by Amber Graner | Jul 28, 2021 | community, Zeek in Action
In this episode, Richard Bejtlich explores how to figure out where to put a sensor on your network. He describes a simple enterprise network, traffic flows, and device addressing, all of which affect sensor placement. Find out more in this introductory level...
by Amber Graner | Jun 21, 2021 | Zeek in Action
In this episode, Richard Bejtlich looks at PCAPs from Tcpreplay using Zeek, Brim Security and Wireshark. This comparison isn’t to say one tool is better than the other, but to show users what data each tool provides the users. If you would like to follow along, please...
by Amber Graner | May 18, 2021 | community, Zeek in Action
In this episode, Richard Bejtlich traces a trickbot infection known as CATBOMBER, posted by Brad Duncan on his Malware Traffic Analysis site. Richard uses try.zeek.org to look at the PCAP for signs of suspicious and malicious activity and answer the questions...
by Richard Bejtlich | Apr 14, 2021 | community, Zeek in Action
The first video examining network traffic using Zeek and related applications is now available. This episode looks at a suspected malware compromise, posted by Brad Duncan on his Malware Traffic Analysis site. We use Brim to create Zeek and Suricata logs from a packet...
by Richard Bejtlich | Apr 6, 2021 | community, Zeek in Action
Welcome to Zeek in Action, a new series of videos for Zeek users and fans. The purpose of the series is to show how analysts can interpret data in Zeek and related formats to solve various networking challenges. The focus will mainly be on security use cases, but we...