This week OpenDNS hosted the first ever Bro workshop (a.k.a. Bro4Pros) geared towards advanced users. For a day and a half, presenters discussed using Bro operationally, edge cases in Bro’s scripting language, tracking network related metrics using Bro, and new features in Bro. Many experts, including the Bro core development team, were present at the workshop, making the caliber of the sessions extremely high.
I was lucky enough to be given a full hour to present during the workshop. The title of the talk I presented was “DNS Concepts and Bro Exercises”. During the presentation I discussed how DNS is used in malware DGAs, exploit kit redirect strategies, and passive DNS databases. Alongside each concept were exercises using Bro and its scripting language to demonstrate proof of concepts.
For those interested in seeing the slides I presented, they are posted here. The slides include links to a few additional Bro scripts that can be found on GitHub. I suggest reading source before running the code to full understand what Bro is doing.
If you weren’t able to attend this workshop, don’t worry! The next BroCon will occur Tuesday, August 4 at the Massachusetts Institute of Technology.