Category: Spicy
-
Detect STRRAT Malware With Zeek And Suricata
Join me in learning how to detect the STRRAT malware family with Zeek and Suricata. Corelight Blog: https://corelight.com/blog/newsroom/news/strrat-malware Source Code: https://github.com/corelight/zeek-strrat-detector 00:00:10:18 – 00:00:37:17Dr. Keith JonesHey, welcome. We’re going to talk about…
-
Detecting njRAT/Bladabindi Malware With Zeek – Zeek Roulette #1
Welcome to the first edition of Zeek Roulette, where I pick a random Zeek topic and try to solve it! For this article I picked njRAT malware from Any.Run and tried to…
-
How To Profile A Zeek Spicy Protocol Analyzer
This is a good page over at the Zeek Spicy Wiki on how to profile protocol analyzers: https://github.com/zeek/spicy/wiki/Performance-profiling-of-Spicy-parsers
-
Zeek Spicy IPSec Protocol Analyzer Update – v0.2.17
An update in the protocol analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ipsec You can install the latest version with the following command:
-
Zeek Spicy OSPF Packet Analyzer Update – v0.1.4
An update in the packet analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ospf You can install the latest version with the following command:
-
YouTube Video For How To Connect Zeek To Python Is Up!
Here is a short video I put together to show how to pass PCAP data from Zeek through Python and back to Zeek. The original instructions I wrote can be found here:…
-
Understanding The Zeek Spicy Wireguard VPN Protocol Analyzer
In this presentation I walk through every line of code in the open source Zeek Spicy Wireguard VPN protocol analyzer. It’s more fun than it sounds, honestly. Spicy documentation: https://docs.zeek.org/projects/spicy/en/latest/index.html Slides: https://docs.google.com/presentation/d/1LOCtYEr8cJ_DLqcjJoyUu1g7-iQbOjS45AnDjzknL7U/edit?usp=sharing
-
Anatomy Of A Zeek Spicy Protocol Analyzer
This video will walk through all the important parts of a Zeek Spicy protocol analyzer.
-
Easily Run Zeek and Spicy in a Docker Container
Here you will learn to run Zeek and Spicy in a Docker container. I do this often to test my code on different versions of Zeek without having to fully install each…
-
Create a Zeek Spicy Analyzer from a Template
Learn how to create a Zeek Spicy protocol analyzer from a template using “zkg create”.