Issue 3 – April 2020
Welcome to the Zeek Monthly Newsletter, Issue 3 covers March 2020 as well as upcoming events.
In this Issue:
- General Community News/Updates
- Development Updates
- Zeek in the News
- Zeek In the Community
- Threat of the Month
- Upcoming Events
- New Zeek Related Packages
- Publication Schedule
- Get Involved
General Community News/Updates
New Zeek Package Contest Announced – ZPC-2 – The ZPC contest series is intended to inspire Zeek users to demonstrate their creativity and ingenuity while winning the admiration of their peers, and giving back to the community. The ZPC-2 contest will focus on the MITRE ATT&CK™ Framework, more specifically packages that help detect C2 Techniques. Find out more about how you can participate in ZPC-2 at: https://zeek.org/2020/04/06/zeek-package-contest-zpc-2/
Zeek From Home – Weekly Webinar Series – If you have a Zeek Related talk (even one that you’ve given at past Zeek events) submit those today and let’s get you scheduled for a Zeek From Home presentation. Find out more at: https://zeek.org/2020/03/31/zeek-from-home/
Zeek Slack Workspace Announced – This post will give you more information about the Slack Space and how you can join. https://zeek.org/2020/03/04/zeek-slack-channel-announced/
New Zeek Website announced – We hope you’ve had a chance to look around the new site. This post tells you more about the site and the meaning of the new Zeek Logo – https://zeek.org/2020/03/11/announcing-the-new-zeek-website/
ZeekWeek 2020 Austin – Cancelled – Open Letter to the Community – Given the uncertainty, we’ve made the difficult decision to cancel ZeekWeek 2020 in Austin. Rest assured that we are looking at other options to bring the community together as things improve and become more predictable. Those options include a virtual event during the same time frame, and if it’s safe to bring people together, then we will look at holding a smaller event in a different location. However, we won’t know until we get closer to October. You can read morte about this at: https://zeek.org/2020/03/31/zeekweek-2020-austin-cancelled-open-letter-to-the-community/
Announcing the New Zeek Agent – an open source endpoint agent that turns host activity into Zeek events as it happens. You can find out more about the Zeek Agent in the blog post at: https://zeek.org/2020/03/11/announcing-the-new-zeek-website/ and on the Zeek Mailing list at: http://mailman.icsi.berkeley.edu/pipermail/zeek/2020-March/015187.html
Zeek in the News
Zeek and Jitsi: 2 open source projects we need now – Long proven but not well known, these network security monitoring and video conferencing tools couldn’t be more timely says Matt Asay. Find out more at: https://www.infoworld.com/article/3533999/zeek-and-jitsi-2-open-source-projects-we-need-now.html
Researchers identify novel cybersecurity approach to protect Army systems – From this post, “Our approach uses symbolic execution to explore the state of TCP implementation of an endhost to identify ways to reach critical points in the code,” Chan said. “If such a point is found, then packets can be inserted and be undetected by DPI. This method is evaluated against several state-of-the-art DPI systems such as Zeek and Snort and identifies previously known evasion strategies in addition to new ones that were not previously documented.” You can find out more at: https://techxplore.com/news/2020-03-cybersecurity-approach-army.html
Zeek in the Community
Security Onion 16.04.6.5 ISO image now available featuring Zeek 3.0.3, Suricata 4.1.7, Elastic 6.8.7, CyberChef 9.18.2, and more! – https://blog.securityonion.net/2020/03/security-onion-160465-iso-image-now.html
Brim Security – Desktop App – open sourced – In a tweet, Brim Security announced, “We’ve open sourced our desktop application Brim! It lets you easily work with huge pcaps: it uses Zeek to generate logs you can search with intuitive queries, and then lets you extract just the interesting packets into Wireshark.” You can find out more at: https://www.brimsecurity.com/download/
Getting Network Visibility into East-West Traffic by Bricata- https://securityboulevard.com/2020/03/getting-network-visibility-into-east-west-traffic/
Doug Burks of Security Onion – https://zeek.org/2020/03/25/people-of-zeek-interview-series-doug-burks-of-security-onion/
Keith Lehigh of Indiana University and the Zeek Leadership Team – https://zeek.org/2020/03/30/people-of-zeek-interview-series-keith-lehigh-of-indiana-university-and-the-zeek-leadership-team/
Threat of the Month
Do you have a threat you’d like to share with the community and how using Zeek in your security stack helped you identify that threat? Please email firstname.lastname@example.org and we’ll work with you to get it written up and shared in the next newsletter.
Ask the Zeeksperts – Ask the Zeeksperts is a one hour bi-weekly call that is hosted by various “Zeeksperts” in the community. This is where you can drop by and ask your Zeek Related questions. The webinars are free to attend, but registration is required.
- 9 April 2020 – 12:30pm PST/3:30pm EST – https://attendee.gotowebinar.com/register/2632319203581363981
- 23 April 2020 – 12:30pm PST/3:30pm EST – https://attendee.gotowebinar.com/register/1763308093940786957
Zeek From Home – This is a new weekly webinar series, where the community can share their Zeek Related presentations (scripts, use cases, how to’s, unique usages, lessons learned etc). These will be recorded.
- 15 April 2020 – 2pm EST/11am PST (registration details will be announced on the Zeek Mailing list, Twitter, Slack and the website)
Corelight Virtual Hunt from Home – A free, 2-hour Virtual Capture the Flag event hosted by Corelight, where players compete to answer security challenges using Zeek data in Splunk and Elastic. The security challenges model realistic IR and hunting queries and can help you uplevel your Zeek log proficiency. Corelight experts will be on hand during the game to guide players of all skill levels through two exciting hunt scenarios. Sign up for one of eight virtual CTF spots in April. Game winners will take home bragging rights and a $100 Amazon Gift Card. https://www3.corelight.com/ctf/hunt-from-home
If you know of any Zeek related events that you would like to share with the community in the monthly newsletter, please email email@example.com or share on the Zeek mailing list (firstname.lastname@example.org).
Zeek Related Packages
RDP Fingerprinting – Profiling RDP Clients with JA3 and RDFP – Adel K announced this package. You can find out more about it at: https://medium.com/@0x4d31/rdp-client-fingerprinting-9e7ac219f7f4
Publication Schedule (Updated)
- Issue 1 – January 2020 (Covers December 2019) – 14 January 2020
- Issue 2 – March 2020 (Covers January and February 2020) – 2 March 2020
- Issue 3 – April 2020 (Covers March 2020) – 7 April 2020
- Issue 4 – May 2020 (Covers April 2020) – 4 May 2020
- Issue 5 – June 2020 (Covers May 2020) – 1 June 2020
- Issue 6 – July 2020 (Covers June 2020) – 6 July 2020
- Issue 7 – August 2020 (Covers July 2020) – 3 August 2020
- Issue 8 – September 2020 (Covers August 2020) – 7 September 2020
- Issue 9 – Special Issue 1 – September 2020 (Covers ZeekWeek 2020) – 21 September 2020
- Issue 10 – October 2020 (Covers September 2020) – 5 October 2020
- Issue 11 – November 2020 (Covers October 2020) – 2 November 2020
- Issue 12 – December 2020 (Covers November 2020) – 7 December 2020
- Issue 13 – Special Issue 2 – (Year End Review) – 21 December 2020
If you are interested in getting involved with the Zeek Newsletter, please email email@example.com.
More information about the newsletter can be found here.
Stay up to date by subscribing to the Zeek Mailing List.
Follow us on Twitter