As you might have guessed by my publications, I have done a ton of work in intrusion detection. I have been a part of the Snort project for nearly a decade. I have done corporate security, incident response, forensic analysis, and a ton of other related infosec work, intrusion detection has been my primary focus.
Publications
-
Snort 2.0, Intrusion Detection - ISBN 1931836744
-
Snort 2.1, Intrusion Detection - ISBN 1931836043
Presentations
Nearly all of my public speaking in the last 5 years has been involved in some way around intrusion detection. As such, there is a decent amount of duplicate content here.
-
Thermoptic Camouflage: Total IDS Evasion. Presented at Blackhat with HD Moore, August 2006
-
Snort, a quick overview. Presented at Linux World Expo in Feb 2005. It was rated 4.34 out of 5.
-
Snort Perl. Presented at Shmoocon 2005
-
Bluesniff - The Next Wardriving Frontier. Presented by Bruce Potter at Defcon 11. I wrote the code used in the presentation but was unable to attend.
-
Snort, A Quick Guide. Presented at the Indiana University Avanced Network Management Lab Security Workshop, June 2004
-
Writing Snort Rules : A Short Guide. Presented at the The Honeynet Workshop, London, March 2004
-
Extending snort, without knowing C for dirt. Presented at DC Security Geeks, May 2003
-
Advanced IDS. Presented at Cansecwest with Jeff Nathan, April 2003
-
Large Scaled IDS: Network Intrusion Detection deployment, data mining and management on a large scale. Presented at Cansecwest with Jeff Nathan, April 2002