Category: How-To
-
Zeek Clustering How-To Video
I put together a Zeek clustering video over at Youtube (https://youtu.be/g-QvpYHgh1c). You can get to the slides through: https://docs.google.com/presentation/d/1HHHF4-FNhoSuy-YPMOWka3EGvfOW7CJAFeS9VHxBg_E/edit?usp=sharing The source code is available at: https://github.com/corelight/CVE-2022-24491
-
Using Zeek Signatures To Detect CVEs
I put a video together (https://www.youtube.com/watch?v=PcXjkUt3rZA) discussing a method I have used to detect CVEs using just Zeek signatures: https://docs.zeek.org/en/master/frameworks/signatures.html This method is useful when trying to detect a CVE exploit in…
-
How To Profile A Zeek Spicy Protocol Analyzer
This is a good page over at the Zeek Spicy Wiki on how to profile protocol analyzers: https://github.com/zeek/spicy/wiki/Performance-profiling-of-Spicy-parsers
-
-
YouTube Video For How To Connect Zeek To Python Is Up!
Here is a short video I put together to show how to pass PCAP data from Zeek through Python and back to Zeek. The original instructions I wrote can be found here:…
-
How To Connect Zeek To Python
I was recently asked how to send data from Zeek to Python. After flipping through the Zeek Broker documentation I couldn’t find a good example to reference, so here is my example.…
-
Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark
In this video I walk through several resources to download ICS protocol PCAPs:
-
Understanding The Zeek Spicy Wireguard VPN Protocol Analyzer
In this presentation I walk through every line of code in the open source Zeek Spicy Wireguard VPN protocol analyzer. It’s more fun than it sounds, honestly. Spicy documentation: https://docs.zeek.org/projects/spicy/en/latest/index.html Slides: https://docs.google.com/presentation/d/1LOCtYEr8cJ_DLqcjJoyUu1g7-iQbOjS45AnDjzknL7U/edit?usp=sharing
-
Anatomy Of A Zeek Spicy Protocol Analyzer
This video will walk through all the important parts of a Zeek Spicy protocol analyzer.
-
BACNet Basics With Zeek
We look at what BACNet traffic looks like in Zeek, along the way explaining some BACNet basics.