The Zeek Project is delighted to announce the schedule for ZeekWeek 2021, which will be an online-only event taking place 13-15 October.  ZeekWeek is free, though registration is required

ZeekWeek (formerly BroCon) is the most important community event for users, developers, incident responders, threat hunters and architects who rely on the open-source Zeek network security monitor as a critical element in their security stack.

Our three-day event will include training, two keynote speakers, 20 talks, and a CTF (Capture the Flag) exercise. More information about all talks can be found on the Zeek website.

13 October 2021 – Day 1: Training (8:00am – 4:30pm, Pacific Time) (Wait list after 24 September 2021)

Training by the Zeek Project

  • Introduction to Zeek 
  • Hands-on Zeek Scripting

Signing up for a training session after 24 September 2021 will place you on a waiting list.  You will be contacted if a slot becomes available. 

Training by Corelight and its Partners 

  • Corelight
  • Humio
  • Chronicle
  • Devo
  • Elastic

More information about Day 1 training can be found here.

14 October 2021 – Day 2: SOC Professional / Zeek User Track (9:00am – 2:00pm, Pacific Time)

  • Welcome & Open Remarks
  • Keynote – David Monnier
  • DNS and Spoofed traffic investigation with Zeek
  • Using a Forest to Explore the Logs: Automation, Analytics and AI with Zeek Logs at UC Davis.
  • BadRandom: A Survey of TLS Implementations
  • Investigating Remote Desktop Protocols attacks using the Zeek observatory at UIUC/NCSA
  • A Better Way to Capture Packets with DPDK
  • Details for DPDK plugin development and performance measurement
  • Kerberos-haters guide to Zeek Threat Hunting
  • Stop missing critical data – How to architect in Hybrid architectures
  • PacketTotal – A Community Service for Zeek-Based PCAP Analysis
  • Zeek the truth, in the Cloud

More information about the Day 2 SOC Professional / Zeek User track can be found here.

15 October 2021 – Day 3:  Developer / Zeek Roadmap Track  (9:00am – 2:00pm, Pacific Time)

  • Recap Day 2 & Overview of Day 3
  • Keynote – Richard Bejtlich
  • Roadmap & contribution how-to
  • The new packet processing pipeline
  • zkg templates
  • Creating Zeek analyzer packages with Spicy
  • Compiling Zeek scripts
  • Build Zeek with static plugins included
  • Lightning Talks
  • Ask the speakers – Q&A
  • Summary, Wrap-Up and Thank you’s

More information about the Day 3 Developer / Zeek Roadmap track can be found here.

14-15 October 2021 – Online CTF (Capture the Flag) Event

The online CTF event will take place on Day 2 and Day 3.  Information on how to play will be sent to registered attendees prior to 13 October 2021.

Don’t forget; register today!

Haven’t been to a ZeekWeek event? Check out the 2019 and 2020 events. 

You can find out more about Zeek and how you can connect and get involved with the community on

%d bloggers like this: