Snort Intrusion Detection, Rule Writing, and PCAP Analysis
Hello everybody. My name is Jesse Kurrus, and I’ll be your professor for the duration of the Snort Intrusion Detection, Rule Writing, and PCAP Analysis course. This course will consist of written material to go over on your own pace, and labs to reinforce the concepts from the provided resources. To follow along with these labs, you'll need a VirtualBox, Security Onion, Kali Linux, and Windows 7 VMs. These are all free and open source, including the Windows 7 VM which is available free for development purposes.
This course is 100% hands-on, save for the initial introduction. Please be prepared to follow along with these labs.
The following are the hands-on labs. Please refer to the course for full descriptions:
- Lab 1: Setting up Security Onion with VirtualBox
- Lab 2: Boleto Malware Snort Rule Writing and PCAP Analysis
- Lab 3: Vetting Snort Rule Quality with Dumbpig
- Lab 4: Utilizing Offset and Depth in a Snort Rule
- Lab 5: Kali Linux Setup with VirtualBox
- Lab 6: Snort Rule Writing (SSH and FTP)
- Lab 7: Windows 7 Eternalblue Vulnerable VM VirtualBox Setup
- Lab 8: Windows 7 Eternalblue Exploitation and Snort/PCAP Analysis
- Lab 9: Eternalblue PCAP Analysis and Snort Rule Writing
- Lab 10: Ubuntu Server 12.04 Vulnerable VM VirtualBox Setup
- Lab 11: Ubuntu Server 12.04 Heartbleed Exploitation and Snort/PCAP Analysis
- Lab 12: Heartbleed PCAP Analysis and Snort Rule Writing
Get a Reminder
| Rating | 4.4★ based on 92 ratings |
|---|---|
| Length | 2.5 total hours |
| Starts | On Demand (Start anytime) |
| Cost | $13 |
| From | Udemy |
| Instructor | Jesse Kurrus, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP |
| Download Videos | Only via the Udemy mobile app |
| Language | English |
| Subjects | IT & Networking |
| Tags | IT & Software Network & Security |
Get a Reminder
Similar Courses
What people are saying
security onion
I was waiting to get to know more about Snort, to see where and how to put hands on this software , but I discovered more than I expected: Security Onion in the first place, then the maneuvers with the Wireshark and a little insight into Metasploit utilization on Kali Linux.
Some excellent practical information for using Snort with Security Onion, Squert, etc.
Never heard of Security Onion before, it's a great option.
instead I got a few examples and mostly videos about how to setup environments and how to view in Security Onion.
The labs are barely useful tutorials for installing Security Onion (with default configuration, don't think that it would be of help for a production deployment in any way), reading a simple pcap file from Wireshark (HTTP connection, a bunch of GET requests and one POST - only using "Follow TCP Stream" option), and writing 4 snort rules (more like one rule and 3 variations), adapted to detect the exact same connection from the pcap file.
It is useful to mention that the first lab video lasts less than 3 minutes, even when it is repeated twice (two slides explaining what Security Onion and VirtualBox is -really?).
There is no explanation about what applications are available in Security Onion, how to configure and access them, and how to manage it beyond the automatic installation and a simple 5 minute test (which also fails, by the way).
If you are attracted by the Security Onion lab... keep looking, there is nothing for you here.
Security Onion is running dreadfully slow, so much so that it unusable.
I installed Security Onion in VM Fusion, and I had to "adjust" some of the training commands to reflect the network interfaces in VM Fusion to have the Labs running.
I would recommend this to any analyst that want to learn more about PCAP, Snort, Security Onion, and malware analysis.
Read more
snort rule
Good Course,should be more good if it covers some basics so that new snort learner can also get a good exposure.Thanks Very good hands-on exercises where you learn to write Snort rules for recognizing exploits like Heartbleed or Eternalblue.
Great intro to writing and testing Snort rules with plenty of labs that cover real malware.
I was hoping for a course on writing SNORT rules.
If you can read this review, you can also read Snort rule documentation, which is what the instructor does most of the time.
To sum up, I've spent one and a half hours to learn the differences between snort rule option types, and the syntax of a snort rule.
If you want to learn about snort rules, do read the docs, they are public.
Great course, made writing Snort rules easy.
This course has given me a great overview of Intrusion Detection Systems and has helped me gain a good understanding of how to write custom Snort rules and look at PCAPs.
Read more
easy to follow
straight forward and easy to follow.
Exceptional instruction and details, easy to follow, tones of resources, and increased my understanding of Snort.
The course is easy to follow.
GOOD $ FOR PEOPLE NEW TO SNORT & SECURITY ONION great way to learn to monitor my network This section just seemed like reading straight from a manual I never use Snort before; real easy to follow with VirtualBox!
Instructions are easy to follow.
Read more
rule writing
This is a great snort rule writing course.
The explanation is crystal clear, thanks Jesse This course has been very effective in helping me to learn Snort rule writing basics faster than traditional routes.
Need to spend time more on snort rule writing and explanation.
It does give the basic concepts of rule writing but it would be great to have the instructor show how to write rules with offsets and depth using content with bytes This was an excellent course.
An awesome tutorial on analyzing malware in packets and integrating Snort rule writing.
Professor Kurrus was very thorough in his review of Snort Rule writing and PCAP analysis.
This felt more like an overview of what SNORT can do than an actual SNORT rule writing course.
Read more
so far
A little brief but it was very interesting So far it's been a good match.
So far this course is great.
Awesome so far Good information in relation to topic.
Read more
Careers
An overview of related careers and their average salaries in the US. Bars indicate income percentile.
Rule 144 Specialist $62k
Rule 16 Attorney, Appellate Advocacy Clinic Fellow $63k
Rule of law instructor $77k
Write a review
Your opinion matters. Tell us what you think.
Please login to leave a review
| Rating | 4.4★ based on 92 ratings |
|---|---|
| Length | 2.5 total hours |
| Starts | On Demand (Start anytime) |
| Cost | $13 |
| From | Udemy |
| Instructor | Jesse Kurrus, M.S., OSCP, CEH, Security+, Linux+, Network+, CISSP |
| Download Videos | Only via the Udemy mobile app |
| Language | English |
| Subjects | IT & Networking |
| Tags | IT & Software Network & Security |
Similar Courses
Sorted by relevance
Like this course?
Here's what to do next:
- Save this course for later
- Get more details from the course provider
- Enroll in this course
