Category: Open Source
-
Zeek Log Format Cheat Sheet
Sometimes you want to quickly know the format of a Zeek log file. Check out this web page that links to all the native Zeek log record definitions: https://docs.zeek.org/en/master/script-reference/log-files.html Clicking on “Conn:Info”…
-
Analyzing QBot/QakBot Malware With Zeek
In this short article I’ll outline some analysis I performed on the QBot/QakBot malware family with Zeek. I took a look at the following PCAPs from this family of malware, hoping to…
-
A Gozi Banking Malware Detector – Zeek Roulette #3
I had talked about Gozi malware in our eCrimeBytes podcast here: Last Man From Gozi Banking Malware Group Sentenced To Three Years – eCrimeBytes Nibble #51 In my technical real life job…
-
Detecting Amadey Malware With Zeek – Zeek Roulette #2
For my Zeek Roulette #2 I picked a recently submitted sample off of ANY.Run that ended up being Amadey: https://app.any.run/tasks/31ba58da-30d1-4a08-940d-2412fc629221/ You can download the PCAP from the link above if you navigate…
-
njRAT/Bladabindi Zeek Detector Update – Zeek Roulette #1 Part 2
This is an update to: Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1 I have been running this detector on a live network for a while and I’ve seen 2 (rare)…
-
How To Make Your Voice Sound Sexy Using A USB Microphone On A MacBook
This method will let you make your voice sound sexy through any application like Zoom, Microsoft Teams, StreamYard, etc. After installing OBS, you will need to install the donationware Virtual Audio Cable…
-
Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1
Welcome to the first edition of Zeek Roulette, where I pick a random Zeek topic and try to solve it! For this article I picked njRAT malware from Any.Run and tried to…
-
Using Logitech Brio In 4K In OBS On A 2019 Intel MacBook Pro
I do a fair amount of recording for my YouTube channel on a MacBook Pro, circa 2019. It has the Intel chip. Nothing I found online worked exactly for me when I…
-
Zeek Clustering How-To Video
I put together a Zeek clustering video over at Youtube (https://youtu.be/g-QvpYHgh1c). You can get to the slides through: https://docs.google.com/presentation/d/1HHHF4-FNhoSuy-YPMOWka3EGvfOW7CJAFeS9VHxBg_E/edit?usp=sharing The source code is available at: https://github.com/corelight/CVE-2022-24491
-
Using Zeek Signatures To Detect CVEs
I put a video together (https://www.youtube.com/watch?v=PcXjkUt3rZA) discussing a method I have used to detect CVEs using just Zeek signatures: https://docs.zeek.org/en/master/frameworks/signatures.html This method is useful when trying to detect a CVE exploit in…