Tag Archive

DeepSec 2018 Talk: Suricata and XDP, Performance with an S like Security – Eric Leblond

Published on November 2, 2018 By sanna

extended Berkeley Packet Filter (eBPF) and eXtreme Data Path (XDP) technologies are gaining in popularity in the tracing and performance community in Linux for eBPF and among the networking people for XDP. After an introduction to these technologies, this talk proposes to have a look at the usage of the eBPF and XDP technology in […]

Internet Protocol version 6 (IPv6) and its Security

Published on February 3, 2015 By René Pfeiffer

Internet Protocol version 6 (IPv6) is not new. Its history goes back to 1992 when several proposals for expanding the address scheme of the Internet were discussed (then know by the name of IP Next Generation or IPng). A lot has happened since RFC 1883 has been published in 1996. Due to the deployment of […]

DeepSec 2014 Talk: The IPv6 Snort Plugin

Published on November 12, 2014 By René Pfeiffer

The deployment of the new Internet Protocol Version 6 (IPv6) is gathering momentum. A lot of applications now have IPv6 capabilities. This includes security software. Routers and firewall systems were first, now there are also plugins and filters available for intrusion detection software such as Snort. Martin Schütte will present the IPv6 Snort Plugin at […]

DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

Published on September 25, 2014 By René Pfeiffer

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you […]

DeepSec 2013 Video: The Economics Of False Positives

Published on February 4, 2014 By René Pfeiffer

Once you set up alarm systems, you will have to deal with false alarms. This is true for your whole infrastructure, be it digital or otherwise. When it comes to intrusion detection systems (IDS) you will have to deal with false positives. Since you want to be notified of any anomalies, you cannot ignore alarms. […]

DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5

Published on January 30, 2014 By René Pfeiffer

Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be […]

DeepSec 2013 Video: Building The First Android IDS On Network Level

Published on January 28, 2014 By René Pfeiffer

Did you know that you can do more than playing Angry Birds on your smartphone? You can get attacked for example. Since your smart phone is Turing complete, you can do what you want. Jaime Sánchez presented the first Android Intrusion Detection System at DeepSec 2013. Mobile malware and threats are clearly on the rise, […]

DeepSec 2013 Video: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

Published on January 27, 2014 By René Pfeiffer

Ever since intrusion detection systems were put into operation, attackers have found ways to evade discovery. So what can you expect from the wonderful tools that are designed to detect intrusions? If you are looking for metrics which can easily compared and have a connection to your typical production environment, then you are mistaken. There […]

DeepSec 2013 Talk: Building The First Android IDS On Network Level

Published on November 13, 2013 By René Pfeiffer

Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions […]

DeepSec 2013 Workshop: Effective IDS/IPS Auditing And Testing With Finux

Published on October 26, 2013 By René Pfeiffer

A major part of information security is to deal with intrusions. It doesn’t matter if you have to anticipate them, detect them, or desperately wish to avoid them. They are a part of your infosec life. This is why gentle software developers, security researchers, and vendors have created intrusion detection/preventi0n systems. It’s all there for […]

Talk: Advances in IDS and Suricata

Published on November 11, 2011 By René Pfeiffer

Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than […]

Talk: Reassemble or GTFO! – IDS Evasion Strategies

Published on September 15, 2011 By René Pfeiffer

Ever since network intrusion technology was introduced, attackers have tried to evade detection. The tactics for evasion changed over time, but there really was no point in the past when evasion was not discussed. This is especially true for all things HTTP, because web applications transmit a rich set of data between server and client […]