Using Zeek Signatures To Detect CVEs

I put a video together ( discussing a method I have used to detect CVEs using just Zeek signatures:

This method is useful when trying to detect a CVE exploit in a protocol that is not fully parsed by Zeek. In this video we discuss a CVE for portmapper, which is a protocol not natively supported by Zeek.

In this video we are not teaching you about detecting specific CVEs as much as I am trying to teach you the method of CVE detection using only Zeek signatures when Zeek can’t fully parse the connection.

My slides (all the links are clickable):

Leave a Reply

Your email address will not be published. Required fields are marked *