Issue 10 – May 2021
In this Issue:
- Zeek Blog
- Zeek In The Community
- New Zeek Packages
- Upcoming Events
- Zeek Related Jobs
- Volunteer Opportunities
- Get Involved
‘Zeek in Action’ is a new series of videos that explain how Zeek can be used in real world situations. The first two contributions (with more coming soon): Introduction and How to Set Up a Windows Workstation Using Brim Security and Suspected Malware Compromise
Zeek Monthly Newsletter – Issue 9 – April 2021 – https://zeek.org/2021/04/30/zeek-monthly-newsletter-issue-9-april-2021/
Announcing the Zeek Training Subgroup – https://zeek.org/2021/04/27/announcing-the-zeek-training-subgroup/
Zeek in Enterprise Day – https://zeek.org/2021/04/22/zeek-in-enterprise-day/
Announcing the Zeek Testing Subgroup – https://zeek.org/2021/04/21/announcing-the-zeek-testing-subgroup/
Zeek’s IPSec Protocol Analyzer – https://zeek.org/2021/04/20/zeeks-ipsec-protocol-analyzer/
Welcome to Zeek in Action, Video 1, Suspected Malware Compromise – https://zeek.org/2021/04/14/welcome-to-zeek-in-action-video-1-suspected-malware-compromise/
Spicy 1.0 — Robust Parsers for Protocols & File Formats – https://zeek.org/2021/04/13/spicy-1-0-robust-parsers-for-protocols-file-formats/
ZPC-3 Winners Announced – https://zeek.org/2021/04/08/zpc-3-winners-announced/
A Zeek OpenVPN Protocol Analyzer in Spicy – https://zeek.org/2021/04/08/a-zeek-openvpn-protocol-analyzer-in-spicy/
Zeek in Action: Introduction and How to Set Up a Windows Workstation Using Brim Security – https://zeek.org/2021/04/06/zeek-in-action-introduction-and-how-to-set-up-a-windows-workstation-using-brim-security/
Zeek Blog – https://zeek.org/blog/
Zeek Mailing list – April
Zeek in the Community
Public funds, public code! By Henrik Kramselund Jereminsen – https://www.version2.dk/blog/offentlige-midler-offentlig-kode-1092626
Detect C2 ‘RedXOR’ with state-based functionality – https://corelight.blog/2021/04/20/detect-c2-redxor-with-state-based-functionality/
Pingback: ICMP Tunneling Malware – https://corelight.blog/2021/05/07/pingback-icmp-tunneling-malware/
H&R Block seeks out open-source expertise for SOC – https://www.scmagazine.com/home/security-news/network-security/hr-block-seeks-out-open-source-expertise-to-stock-up-on-soc-talent/
Malcolm v3.1.0 – https://github.com/idaholab/Malcolm/releases
Security Onion Documentation printed book now updated for Security Onion 2.3.50! – https://blog.securityonion.net/2021/05/security-onion-documentation-printed.html
Security Onion 2.3.50 Hotfix available! – https://blog.securityonion.net/2021/05/security-onion-2350-hotfix-available.html
Security Onion 2.3.50 now available! – https://blog.securityonion.net/2021/04/security-onion-2350-now-available.html
Security Onion 16.04 has reached End Of Life – https://blog.securityonion.net/2021/04/security-onion-1604-has-reached-end-of.html
OpenCTI Integration and a Mature VAST Plugin Framework (Release 2021.04.29) – https://tenzir.com/blog/release-2021-04-29/
New Zeek Packages
Pingback – https://github.com/corelight/pingback
27 May 2021 – Zeek Webinar Series – New Ways to Speed Up Zeek Script Execution
– 10am Pacific/1pm Eastern – Join Vern Paxson, Founder of Zeek, as he goes over his latest work around compiling-scripts-to-C++. Zeek’s performance depends in part on how quickly the system executes the user’s scripts, as well as the many predefined scripts Zeek makes available. To date, this execution has used a high-level interpreter, which imposes considerable overhead. This talk will sketch two new experimental features for executing scripts much more quickly: compiling them to a low-level form (“ZAM”), and directly to C++. Register at: https://event.webinarjam.com/register/25/x4kmyhmm
2 June 2021 – Zeek Monthly Community Call – Join the monthly call to discuss topics related to the growth, governance and administration of the community. Register at: https://corelight.zoom.us/meeting/register/tJAqdu6gqzgvG9LqPt_zpfGex7NtR_HWMX27
8 June 2021 – Zeek Webinar Series – TBA – 10am Pacific/1pm Eastern – Registration link -TBA
16 June 2021 – Zeek in Enterprise Day – 9am-1pm Pacific/12pm – 4pm Eastern – This is a virtual event. Organizations which offer Zeek as part of its commercial solutions will be able to present to the Zeek Community. If you would like to present at this event please see the announcement. Registration link coming soon.
