The 3rd Zeek Package Contest (ZPC-3) is currently underway! In the first phase of this contest, community members had the chance to submit their ideas for a compelling new Zeek package. Here are the submissions we received:
- Package to detect known C2 frameworks such as Empire, Koadic, FactionC2, Covenant, Merlin, etc. based on their unique traffic patterns.
- Package to generate a new ARP log, and to detect known attacks such as ARP spoofing, flooding, scanning, etc
- Package to generate NFS log, and detect anomalous NFS activity.
- Spicy parser for IGMP
We are now entering the next phase of this contest, a call for developers who would like to collaborate on one of these ideas. (And if you want to submit a package individually, you’ll have a chance to do that in October.)
If you are a Zeek developer and would like to collaborate in creating a workable Zeek package based on the above ideas, please let us know by filling out this webform by 15 September 2020. You can pick up to 3 of the ideas you would like to work on. You may be paired with the submitter* to form a team, once the current phase ends.
*Pairing will depend on the total number of developers who volunteer to help.
You can find out more information about the package contest on the Zeek blog.