DrKeithJones.com

Tag: opensource

  • Analyzing QBot/QakBot Malware With Zeek

    In this short article I’ll outline some analysis I performed on the QBot/QakBot malware family with Zeek. I took a look at the following PCAPs from this family of malware, hoping to…

  • Detecting Amadey Malware With Zeek – Zeek Roulette #2

    For my Zeek Roulette #2 I picked a recently submitted sample off of ANY.Run that ended up being Amadey: https://app.any.run/tasks/31ba58da-30d1-4a08-940d-2412fc629221/ You can download the PCAP from the link above if you navigate…

  • Using Zeek Signatures To Detect CVEs

    I put a video together (https://www.youtube.com/watch?v=PcXjkUt3rZA) discussing a method I have used to detect CVEs using just Zeek signatures: https://docs.zeek.org/en/master/frameworks/signatures.html This method is useful when trying to detect a CVE exploit in…