DrKeithJones.com

Social Media

Categories

  • Zeek Clustering How-To Video

    I put together a Zeek clustering video over at Youtube (https://youtu.be/g-QvpYHgh1c). You can get to the slides through: https://docs.google.com/presentation/d/1HHHF4-FNhoSuy-YPMOWka3EGvfOW7CJAFeS9VHxBg_E/edit?usp=sharing The source code is available at: https://github.com/corelight/CVE-2022-24491

  • Using Zeek Signatures To Detect CVEs

    I put a video together (https://www.youtube.com/watch?v=PcXjkUt3rZA) discussing a method I have used to detect CVEs using just Zeek signatures: https://docs.zeek.org/en/master/frameworks/signatures.html This method is useful when trying to detect a CVE exploit in a protocol that is not fully parsed by Zeek. In this video we discuss a CVE for portmapper,…

  • Zeek’s suspend_processing Quirk With PCAPs

    In the comments of an earlier blog: … we found an interesting situation. Even when you call “suspend_processing” in zeek_init, like this: … Zeek will still process the first packet. The “new_connection” and “connection_state_remove” events will still fire for that first packet/connection. This is what the output looks like: ……

  • How To Profile A Zeek Spicy Protocol Analyzer

    This is a good page over at the Zeek Spicy Wiki on how to profile protocol analyzers: https://github.com/zeek/spicy/wiki/Performance-profiling-of-Spicy-parsers

  • Zeek Spicy IPSec Protocol Analyzer Update – v0.2.17

    An update in the protocol analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ipsec You can install the latest version with the following command:

  • My Zeek How-To Video Playlist

    Here is a playlist I put together of just my Zeek How-To videos:

  • Zeek Spicy OSPF Packet Analyzer Update – v0.1.4

    An update in the packet analyzer now makes it Zeek v5.2 ready. You can view more here: https://github.com/corelight/zeek-spicy-ospf You can install the latest version with the following command:

  • YouTube Video For How To Connect Zeek To Python Is Up!

    Here is a short video I put together to show how to pass PCAP data from Zeek through Python and back to Zeek. The original instructions I wrote can be found here: How To Connect Zeek To Python Subscribe and like if you would like to see more!

  • How To Connect Zeek To Python

    I was recently asked how to send data from Zeek to Python. After flipping through the Zeek Broker documentation I couldn’t find a good example to reference, so here is my example. The code for this demo is available here: https://github.com/keithjjones/zeek-python-broker-demo The first piece of our source code is the…

  • Industrial Control Systems (ICS) PCAP Resources For Zeek And Wireshark

    In this video I walk through several resources to download ICS protocol PCAPs: