Peter Manev
Last known affiliation: Open Information Security Foundation / Stamus Networks
Bio: Peter Manev is the co-founder and chief strategy officer (CSO) of Stamus Networks and a member of the executive team at Open Network Security Foundation (OISF). Peter has over 20 years of experience in the IT industry, including enterprise-level IT security practice. He is a passionate user, developer, and explorer of innovative open-source security software. Peter has been involved with Suricata IDS/IPS/NSM from its very early days in 2009 as QA and training lead. He is currently a Suricata executive council member.
Érlc Leblond 🗣 | Peter Manev 🗣
Abstract (click to view)
The objective of this workshop is to demonstrate how Suricata can be used to leverage network information when tracking malware.
With the logging of protocols transactions (NSM), Suricata provides an exhaustive view of network activity that can be used when the intrusion detection part of Suricata has failed detecting the malware. But did it really failed ? In a lot of cases, generic signatures are highlighting the activity of malware but they need to be look at and understood to be able to detect the malicious activity.
On top of that, some other techniques such as learning dataset can also be used to detect malware activity.
Once the network characteristics of the malware have been established, it is then time to determine which IOCs can be used and/or write signatures to have a detection dedicated to this malware.
