This blog is a brief story of a few points that occurred to me during the less than 24 hours it took to turn around this package from dev to testing.
The past few weeks have seen several developments around Community ID and support for Wireshark. I’d like to summarize them in this blog post.
In this post I am going to walk you through the process I used to develop a package called “my_stats” that pulls memory information from a running...
To assist in detecting Zerologon (CVE-2020-1472), we’ve open sourced a Zeek package that detects both attempted and successful exploits.
We hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic. Here are the...
This post contains a warning and a solution for anyone using BPF syntax when filtering traffic for network security monitoring.
I love this quote by John Lambert. It perfectly describes the impact network defenders can achieve by pooling resources, insights, and techniques.
We’ve just open sourced a Zeek package that detects exploit attempts and successes. This package demonstrates a couple of aspects that are worth...
Today we are open sourcing a Zeek package that passively detects the presence of some of the tell-tale signs that Treck devices can exhibit.