No description, website, or topics provided.
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
pcaps BSides London 2013 Apr 23, 2013

BSides London 2013 Workshop

The intention of this workshop is to introduce the Security Onion Linux distro to workshop attendees and show how it can be used to greatly facilitate incident and attack analysis, by enhancing the visiblity into your network.

Who am I?

My name is Mark Hillick (@markofu), from Kybeire, and I've far too many years of experience in Info Sec.

This workshop will hopefully introduce folks to the benefits of using Security Onion for NSM.

What you have to do :)

Before BSides


I believe that there will be no Internet access :( Therefore, you need to get a few things sorted before you turn up to play with Security Onion.

  • Bring a laptop with VM software (VirtuaBox, XenClient, VMware or Parallels etc) on it.

  • Clone this repository onto your VM.

    • If git is not on you system, install it with

                         sudo apt-get -y install git
    • Then with git, run

                         git clone

to clone this repository onto you system.

At BSides

  • Have your laptop ready

  • We only have an hour so try to be on time

  • Ask questions but let's take anything detailed offline after the course.

  • The workshop will be based on this presentation -

  • The workshop will involve:

    • Short history of the history and goals of the Security Onion Project
    • Quick description of a sample infrastructure
    • Walkthrough of the tools
    • Practical usage of the tools, primarily due to replaying the packet captures in this github repository with tcpreplay
    • I'd like to use a DVWA installation on the same VM as Security Onion to show some alerts happening in real-time but I'm not sure if we'll have time. Regardless please install it as per the instructions in the DVWA directory in this github repo.

After Bsides

  • Spread the word about Security Onion

  • Continue playing with Security Onion

  • Give thanks to Doug Burks, Scott Runnels and the many other various folk who help with Security Onion!