The 3rd Zeek Package Contest (ZPC-3) is currently underway!  In the first phase of this contest, community members had the chance to submit their ideas for a compelling new Zeek package.  Here are the submissions we received: 

  • Package to detect known C2 frameworks such as Empire, Koadic, FactionC2, Covenant, Merlin, etc. based on their unique traffic patterns.
  • Package to generate a new ARP log, and to detect known attacks such as ARP spoofing, flooding, scanning, etc
  • Package to generate NFS log, and detect anomalous NFS activity.
  • Spicy parser for IGMP

We are now entering the next phase of this contest, a call for developers who would like to collaborate on one of these ideas.  (And if you want to submit a package individually, you’ll have a chance to do that in October.)

If you are a Zeek developer and would like to collaborate in creating a workable Zeek package based on the above ideas, please let us know by filling out this webform by 15 September 2020. You can pick up to 3 of the ideas you would like to work on. You may be paired with the submitter* to form a team, once the current phase ends. 

*Pairing will depend on the total number of developers who volunteer to help.

You can find out more information about the package contest on the Zeek blog

%d bloggers like this: