Network detection, network protocols, C++, binpac, Bro, SMB, DCE/RPC
- Network detection, network protocols, C++, binpac, Bro, SMB, DCE/RPC
- duration: 5-10 months
- Context: HBO
The network security monitoring framework Bro (http://www.bro.org) is a great tool for providing information during incident response and network monitoring. Its extensive SMB support makes it a great tool in investigations where lateral movement is involved. To enhance the visibility of network traffic, it would be beneficial to extend Bro by adding protocol parsers for certain (or all) DCE/RPC protocols which are often run on top of SMB.
This project can have one or two phases depending on time and experience.
- investigate which DCE/RPC protocols are relevant to log from a security standpoint
- extend Bro with a protocol parser for at least one DCE/RPC protocol in binpac
- using the experience gained in phase one, find a way to generically create binpac parsers for other DCE/RPC protocols.
The ideal candidate would have experience in the following:
- network protocol analysis tools like Wireshark and Bro
- C++, Python, Perl
- SMB and DCE/RPC protocols
Please share your CV and motivation with us (vacature[at]fox-it.com). In case of questions please send us an email (vacature[at]fox-it.com).