Profile
Mark Fernandez joined The MITRE Corporation in 2015 as a Lead Cybersecurity Engineer in Tampa, Florida. At MITRE, Mark has done a variety of open-source projects with the Bro/Zeek Network Security Monitor tool, including a protocol analyzer to parse the Internet Content Adaptation Protocol (ICAP), which he presented at BroCon 2016, and another protocol analyzer to parse the Gh0st malware command and control (C2) protocol, which was presented at BroCon 2017 (by a MITRE colleague). His last open-source project, called BZAR (pronounce bizarre), used Bro/Zeek to detect adversary behaviors based on MITRE’s ATT&CK model, specifically in the tactical categories of persistence, defense evasion, credential access, discovery, lateral movement, and execution. Approximately 1500 lines of code from BZAR were merged into the main Zeek product line last year.