Detect multiple attacks relating to SMB/SMB2.
Detection, Bro, SMB2, Protocol analysis
Duration: 5-10 months
Context: Hbo/WO thesis
Bro-SMB is a continuously running project to detect multiple attacks relating to SMB/SMB2. Ransomware, tracking Windows network logins (lateral movement), remote binary execution and information leakage that are all detectable with enough network forensic data provided by Bro.
This project builds on the work of other students in various areas to provide bleeding edge detection and research.
Research technical methods of detecting Windows based attacks via network forensics.
PoC new detection methods via PCAPS and live data.
In case of questions please send us an email (vacature[at]fox-it.com). Please share your CV and motivation with us (vacature[at]fox-it.com).