malware analysis tool. Recent malware that has made the news, including samples from Russian APT will be examined using this powerful tool.

Food and Beverages will be provided thanks to our sponsors ThreatConnect and TEKsystems!

About Rob Simmons:

Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert is also the author of PlagueScanner, an open source virus scanner framework.  Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine.  

About Evolve Security Academy: 

Evolve is a cyber security bootcamp that provides students with hands-on training from highly experienced industry professionals. Evolve partners with not-for-profits, performing security assessment work throughout the curriculum, giving each student the real project work experience and concrete practical skills that are needed to land or advance a career. Evolve’s primary focus is on creating top-tier cyber security talent and placing them into high-paying jobs through professional staffing and direct hire services. 

About ThreatConnect:

ThreatConnect unites cybersecurity people, processes and technologies behind a cohesive intelligence-driven defense. Built for security teams at all maturity levels, the ThreatConnect platform enables organizations to benefit from their collective knowledge and talents; develop security processes; and leverage their existing technologies to identify, protect and respond to threats in a measurable way. More than 1,200 companies and agencies worldwide use ThreatConnect to maximize the value of their security technology investments, combat the fragmentation of their security organizations, and enhance their infrastructure with relevant threat intelligence. To register for a free ThreatConnect account or learn more, visit: www.threatconnect.com.

About TEKSystems:

TEKsystems is a $3.8 billion IT services company, known for excellence in the industry.  We provide the best talent in the country by hand picking the best and brightest and placing them at our client sites.  We have deployed over 2,000 Information Security consultants in the past two years. We currently have over 500 active CISSP certified consultants and 400 recruiters certified to identify top talent. We also stay informed on market trends by partnering with companies such as SailPoint, Curion, RSA, Oracle and many more.