by Anthony Kasza | Jun 23, 2021 | Scripting
I recently attempted to better understand script execution flow. As Zeek’s scripting language is heavily driven by events, debugging scripts can, at times, be frustrating and surprising. In an effort to reduce both frustration and surprises for others in the...
by Anthony Kasza | Oct 30, 2020 | Capture the Flag, community, CTF, ZeekWeek, ZeekWeek2020
As part of the most recent ZeekWeek event a capture the flag (CTF) competition was available for attendees to play. The competition included 12 challenges, of varying difficulties, which involved tasks surrounding Zeek scripting and traffic analysis. After a...
by Anthony Kasza | Jun 8, 2020 | Scripting
This post serves as an introduction to some of the pitfalls I had to learn about whilst writing scripts. Hopefully, they help you avoid the same pitfalls. In some of the below example code snippets, bold font is used to emphasize a particular pitfall. If you’d like to...
by Anthony Kasza | Apr 16, 2020 | open-source, Packages
I recently tried my hand at writing my first protocol analyzer for Zeek. This is something that I’ve wanted to accomplish since first learning about Zeek. I recall trying to concatenate all the strings from tcp_contents() and parse application layer data using string...
