Additionally, paste this code immediately after the opening tag:
Detecting the Facefish Linux Rootkit with Zeek

Detecting the Facefish Linux Rootkit with Zeek

Introduction In April 2021 Juniper networks reported on a new Linux rootkit designed to steal SSH credentials from Linux servers.  A month later Netlab 360 published a deeper analysis of the same rootkit they named “Facefish”.  Both reports provide enough...
A Zeek OpenVPN Protocol Analyzer in Spicy

A Zeek OpenVPN Protocol Analyzer in Spicy

Introduction and Background I last wrote about detecting OpenVPN with Zeek, and to understand this blog you should familiarize yourself with that post. This blog will not repeat the basics of OpenVPN, but instead it will briefly walk through the Spicy version of the...