by Keith J. Jones, PhD | Jan 31, 2022 | Spicy
In this video, Keith Jones (Sr. Security Researcher, Corelight) introduces a simple Python program written to help you take your Zeek ASCII tab delimited files and make them full text searchable with ElasticSearch+Kibana (or OpenSearch, if you prefer). If you don’t...
by Keith J. Jones, PhD | Jan 31, 2022 | Spicy
In this video, Keith Jones (Sr. Security Researcher, Corelight) builds on a previous Zeek in Action video and shows how you can use spicy-driver to quickly debug (and improve!) the Radius code we built in that prior video. Link to Slides If you would like to follow...
by Keith J. Jones, PhD | Dec 3, 2021 | community, Spicy, Zeek in Action
In this Zeek in Action video, Keith Jones explains his Spicy protocol analyzer rapid development process on a new Radius analyzer. Of course Radius is in core Zeek, but it can be replaced with a Spicy Radius protocol analyzer. Keith used this development process on...
by Keith J. Jones, PhD | Jun 10, 2021 | Spicy
Introduction In April 2021 Juniper networks reported on a new Linux rootkit designed to steal SSH credentials from Linux servers. A month later Netlab 360 published a deeper analysis of the same rootkit they named “Facefish”. Both reports provide enough...
by Keith J. Jones, PhD | Apr 20, 2021 | community, Protocol Analyzer, Spicy
Introduction I previously blogged about the Zeek OpenVPN Binpac and Spicy protocol analyzers, but that is only one quarter of the popular VPN protocols I see on networks I monitor. The four main VPN protocols, in increasing complexity, I’ve seen on networks I...
by Robin Sommer | Apr 13, 2021 | open-source, release, Spicy, Zeek
We are happy to announce the release of Spicy 1.0, an open source parser generator that makes it much easier for Zeek—and other applications—to support new protocols and file formats. We had made an initial, experimental version of Spicy available a little while ago....