22 June 2021 – Zeek Webinar Series – TBA – 10am Pacific/1pm Eastern – Registration link -TBA
13-15 October 2021 – ZeekWeek 2021 – Save the date! We are currently planning for an in-person ZeekWeek event in Austin, Texas. Seating will be limited at this event, and we will also have a remote participation option. More information coming soon.
Past Webinars for 2021 (replay links)
You can see past webinars here.
May Community Call
Zeek Monthly Community Call – 5 May 2021 – Notes, Links to the Recording and more can be found at: https://email@example.com/thread/22TCOR5HLJ2TGVMITR3KYOL2PQI2ZKE6/
Zeek Webinar Series – This is a bi-weekly webinar series that includes Zeek related presentations, Zeek Q&A and more. We are consolidating the webinars previously known as ‘Ask the Zeekperts’ and ‘Zeek from Home’ into a single series, with a diversity of content planned.
About Monthly Zeek Community Call: Monthly calls that are open to everyone to discuss topics related to the growth, governance and administration of the community. These calls ARE recorded.
Zeek Related Jobs
Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/2430522106
Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2484370829
Sr. Zeek/Bro Engineer – https://www.linkedin.com/jobs/view/2294604452
Director, Incident Response (Remote) – https://www.linkedin.com/jobs/view/2404837718
Incident Response Specialist – https://www.linkedin.com/jobs/view/2407692778
FedGov Sr. Consultant, Incident Response – https://www.linkedin.com/jobs/view/2484034544
Escalation Engineer – https://www.linkedin.com/jobs/view/2535097439
Director, Applications – https://www.linkedin.com/jobs/view/2493165163
Principal Software Engineer, Security – https://www.linkedin.com/jobs/view/2398741146
Defensive Cyber Operations Network Sensor SME with Security Clearance – https://www.linkedin.com/jobs/view/2554955722
Security Analyst – https://www.linkedin.com/jobs/view/2523781880
- Newsletter – adopt a section, contribute links, help edit, help promote. Find out more information at: https://github.com/zeek/zeek/wiki/News-Group
- Blog Content – we are always in search of new Zeek content, how to’s and more
- Interviews – we have a list of people we would like to interview….would you like to get to know people in the community, tell their stories and promote their work?
- Community Calls – would you like to get involved and help lead these calls?
- Webinars – Everything from helping to upload to Youtube, write a summary post and help promote.
- Zeek in Action – is a series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges.
- Documentation Subgroup – is the group that is responsible for keeping the Zeek Documentation up to date. If you would like to participate in this group, give feedback etc then this is the group for you. Find out more information at: https://github.com/zeek/zeek/wiki/Documentation-Group
- Training Subgroup – The Zeek training subgroup that will focus on formulating some preliminary goals for Zeek approved training and tackle broader topics in the area of Zeek training. Frequently, we are asked about where people can find Zeek-related training and whether there is a central place to find Zeek-related training content. Hence to address the needs of the community and in general have some training programs that are approved by the Zeek project, we are creating this subgroup to focus on these goals.
Find out more information at: https://github.com/zeek/zeek/wiki/Training-Group
- Testing Subgroup – The goal of the testing subgroup is to stress-test new versions of Zeek with real live traffic from a variety of environments to identify problems and bugs early, to ensure that new Zeek releases are stable and ready for the Zeek community. Find out more information at: https://github.com/zeek/zeek/wiki/Testing-Group
If you are interested in helping with any of the above, please let me know. We’ll work with you and help keep it light and easy. Thanks in advance!
If you are interested in getting involved with the Zeek Newsletter, please email firstname.lastname@example.org.
More information about the newsletter can be found here.
Stay up to date by subscribing to the Zeek Mailing List.
Join the conversation on Slack.
Follow us on Twitter