Social Media


  • How To Connect Zeek To Python

    I was recently asked how to send data from Zeek to Python. After flipping through the Zeek Broker documentation I couldn’t find a good example to reference, so here is my example. The code for this demo is available here: The first piece of our source code is the…

  • eCrimeBytes Glossary

    We created a growing glossary for our eCrimeBytes podcasts:

  • Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark

    In this video I walk through several resources to download ICS protocol PCAPs:

  • eCrimeBytes S 1, Ep 5: PlugwalkJoe

    Buy a hat and hold the F on.  This story gets nuts. Between 2019 and 2020, a character only known as “PlugwalkJoe” went on an online crime spree.  From SIM swapping, to cryptocurrency theft, to the Twitter hack, to swatting a juvenile, to extorting high profile TikTok (Addison Rae) &…

  • Understanding The Zeek Spicy Wireguard VPN Protocol Analyzer

    In this presentation I walk through every line of code in the open source Zeek Spicy Wireguard VPN protocol analyzer. It’s more fun than it sounds, honestly. Spicy documentation: Slides:

  • eCrimeBytes S 1, Ep 4: The Twitter Hack

    July 15, 2020.   Some say it was one of the biggest Twitter hacks.  This day, several high profile Twitter accounts were in the hands of criminals.  The criminals then used the stolen accounts to trick ordinary users out of their Bitcoins, such as: Elon Musk:  I’m feeling generous because…

  • eCrimeBytes S 1, Ep 3: Violence As A Service With ”PatTheBat”

    This episode we take a look at a shooting at one PA residence and a firebombing at another.  Are these two crimes related?  We will meet an enforcer who named himself “PatTheBat” and discuss how his sloppy behavior plus love for Mad Dog 20/20 brought him to the attention of…

  • Anatomy Of A Zeek Spicy Protocol Analyzer

    This video will walk through all the important parts of a Zeek Spicy protocol analyzer.

  • BACNet Basics With Zeek

    We look at what BACNet traffic looks like in Zeek, along the way explaining some BACNet basics.

  • Easily Run Zeek and Spicy in a Docker Container

    Here you will learn to run Zeek and Spicy in a Docker container. I do this often to test my code on different versions of Zeek without having to fully install each version.